Saturday, December 7, 2019
Extortion Hacks in Network and Information Security
Question: Discuss about theExtortion Hacks in Network and Information Security. Answer: The Extortion Hacks In Network And Information Security, Their Effects And How To Prevent Them. Data security is a major aspect that is considered by most of the organizations in the whole world where their information is kept safe from unauthorized users. However the current trend there is raise in cyber crime which had led to a high raise in risk of most of the organization loosing major and very important and sensitive information to malicious attackers. Many companies and organization who had fallen to be victims of cyber crime to encounter a very huge loss, this loss is in terms of finance where the company lose a lot of money to attackers (McGraw ,2010). However other company had risk of losing their reputation which eventually lead them to lose their customers trust and also business security. Therefore for any raising business there must be preparedness for ways to handle the risk that could arise since cyber crime is existing and happening each day . The cyber crime had evolved and changed to what currently referred to as extortion hack, this where the malicious attackers ,like hackers acquire money or properties ,without posing any physical dangers to the victims (LeBlanc,2012,115) . In extortion attack there is no use of force, however the attackers they issue threats to the owner of the information to damage information, harm their reputation, or if it is the government they threaten to release unfavorable action to the public. Upon the victim paying the ransom to the extortion hackers ,the information or attack planned is eventually reversed ,however the victims are not guaranteed that their infected resources will be eventually released or not. Among the recent successful extortion attackers are locky, cryptowall, samsam, cerber and cryptxxx, this is where they had been using new techniques to introduce malwares to encrypt the resources of victims and ensure there is anonymity during the payment process (Bellovin,2008, 125). Generally Cyber extortion is like, the previous kidnapping to get ransom, or maritime piracy which is yet discovered and reported. However there are two types of extortion which are federal crime if it is done between two state, and felony which is committed within one state . However any computer that is controlled by a hacker will be termed as a zombie or bot ,but they have been identified by both kaspersky and Symantec along side with spams, viruses, and worms which pose the greatest threat to internet security. The City of London Police and the FBI both estimate that 85% of national cybercrimes are not reported. As a result information is confined to open source material and gives a selective and incomplete view of cyber extortion(Ranum,2007,135). This was seen most dramatically in October 2015 when cybercrimes were recorded for the first time in UK national crime statistics, as a result the national crime rate increased by 107%. cyber extortion in particular are growing threats to individuals, businesses and organizations globally. Similar to other organized crime, cybercrime is a transnational. Figure1 This is the graphical representation of the extortion attack between year 2012 to 2015 which is in a rising trend. Types of Extortion Hacking The hackers and the malicious attackers had employed various ways to accomplish the extortion hack. This is to disguise themselves and increase the chance of their access to their clients information among the extortion attack methods used are: Ddos-based extortion. Compromised data release and extortion. Ransomware. Corporate Extortion . Sextortion. Hijacked Accounts . Explanation of Types of Extortion Hacking The extortion hacking is achieved by the various hackers using various distinct methods as discussed here below Denial-Of-Service (DDoS)-based extortion.This is where the attacker targets ,the companies websites which have critical business information ,however the attack will have a significant effects to the companys operations and also its revenue income level .There are two types of DDoS attacks that are used by the hackers ,these are network-centric attack where they use the bandwidth to overload the services, and application-layer attack which uses the application calls to overload database and the services. The Ddos attacker usually uses these three steps to accomplish their mission. The steps include: They send email stating sum of money demanded to the Target Company or organization. They demand the victims to pay in ransoms preferably in terms of bit coins in order to reverse the of the perpetrated DDos attack. The attackers will then add more pressure to the victims by even using negative information that show poor service and downtime which is another form of threat. This form of extortion takes place mainly by use of wireless communication, sent emails, sending texts, telephone calls can take place over the telephone, regular mail, text, email, computer, or wireless communication device(Panko,2013,156). Compromised data release and extortion.This is where the attackers threaten a company or any organization to release a very sensitive information that is can cause high damage. However, the data used is highly treasured since the hackers use a very selective piece of data. However there are some successful groups that had ever obtained sensitive data and eventually threatened to release it if their demands are not met; such a group is called Rex Mundi which was discovered by Holland, Tibbs, Tame, and Marriott(Howard,2012,130).One of the group's more famous cyber extortions was against Domino's Pizza in June 2014 in Europe. ZDNet contributing writer Liam Tung writes that Rex Mundi had access to over half-a-million customer records, and demanded 30,000 ($40,000 USD) or the personal information would be posted online. Ransomware.This is where attackers uses malicious software eventually blocks access to the system or devices it has infected. Some of the devices affected are computers or mobile devices where the hackers encrypt their stored personal files, preventing