The importance of security is that all the privacy and anonymity measures you will learn in this guide are useless if your device gets infected or hacked. Below, you will find a very long list of malware, cyber attacks and security measures. This is only for your information and not required for understanding this guide.
Attacks get more and more sophisticated in the 21st century and you could say that threats and defences are in a neck-and-neck race. When a new virus is coded or an exploit discovered, a counter-measure will be developed. Only a small number of exploits cause massive damage, before they get fixed. We will now introduce the ones we think are important to know.
Malware is software that is intended cause damage to your computer or you personally. It can directly cause harm or on the other hand, create an entry point for a later attack.
Common threats in the form of malware that security measures protect you from are:
- Eavesdropping, interception of communication, data extraction through malware and data modification are goals of attackers
- Malware, causes damage of any kind
- Spyware, sends information to an attacker
- Ransomware, extracts your data and threatens to publish it or make it inaccessible through encryption, unless you pay a ransom
- Scareware, uses social engineering to threaten you, so that you give data or money to the hacker, e.g. fake antivirus software
- Trojans, malware that is disguised as a harmless program (e.g. hidden in an Excel file)
- Logic bombs, a Trojan that starts the attacks after a specific event or action you do
- Viruses, self-replicating malware that infects all parts of a device it can reach
- Worms, self-replicating malware that spreads copies of itself to other machines
- Dialers, connect over landline or ISDN telephone networks to the internet
- Rootkits, allow an attacker to access your machines
- Bootkits, rootkit that starts before your OS and is used to attack full-disk encrypted systems,
- Keyloggers, capture keystrokes in plain text
- Exploits, security loopholes that are used as an entry for infecting your system
- Backdoors, intentional security issues that are left open by developers, e.g. for law enforcement acess
Network-based Cyber Attacks
Network-based attacks target computer information systems, infrastructures, computer networks or personal computer devices. They take advantage of the interconnection of machines.
Common threats in the form of network-based cyber attacks that security measures protect you from are:
- Phishing, an attack based on social engineering
- DoS, denial-of-service attacks overload a server to make it inaccessible, often done using a botnet, can be amplified by a Smurf attack
- Botnets, network of infected machines controlled by a hacker, used to anonymously run attacks, send spam or steal processing power, e.g. for cryptojacking
- Cross-site scripting (XSS), changes websites to trick users or gather information
- Code-injection, hacking a system and gaining access through interfering with forms that let you insert text, often using the SQL language
- DNS spoofing, manipulates the DNS resolver’s cache to lead users to the wrong IP address, e.g. for man-in-the-middle attacks
- Man-in-the-middle attack, an attacker leads the data traffic between you and your contact or you and a server over his computer
- Buffer overflow, overfills the memory buffer of another program to inject code into a section of memory where executable code is stored
- Previously listed attacks were all active attacks, but there are also passive cyber attacks:
- Wiretapping, intercepting telephone or internet conversations
- Port scan, find open ports on a server to prepare an attack
- Idle scan, looks for available services and scans for open TCP ports, more anonymous than a port scanner
- Encryption attacks, encrypt a device to make it unusable and demand money to help the target decrypt it again (ransomware)
- Traffic analysis, analysing internet traffic to monitor a target
We are far from helpless against malware, spyware and network-based attacks. There is a lot we can do to prevent cyber attacks in the first place, but also during or after an attack has occurred.
The most important thing to understand is that no system is 100% secure. There will always be exploits and new attack patterns **to **infiltrate a system. When they are undiscovered by the developers, we call them zero-day-exploits. Those will be patched as soon as we know about them, but are dangerous for the time that passes until then.
Administrators and individual users can still follow security guidelines, prepare their systems for cyber attacks and increase its security measures. As long as you follow these tips, the chances of you being attacked are slim, but you have to stay up-to-date on new exploits.
Stability and difficulty to attack systems, like servers data systems of companies or PCs of normal users, are what is needed to prevent attacks from happening.
To help you understand that** we are not defenceless against cyber attacks, we will now compile a list of **counter-measures that are used to secure systems. If they are implemented the right way, they can even be used to protect the most important IT infrastructure of governments and companies.
Common defences are:
- Security by design: Right from the beginning of the software development process, each element of software or systems is designed to be secure, which is better than fixing a finished product.
- Secure coding
- Open–source software contains less bugs, the community searches the code for issues and backdoors are impossible to hide
- Access control by only using root/admin permissions if absolutely necessary (principle of least privilege)
- Default settings must be secure, so you can rely on the default configuration
- Secure OSs, using Linux for the 4 reasons outlined above.
- Defence in depth, there must not be a weakest link in the subsystems
- Intrusion Detection Systems and security logs
- Regular updates to fix security issues
- Security measures
- Antivirus software, real-time detection, measures against malware, keyloggers, spyware, etc.
- Encryption, only authorised access is possible
- Authentication using multiple factors, e.g. 2-FA
- Firewall, filters inbound/outbound traffic based on rules
- Response systems for cyber attacks
- (Internet) Protocol Security (IPsec) with protocols like SSL/TLS (HTTPS), PGP for emails and network layer security
- Hardware-based methods
- Dongles, e.g. USB sticks to unlock computers or hard disks with 2-FA
- Trusted platform modules (TPMs), devices to detect unauthorised insertion of hardware
- Vulnerability management, regularly reevaluating the state of the system security, e.g. pen-testing or vulnerability scans
- Educating employees** and end user security trai**ning, 90% of data breaches were caused by human error (article)
- Configuring servers securely to prevent things like DDoS attacks, e.g. with reverse proxies, timeouts and limiting the number of simultaneous connections
- Staying up-to-date on current developments in cyber security