CYBERSECURITY ATTACK CHEAT SHEET
Cybersecurity is a very hot topic in the news; however, some of the terms that are being thrown around may go over some people’s head. Here is an overview of the top 5 common terminologies that everyone should know.
- Malware– is any type of software whose sole intention is to damage or disable your device. Once you get any type of malware on your device, it can take control of your computer, send your live activity or information to a remote computer, and record your keystrokes and actions. Malware can travel throughout the world wide web very easily as it can attach to documents sent via email or text message.
- Phishing– the example that I usually give my classes is this…imagine a fisherman out on his boat with his fishing rod in hand. The fisherman throws his rod out in the water with the freshest most delicious bait on the hook. As the hooked bait land in the water several fish look at it an investigate whether or not it is safe to eat. Several other fishes are not impressed and swim away. The fisherman waits patiently for a gullible fish to find interest in his bait so that he can make his fish stew. He waits and sooner or later a gullible fish would come along and take a huge bite of the bait and there you go. Phishing attacks generally come in the form of emails and web links. This was the best way that I could explain what phishing was to a group of non-technical people. About 60 to 70 percent of all email we receive is spam and many of those emails are password phishing attacks looking for a gullible victim to surrender their password to their system.
- Denial of Service (DoS) – is an interruption in an authorized user’s access to a computer network, typically one caused with malicious intent. For example, let’s say that you are pouring sand down a funnel at a steady pace and it does not clog the exit hole. The sand is moving peacefully from your cup, through the funnel, and out the exit hole. Then a person decides to compromise your fun and takes a bucketed sand and pours it also don’t the same small funnel. The exit hole gets clogged since it is taking on more and then it can handle and now no sand can pass through. This is an example of how a denial of service attacks works. If someone floods a website with “real” or “fake” traffic and the website cannot handle the requests, the website will crash. The majority of these kinds of attacks are malicious but a few incidents are very innocent. When Michael Jackson died, several major websites crashed because they could not handle the massive web traffic from concerned fans.
- Man-in-the-Middle Attack– this attack is where the attacker secretly relays and possibly alter the communication between two or more parties while the victims believe that they are communicating directly with each other. For example, imagine you are in class passing notes to your friend and to be stealth you enclosed the note in a ball and roll it to their desk. The transaction goes as follows:
Larry writes a note to Jennifer, which is intercepted and altered by Marci.
Larry “I have a secret message to ask you. But, I need you to send me your key for our box, that way I can lock it and securely send you the message. I don’t want anyone to read it.” Larry rolls the ball down the aisle to Jennifer. Marci gets the unlocked ball, incepts the message, then rolls the ball to Jennifer. Jennifer reads the message thinking that it is coming from Larry.
Jennifer replies “Yes, I would love to communicate with you. Here is my key to the ball? Once you put the message in it lock it up.” She rolls the ball back down the aisle to Larry. Marci picks up the ball in transits and reads the message and obtains Jennifer’s key. (Side note for a dramatic effect: Marci really likes Larry and is getting jealous.) Marci puts her key and the message back in the ball and rolls it to Larry. Larry believes that the key in the ball is from Jennifer.
Larry puts his message in the ball it reads, “I would love for you to meet me down by the park, I have something to show you”. He locks the ball with Marci key thinking that it is Jennifer’s key and rolls the locked ball down the aisle to her. Marci intercepts the ball again, unlocks it with her key that she sent Larry, and reads the message. (Side note for dramatic effect: Marci is furious because she is in love with Larry.) Marci changes the message. It now reads, “I would love for you to meet me down by the lake near the mall after school, I have something to show you”. She then locks the box with Jennifer’s key and rolls the ball to her.
Jennifer believes that the message is from Larry so after school she heads over to the lake by the mall to meet him. He never shows up. Jennifer is angry that Larry wasted her time and blocks him on social media.
Marci played the role of the man-in-the-middle.
- Unpatched Software– Have you ever received notifications from Microsoft or Apple stating that they made an update to their operating system and that it would require installation and a restart? Microsoft’s Patch Tuesday is the official day that Microsoft sends to deliver patches to any holes within their operating system. Several other programs and software send periodic updates in order to keep their product secured. As annoying and time consuming as it can be, it is important to allow verified manufactures of the products to update their products. If the software or program remains unpatched with no updates, then there are some higher risks of your device receiving preventable malware.
A non-technical example: imagine you were wearing a mosquito-proof bodysuit every day. You wear this bodysuit so much that it starts to get thin in some areas. The manufacture of the mosquito-proof body suits contacts you to let you know that they have patches for the weak areas of the bodysuit. They just require about 1 hour of your time to make the needed adjustments to the suit. Let’s say you don’t have the time to let the manufacture fix the weak spots and you postpone the modification for about another week. Now, your week spots have turned into holes. You step outside and the mosquitos attack your skin through the holes. You have welts on your body and get sick from the massive mosquito attack. Now you contact the manufacturer to see if they can patch the hole in the suit, but the damage has been done already. This is a good way for me to explain why it is important to get the patches to your software before they become a bigger problem.