Author: InvisibleUser Team
The first thing that is important to understand is that no system is 100% secure. There will always be exploits and new attack patterns to infiltrate a system. When they are undiscovered by the developers, we call them zero-day-exploits. Those will be patched as soon as we know about them, but are dangerous for the time that passes until then. All we can do is make infiltrating a system as difficult as possible for the attacker. That involves keeping your system up-to-date and responding to new exploits. Cyber Security is related to privacy in that it protects a system from breaches of confidential data.
The importance of cyber security is that all the privacy and anonymity measures you will learn in this guide are useless if your device gets infected or hacked. Stability and difficulty to attack systems like servers, data centres of companies or PCs of normal users, are what is needed to prevent this from happening. Attacks get more and more sophisticated in the 21st century and you could say that threats and defences are in a neck-and-neck race. When a new virus is coded or an exploit discovered, a counter-measure will be developed. Only a small number of exploits cause massive damage, before they get fixed.
Cyber attacks are warfare, we saw that in the coordinated cyberattack the US used to disable the weapon control systems of Iran, in June 2019. They used a destructive wiper attack, which destroys data on a HDD to disable the computer systems. BBC News Article
Data breaches and sabotage are the most common goals of an attack. Cyber attacks are definitely on the rise, even if we continue improving our systems, there will always be new ways to run an attack.
In this guide, we are focusing on individuals, for the most part, but cyber security is even more important to companies and governments. Cyber criminals could steal valuable data (industrial espionage) or funds from companies. It is also possible to ruin the company’s reputation. A big risk is manipulation of states. That includes, interfering with elections, leaking military data to adversaries and undermining the functioning of institutions. Such attacks can be obvious, e.g. when a server is taken down with a DDoS attack or remain completely hidden.
Since the invention of computers and the internet, attackers have tried to compromise computer systems. Be it for financial gain and information or social control, surveillance and manipulation of states in the case of government hackers. These effects can be reached through a plethora of different attacks and exploits.
There is plenty of code out there that wants to harm your computer or you personally. This is the way programming works. Computers do not have their “own mind” or ethics. Software does exactly what you “tell” it to do. It all depends on the coder’s intentions. The code does not attack other people, unless you specifically instruct it to do so.
To learn more about the most common types of attacks and what to do about them, head over to “List of Attacks, Exploits and Defences”. In that article, we list detailed information about how attacks work and what vulnerabilities they use to infect a system. It is great that there are counter-measures and that we are not defenceless. Those are also be listed in our article.
The attacks listed in are often combined in a polymorphic attack to be even more powerful. A polymorphic attack is a type of attack that combines multiple different kinds of malware or uses multiple exploits at the same time. Another tactic that is increasingly used is social engineering. Most attacks on companies use at least some form of this to circumvent the security barriers in well protected companies.
Social engineering aims to convince users to give up data like password, credit card numbers, etc. by themselves. Why would an attacker do the hard work of breaking into a well secured system if it is so easy to make employees give them their passwords? The attacker only has to pretend to be from the company’s IT department, in many cases.