file, application, and operating system access .The victims are made to pay some fee for them to unlock the victims data in order to allow them to have access to the resources and regain the devices control.Some of the Ransomware used by the hackers includes CryptoLocker, CryptoDefense, CryptoWall, CryptorBit ,and WinLocker, where some of these generate a pop-up window on the the victims screen, and remain there until the amount of ransom is paid. Hijacked Accounts. The recent trend most of the system users and customers have been victims where about 15.6 to 30 percent of customers had been victims of their accounts being taken over by malicious hackers .This is achieved by the hackers where they crack weak passwords and illegally have access to the online accounts. This is a very serious act since they involves financial and credit card linked accounts ,other targets includes the facebook, twitter or LinkedIn accounts.However the hackers can also use the cloud services which range between, dropbox, Google play and icloud, where they threaten to erase information in the accounts or release to the public information and files stored in these accounts. In some cases they may end up breaking the iOs devices, these cases had been reported by some victims from countries like California and Australia. Sextortion .This is where the hackers still personal data which includes photos and videos ,this is executed by hacking of the computers ,phones or the webcams ,there after the hackers demand some pay or put then online .The different victims lose these information to hackers ,this includes when a former partner send them to a third party and the victim is threatened to share them online, also a hacker can access to online account stored theses images(Goodrich,2010, 150).Also in some cases if the computer or mobile victims can be infected remotely by the remote access Trojan(RAT) which allows the attackers to access the devices ,this will eventually make victims to be captured by their webcam remotely. Corporate Extortion. In this case the businesses and are the major target by the corporate extortion some of these attacks were done in Dominos in Europe. However there are various ways used for attack in this, this includes sending of ransom letter by threatening the business with a publishing of its reviews which are negative, complaints to business bureau, making calls which are harassing, or sending delivery orders which are fraudulent (Bishop,2012,123).However the attackers can break into companys network and get access to some sensitive information and data which can be credit cards, numbers of social security cards and even the clients email addresses. After accessing this information the hackers threatens to release to public or even sell the data unless the company give out the demanded ransom payments. Also in some cases hackers aim even to hack medical facilities and steal medical facilities and the patients records as well, for example a UK cosmetic surgery clinic or the 2012 hack at an Illinois medical practice(Pfleeger ,2007, 65). Extortion Hacks Prevention Measures. The companies are therefore advised to take the following measures to control the extortion hackers from gaining access of their information and demanding for ransom pay. Training of their staffs your staff. The customers should avoid opening any attachment in email from unknown person or un trusted person or source. Use rule of thumb: where one should not click any link in the e-mail and never open attachments especially zip files; however its important to hover the curser on it to see the source and if suspicious ask the IT support before opening it. Always watch on words in the subject line that can easily lure you, for example: resume attached, invoice attached then erase such messages. Avoiding opening some emails that seems to come from the company that you trust, like ups if no notification from the courier is expected. Always delete unsolicited emails with attachments and which are said to come from Banks, Amazon, Microsoft, eBay, or PayPal. Always back-up your data every day or night to avoid loss in case of hackers interfering with your data. By ensuring that company staff changes their passwords often preferably after every three months. Ensure that you install and use updated the real time anti-malware solution from a trusted vendor. Ensuring that all software installed in the computers or other devices are updated. Ensure that you backup all your personal data. Always avoiding to store your embarrassing pictures either online or on your mobile devices. Always ensure you make use of your mind, script-blocking plugins, and updated antivirus when surfing on the web. It is good to use a separate laptop while doing any online banking preferably , Google Chromebook for as little as $199.00. Conclusion The extortion hacks is a major threat in field of networking and computing ,however the hackers also have posed threat to small mobile devices ,due to this hacking most of the companies had lost important information, money and also time .Therefore in conclusion for any business or company that is about to start it is a requirement to ensure that their computers ,mobile devices and entire network is secure and their data is always backup on daily basis. This is to avoid risk of losing the valuable information to the hackers. References McGraw,v.(2010). Building Secure Software,2nd edition, London:Addison-Wesley. LeBlanc.H.(2012), Writing Secure Code, second edition ,1ST edition, Sydney:Microsoft Press. Bellovin.c.(2008),Firewalls and Internet Security,1st edition ,London: Addison-Wesley. Ranum.G,(2007), Web Security Sourcebook: A Complete Guide to Web Security Threats and Solutions ,1ST edition,turkey :Wiley. Howard.L,( 2012), Writing Secure Code, 2nd edition ,Portugal: Microsoft Press. Panko.H,(2013),Corporate Computer Security, 3rd edition, Netherlands: Prentice Hall . Goodrich.T,(2010), Introduction to Computer Security,1st edition,s.Africa:Addison-Wesley. Pfleeger.P,(2007), Security in Computing, 4th edition ,Korea :Prentice Hall. Bishop.G,(2012), Computer Security: Art and Science, London:Addison-Wesley.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.