10th March 2015
Internet hacking has been around for a long time, but it continues to increase, and is getting more sophisticated. Certainly when companies like Microsoft and Facebook fall prey to hackers, it's a serious wake-up call, and indicates the need to be serious and vigilant about data security.
Here are five of the most common ways that hackers can get hold of your data.
- DDoS (Distributed Denial of Services) Attack:
This occurs when users are denied access to either the server or the services of a machine. The hacker usually co-opts one machine first, and then uses it as the master to gain control of other machines on the network. Once access is obtained, the hacker can take control of the system, and spread malware.
- Remote Code Execution Attacks:
This type of attack gives the hacker access to a user's computer, regardless of its geographical location. This is done by exploiting vulnerabilities in operating systems, something that companies like Microsoft are well aware of. On the second Tuesday of each month (Patch Tuesday), Microsoft releases the latest security patches for its software applications.
- DNS Cache Poisoning or DNS Spoofing:
The hacker is able to exploit weaknesses in the domain name system (DNS), using old cache data to manipulate the IP address. This allows them to divert internet traffic from real sites to fake ones. It is termed 'poisoning', because it can quickly spread throughout DNS servers.
- Cross Site Scripting Attacks (XSS):
This occurs when malicious coding is inserted into a link sent to the web browser window. When a user clicks on the seemingly legitimate link it triggers the XSS script and the hacker can then steal information.
- Injection Attacks:
This hacking technique takes advantage of improper coding of the SQL database or SQL libraries. Hackers can inject SQL commands that allow them access to information in the database. SQL commands can be injected into such areas as the login pages, and search pages.
The threat from cyber thieves is a very real one, but anti-virus software and a firewall is often not enough. Both businesses and individuals must be alert and knowledgeable about potential breaches, in order to avoid becoming a victim.