8 Most Common Cybersecurity Threats | Types of Cyber Attacks | Cybersecurity for Beginners | Edureka

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] just as pollution was a side effect of the Industrial Revolution so are the many security vulnerabilities that come with the increased Internet connectivity cyber attacks are exploitations of those vulnerabilities for the most part individuals and businesses have found ways to counter cyber attacks using a variety of security measures and just good old common sense hi guys my name is Aria and today's session is all about cyber security threats we are going to examine eight of the most common cyber security threats that your business could face and the ways to avoid them so before we actually jump into the session let me give you how the session will actually work we are going to discuss the most eight common cyber threats we're going to discuss in particular what they are how the threat works and how to protect yourself okay so now let's jump in now cyber attacks are taking place all the time even as we speak the security of some organization big or small is being compromised for example if you visit the site out here that is threat cloud you can actually view all the cyber attacks that are actually happening right now let me just give you a quick demonstration of how that looks like okay so as you guys can see out here these are all the places that are being compromised right now the red parts actually show us the part that is being compromised and the yellow places actually show us from where it's being compromised strong ok as you guys can see now that someone from the Netherlands is actually attacking this place and someone from USA was attacked in Mexico it's a pretty interesting site and actually gives you a scale of how many cyber attacks are actually happening all the time in the world ok now getting back I think looking at all these types of cyber attacks it's only necessary that we educate ourselves about all the types of cyber threats that we have so these are the 8 cyber threats that we are going to be discussing today firstly we're going to start with malware so malware is an all-encompassing term for a variety of cyber attacks including Trojans viruses and bombs malware is simply defined as code with malicious intent that typically steals data or destroy something on the computer the way malware about doing its damage can be helpful in categorizing what kind of malware you are dealing with so let's discuss it so first of all viruses like the biological namesakes viruses attach themselves to clean files and infect other clean files and they can spread uncontrollably damaging a systems core functionality and deleting or corrupting files they usually appear as executable file is that you might have downloaded from the internet then there are also Trojans now this kind of malware disguises itself as legitimate software or is included in legitimate software that can be tampered with it tends to act as creat lis and creates backdoors in your security to let other malware sin' then we have worms worms in fact entire networks of devices either local or across the internet by using the network's interfaces it uses each consecutive infected machine to infect more and then we have botnets and such where botnets are networks of infected computers that are made to work together under the controller of an attacker so basically you can encounter malware if you have some OS vulnerabilities or if you download some L legitimate software from somewhere or you have some other email attachment that was compromised with okay so how exactly do you remove malware or how exactly do you fight against it well each form of malware has its own way of infecting and damaging computers and data and so each one requires a different malware removal method the best way to prevent malware is to avoid clicking on links or downloading attachments from unknown senders and this is sometimes done by deploying a robust and updated firewall which prevents the transfer of large data files over the network in a hope to weed out attachments that may contain malware it's also important to make sure your computer's operating system whether it be Windows Mac OS Linux uses the most up-to-date security updates and software programmers update programs frequently to address any holes or weak points and it's important to install all these updates as well as to decrease your own system weaknesses so next up on our list of cyber threats we have phishing so what exactly is phishing well often posing as a request for data from a trusted third party phishing attacks are sent via email and ask users to click on a link and enter their personal data phishing emails have gotten much more sophisticated in recent and making it difficult for some people to discern a legitimate request for an information from a false one now phishing emails often fall into the same category as spam but are way more harmful than just a simple ad so how exactly does phishing book well most people associate phishing with email message that spoof or mimic bank credit card companies or other businesses like Amazon eBay and Facebook these messages look authentic and attempt to get victims to reveal their personal information but email messages are only one small piece of a phishing scam from beginning to end the process involves five steps the first step is planning the fissure must decide which business to target and determine how to get email addresses for the customers of that business then they must go through the setup phase once they know which business to spoof and who their victims are Fisher's create methods for delivering the messages and collecting the data then they have to execute the attack and this is the step most people are familiar with that is the Fisher sends the