Knowing the types and tricks of ESET Hacking leads to effective measures and attitude
This article re -edited the "Hacking methods and tricks will lead to safe measures" published in the "Malware Information Bureau" provided by Canon Marketing Japan.
Many people recall malicious acts from the word hacking.However, when this was used, it was not used as a bad word.In the first place, what kind of acts do hacking are and what backgrounds have pointed to malicious acts?In this article, we will explain basic knowledge and specific tricks about hacking.
What is hacking?
Hacking is an act of an engineer with high skills about computers analyzing and modifying hardware and software, and was not used in a bad sense when the words were born.Rather, it was often used to improve and use software for a certain purpose.However, hacking began to be used in a bad sense when cyber attackers claimed to be "hacker (the meaning of those who hacked)" in the attack statement.
In addition, people who respect the original meaning and crack and crack the malicious hacking are called crackers, and sometimes clearly distinguish them from hacking and hackers.However, in general, the act of hacking is malicious, and the interpretation of hacking = cyber attacks has spread.
Representative cyber attack by hacking
There are a variety of hacking cyber attacks, which can be roughly divided into the following four types.
・ Web site falsification
It is an act of rewriting the website without permission, and as a specific example, install an image that is not related to the website on the top page, falsify the top page itself and make it look like another site, or look it looks.It does not change, but there is something that is intentionally added to a site that infects malware.
・ Server stop
The server stops due to hacker attacks, but can be broadly divided into two depending on the means.One is that the server's vulnerabilities penetrate the server inside the server, and the server stops directly.The other is to attack the server to stop by attacking the server from the outside and applying a high load.
・ Stealing information
By penetrating vulnerabilities such as servers, important information, including customer information, is stolen.The stolen information may be traded in a black market such as the dark web, and depending on the content of the information, the corporate image will be greatly impaired.
・ It is a stepping stone for another attack
If the website is tampered with and the script is rewritten, it may be a stepping stone to others.Users who have accessed a website that have been tampered with by malicious scripts may be transmitted to a site that infects malware and may be infected with malware.This was transmitted by malware because of the tampered site.In other words, the administrator of the website may be treated as perpetrators and may be responsible.
In addition, if a backdoor is installed on a terminal such as a computer or smartphone to be managed, and a bot is set up, it may be a parent of the DDOS attack.
Main tricks used in hacking
There are specific hacking tricks:
・ Zero day attack
It is the basis of hacking to hit existing vulnerabilities, but there is something called zero -day attack as an attack that is more difficult to deal with.The zero -day attack is a cyber attack performed before the newly discovered vulnerabilities are published or before the amendment program, which is extremely likely that the attacked side will develop into damage.
・ Dictionary attack
One of the tricks to guess the ID and password necessary for invading the terminal.As a general user habit, meaningful words and personal names are often used to make it easier to learn passwords.In this attack, you can use such habits to take the opposite and use a list of words that are meaningful to humans, such as dictionaries and personal names, to search for a matching ID and password.。
・ Total attack
It is also a trick called Blue Force Attack, and to find IDs and passwords, try all possible patterns at a brute force and find a matching combination.Increasing the number of characters in IDs and passwords has increased the resistance to the overall attack, but recently the computer's calculation ability has been dramatically improved, and the ID and password are increasing in a short time.It is said.Cyber Attackers use a system that allows more quickly to extract ID and password matching patterns by combining dictionary attacks and brute force attacks.
・ Shoulder hacking
So -called peeping and viewing from behind.It is a classic method of typing over the user's shoulder and on the display screen, stealing important information such as IDs and passwords, and attempts unauthorized access.
In addition, although it is an analog trick, there is a way to find a trashing that looks for paper with a password in a trash can, as well as a boss, business partner, police, etc., and ask for login information.These tricks are also called social engineering.
Effective measures for hacking
In this way, it is important for the attacker to hack in various tricks, so it is important to take measures.The following four effective measures for hacking are listed.
・ Always keep the OS and applications in the latest
Many hacks try to invade by hitting system vulnerabilities.Existing vulnerability can destroy its vulnerabilities by updating the OS and applications to the latest one.It is effective to keep the latest status and deal with existing vulnerabilities.
・ Change the password to a stronger one
By changing the password to be less likely to be estimated and stronger, it is possible to increase the resistance to dictionary attacks and brute force attacks.Specifically, the number of characters is increased by increasing the number of characters and mixing characters such as numbers, uppercase, and lowercase letters to increase the number of patterns required for collation.Routers and wireless LAN access points are often operated without changing the ID and password as the initial settings at the time of shipment.However, if you continue to use it in such a state, the possibility of hacking increases.
In addition, in order to prevent social engineering, it is essential to raise users' awareness, such as not writing passwords on paper, and never revealing others.
Basic password management to know to increase security https: // ESET-INFO.Canon-ITS.JP/Malware_info/Special/Detail/200225.html
・ Introduction of restrictions on the number of login trials and multi -factor authentication
Effective use of the security functions implemented in the system can reduce the possibility of encountering hacking.For example, the number of login trials is restricted, biometric authentication such as fingerprints and faces, and location information using GPS as multi -factor authentication to enhance safety.
・ Introduction of integrated security software
By introducing an integrated security software, including ESET, the act that leads to hacking can be deteriorated.Specifically, it can detect and deal with malware invasion and port scanning.Furthermore, for servers that are open to the public in companies and organizations, the introduction of IPS and WAF can also protect attacks on the application layer and platform level.
In addition to appropriate measures, IT literacy during use is also required
In order to prevent hacking damage, it is important for each user to improve IT literacy in addition to measures that have been explained so far.Knowing what kind of crime method is, if you are prepared in advance, it will be a big difference.
In addition, I would like to try to respond to myself, such as learning and setting the appropriate usage, rather than just introducing a reputable security product.If you encounter damage such as information leakage, please be aware that you will be disadvantaged by the damage, and that you will be the organization you belong, and that you will take appropriate measures.