We hear about hackers hacking all the time. But how do they really do this? What is the actual “hack” of the matter?
This category is especially stressful because social engineering is not thwarted by super tough software or a ridiculously prepared security firm. Social engineering exploits the individual people inside an organization; it’s one of the cheapest and most effective ways a hacker can get what he or she wants. But what exactly is social engineering?
Social engineering is a special form of intrusion that can entail a variety of actions that use manipulative tactics to encourage people to drop standard security protocols. Anything from downloading a malicious link to conveying login credentials over the phone to holding your passcode-protected door open for the next person is considered social engineering. In these situations, hackers utilize social techniques to make you ‘do’ or ‘say’ something you normally wouldn’t do or say.
For example, a man calls you on the phone and claims to be a technician from your internet provider. He says there’s an issue with the network, and to make sure your business is unaffected by this problem, he needs your admin’s login credentials. He assures you that everything will be super quick, and you’ll avoid a lot of downtime. Appearing to be a no brainer, you quickly hand over your credentials not knowing this technician is really a hacker from across the country. Instead of avoiding downtime, you just created a lot of it… by handing over the keys to all your data.
Software, browser, and system vulnerabilities are an easy in for hackers. Kaspersky Lab states that a vulnerability “is associated with some violation of a security policy.” This violation allows cyber criminals to hide malicious code, unauthorized commands, or malware onto your computer.
The majority of vulnerabilities are eliminated when (or if) you update your workstation; however, many people fail to update their PC with the recommended updates when they become available (choosing to postpone or ignore a critical update). For example, about 30% of users are using an outdated browser, and nowadays, with vulnerability hacking like Malvertising, outdated browsers are creating an even bigger security concern.
With Malvertising, cyber thieves purchase ad space on a website and embed code in the ad. When you land on a website with a malicious ad, the imbedded code will search your computer for vulnerabilities and push malware into them. You don’t have to click or view the ad to be infected; you simply have to visit the website. And the worse part about Malvertising is that it can be any website—rare or well-known. Google, Yahoo, Reuters, Forbes, The Daily Mail, and Huffington Post have all been previous victims of Malvertising— potentially infecting millions of people in less than a few hours.
The best defense against vulnerabilities is to make sure that all your technology is up-to-date at all times. Check your browser, operating system, software, and applications for updates on a regular basis and never postpone an update when one becomes available.
If you need help assessing your technology id protect contact us https://stsarizona.com/services/email-spam-protection/