phony message that appears to be from a reputable source after that the Fisher records the information the victims enter into the webpage or pop-up windows and in the last step which is basically identity theft and fraud the Fisher's use the information they've gathered to make illegal purchases or otherwise commit fraud and as many as 1/4 of the victims never fully recover so how exactly can you be actually preventing yourself from getting fished well the only thing that you can do is being aware of how phishing emails actually work so first of all a phishing email has some very specific properties so firstly you will have something like a very generalized way of addressing someone like your client then your message will not be actually from a very reputable source so out here as you can see it's written as Amazon on the label but if you actually inspect the email address that it came from its from management at maison canada dot CA which is not exactly your legitimate Amazon address third you can actually hover over the redirect links and see where they actually redirect you to now this redirects me to wwf/e amazon.com as you can see out here so basically you know this is actually a phishing and you should actually report this email to your administrators or anybody else that you think is supposed to be concerned with this also let me give you guys a quick demonstration on how phishing actually works from the perspective of an attacker so first of all I have actually created a phishing website for harvesting Facebook credentials I simply just took the source code of the facebook login page and pasted it and then made a back-end code in PHP which makes a log file of all the Facebook passwords that get actually entered onto the phishing page now I've also sent myself an email as to make sure this looks legitimate but this is only for spreading awareness so please don't use this method for actually harvesting credentials that's actually a very legal thing to do so let's get started first of all you will go to your email and see that you get some email saying the our Facebook credentials has been compromised so when you open it it looks pretty legit well I haven't made it look all that legit it should look legit but the point out here is to actually make you aware of how this works so as you guys can see it says dear client we have strong reasons to believe that your credentials may have been compromised and might have been used by someone else we have locked your Facebook account please click here to unlock sincerely Facebook associate team so if we actually click here we are actually redirected to a nice-looking Facebook page which is exactly how Facebook looks like when you're logging in now suppose I were to actually log in to my Facebook account which I won't I'll just use some random ID like this is an email address email com and let's put password as admin one two three and we click login now since my facebook is actually already logged in it'll just redirect to facebook.com and you might just see me logged in but on a normal computer it'll just redirect you to www.facebook.com which should just show this site again okay so once I click log in out here all that the backend code that I've written in PHP out here will do is that it's gonna take all the parameters that have entered into this website that is my email address and password and just generate a log file about so let's just hit login and see what happens so as you guys can see I've been redirected to the original Facebook page that is not meant for phishing and on my system out here I have a log file and this log file will show exactly as you can see I've fished out the email address this is an email address email comm and it's also showed the password that is admin one two three so this is how exactly phishing works you enter an email address and you're entering the email address on a phishing website and then it just redirects you to the original site but by this time you've already compromised your credentials so always be careful when dealing with such emails so now jumping back to our session the next type of cyber attacks we are going to discuss is pass with the docs so an attempt to obtain or decrypt a user's password for illegal use is exactly what a password attack is hackers can use cracking programs dictionary attacks and password sniffers and password attacks password cracking refers to various measures used to discover computer passwords this is usually accomplished by recovering passwords from data stored in or transported from a computer system password cracking is done by either repeatedly guessing the password usually through a computer algorithm in which the computer tries numerous combinations until the password is successfully discovered now password attacks can be done for several reasons but the most malicious reason is in order to gain unauthorized access to a computer with the computer's owners awareness not being in place now this results in cybercrime such as stealing passwords for the purpose of accessing bank information now today there are three common methods used to break into a password-protected system the first is a brute-force attack a hacker uses a computer program or script to try to log in with possible password combinations usually starting with the easiest to guess password so just think if a hacker has a company list he or she can easily guess user names if even one of the users has a password one two three he will quickly be able to get in the next our dictionary attacks now a hacker uses a program or script try to login by cycling through the combinations of common woods in contrast with brute-force attacks where a large proportion key space is searched systematically a dictionary attack try is only those possibilities which are most likely to succeed typically derive from a list of words for example a dictionary generally dictionary attacks succeed because most people have a tendency to choose passwords which are short or such as single words found in the dictionaries or simple easy predicted variations on words such as appending a digit also now the last kind of password attacks are used by keylogger attacks a hacker uses a program to track all of the user's keystrokes so at the end of the day everything the user has typed including the login IDs and passwords have been recorded a key logger attack is different than a brute-force or dictionary attack in many ways not the least of which the key login program used is a malware that must first make it onto the user's device and the key logger attacks are also different because stronger passwords don't provide much protection against them which is one reason that multi-factor authentication is becoming a must-have for all businesses and organizations now the only way to stop yourself from getting killed in the whole password attack conundrum is by actually practicing the best practices that are being discussed in the whole industry about passwords so basically you should update your password regularly you should use alpha numerics in your password and you should never use words that are actually in the dictionary it's always advisable to use garbage words that makes no sense for passwords as they just increase your security so moving on we're going to discuss DDoS attacks so what exactly is a DDoS or a DOS attack well first of all it stands for distributed denial of service and a dos attacks focuses on disrupting the service to a network as the name suggests attackers send high volume of data of traffic through the network until the network becomes overloaded and can no longer function so there are a few different ways attackers can achieve dos attack but the most common is the distributed denial of service attack this involves the attacker using multiple computers to send the traffic or data that will overload the system in many instances a person may not even realize that his or her computer has been hijacked and a contributing to the DOS attack now disrupting services can have serious consequences relating to security and online access many instances of large-scale dos attacks have been implemented as a single sign of protests towards governments or individuals and have led to severe punishment including major jail time so how can you prevent dos attacks against yourself well firstly unless your company is huge it's rare that you would be even targeted by an outside group or attackers for a DOS attack your site or network could still fall victim to one however if another organization on your network is targeted now the best way to prevent an additional breach is to keep your system as secure as possible with regular software updates online security monitoring and monitoring of your data flow to identify any unusual or threatening spikes in traffic before they become a problem dos attacks can also be perpetrated by simply cutting a table or dislodging a plug that connects your website server to the Internet so due diligence in physically monitoring your connections is recommended as well okay so next up on a list is man-in-the-middle attacks so by impersonating the endpoints in an online information exchange the man-in-the-middle attack can obtain information from the end user and the entity he or she is communicating with for example if you are banking online the man in the middle would communicate with you by impersonating your bank and communicate with the bank by impersonating you the man in the middle would then receive all of the information transferred between both parties which could include sensitive data such as bank accounts and personal information so how does it exactly work normally an MIT M gains access through a non encrypted wireless access point which is basically one that doesn't use WEP WPA or any of the other security measures then they would have to access all the information being transferred between both parties by actually spoofing something called address resolution protocol that is the protocol that is used when you are actually connecting to your gateway from your computer so how can you exactly prevent MIT M attacks from happening against you firstly you have to use an encrypted W AP that is an encrypted wireless access point next you should always check the security of your connection because when somebody is actually trying to compromise your security he will try to actually strip down the SC DPS or SSDs that is being injected in the website which is basically the security protocols so if something like this HTTPS is not appearing in your website you're on an insecure website where your credentials or your information can be compromised and the last and final measure that you can actually use is by investing in a virtual private network which spoofs your entire IP and you can just browse the Internet with perfect comfort next up on our list is drive-by downloads so gone are the days where you have to click to accept a download or install a software update in order to become infected now just opening a compromised webpage could allow dangerous code to install on your device you just need to visit or drive by a webpage without stopping or to click accept any software add the malicious code can download in the background to your device a drive-by download refers to the unintentional download of a virus or malicious software onto your computer or mobile device a drive-by download will usually take advantage or exploit a browser or app or operating system that is out of date and has security flaws this initial code that is downloaded it is often very small and since this job is often simply to contact another computer of where it can pull down the rest of the code onto your smartphone tablet or other computers often a web page will contain several different types of malicious code in hopes that one of them will match a weakness on your computer so how does this exactly work well first you visit the site and during the 3-way handshake connection of the tcp/ip protocol a Bacchan script is triggered as soon as a connection is made vile the last ACK packet is sent a download is also triggered and the malware is basically injected into your system now the best advice I can share about avoiding drive-by downloads is to avoid visiting websites that could be considered dangerous or malicious this includes adult content file sharing websites or anything that offers you a free trip to the Bahamas now some other tips to stay protected include keep your internet browser and operating system up-to-date use a safe search protocol that warns you when to navigate to a malicious site and use comprehensive security software on all your devices like McAfee all-access and keeping it up to date okay so that was it about drive-by downloads next up is my lad vert icing or malvert icing so malvert icing is the name we in the security industry give to criminally controlled advertisements which intentionally infect people and businesses these can be any ad on any site often ones which you use as a part of your everyday internet usage and it is a growing problem as is evident by a recent US Senate report and the establishment of bodies like trust in ads now whilst the technology being used in the background is very advanced the way it presents to the person being infected is simple to all intents and purposes the advertisement looks the same as any other but has been placed by criminal like you can see the mint ad out here it's really out of place so you could say it's been made by a criminal now without your knowledge a tiny piece of code hidden deep in the advertisement is making your computer go to the criminal servers these and catalog details about your computer and its location before choosing which piece of malware to send you and this doesn't need a new browser window and you won't know about it so basically you're redirected to some criminal server the malware injection takes place and voila you're infected it's a pretty dangerous thing to be in so how exactly can you stop magnetising well first of all you need to use an ad blocker which is a very must in this day and age you can have ad blocker extensions installed on your browser whether it be Chrome Safari or Mozilla also regular software updates of your browser and other software's that work peripheral to your browser always help and next is some common sense any advertisement that is about lottery that's offering you free money is probably going to scam you and inject malware too so never click on those ads so the last kind of cyberattacks we are going to discover today and discuss about is rogue software so rogue security software is a form of malicious software and Internet fraud that misleads users into believing that there is a virus on their computer and manipulates them into paying money for a fake malware removal tool it is a form of scare that manipulates users through fear and a form of ransomware rogue security software has been a serious security threat in desktop computing since 2008 so now how does a rogue security software book these scams manipulating users into download the program through a variety of techniques some of these methods include ads offering free or trial versions of security programs often pricey upgrades are encouraging the purchase of the deluxe versions then also pop-ups warning that your computer is infected with the virus which encourages you to clean it by clicking on the program and then manipulated SEO rankings that put infected website as the top hits when you search these links then read directly to a landing page that claims your machine is infected and encourages you a free trial of the rogue security program now once the scareware is installed it can steal all your information slow your computer or corrupt your files disable updates for Less limit antivirus software or even prevent you from visiting less timet security software vendor sites while talking about prevention the best defense is a good offense and in this case an updated firewall makes sure that you have a working one in your office that protects you and your employees from these type of attacks it is also a good idea to install a trusted antivirus or anti spyware software program that can detect threats like these and also a general level of distrust on the internet and not actually believing anything right off the bat is the way to go ok guys so that was me about all the a different types of cyber threats and how they actually work and how you could prevent them I also hope you enjoyed the demonstration I showed about phishing that's it for me goodbye I hope you have enjoyed listening to this video please be kind enough to like it and you can comment any of your doubts and queries and we will reply them at the earliest do look out for more videos in our playlist and subscribe to any rekha channel to learn more happy learning
Info
Channel: edureka!
Views: 495,439
Rating: undefined out of 5
Keywords: yt:cc=on, Cybersecurity threats, cybersecurity attacks, types of cyber attacks, Cyber Security, cybersecurity, cybersecurity attacks 2018, cyber security training, cybersecurity for beginners, cybersecurity fundamentals, cyber security basics, cyber security training for beginners, cyber security course, cybersecurity 101, edureka cyber security, edureka, Threat Predictions, top 8 cyber attacks, cybersecurity threats 2018
Id: Dk-ZqQ-bfy4
Channel Id: undefined
Length: 22min 4sec (1324 seconds)
Published: Wed Jul 18 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.