Hackers' attack methods are not all complex and cumbersome . When hackers launch cyber attacks, they are only for profit , Not all need to master superb technology . Their motives can be broadly divided into two types ： Opportunism and targeted attacks .
Bishop Fox Head of security affairs Rob
Ragan express , They generally use these two classifications to distinguish cyber crime . For hackers , They don't care about the victims , They are more concerned about how to access potentially stolen devices , This is a number game for them . Opportunistic attacks are often motivated by profit , Target threats are designed to defraud or steal specific data . Targeted attacks are different , Such attacks are only intended to destroy specific devices .
Ragan say , Hacker attacks are usually platform based , And the payload is often less than the transmission mechanism （delivery
mechanism）. He explained that , The payload may be ransomware , But the transmission mechanism can be anything , From forcing users to run email attachments to taking advantage of worms in unpatched systems .
Social-Engineer chief operating officer Michele Fincher think , Hackers are good at using eavesdropping device technology . Among them, the simplest way of hacker attack is to take over user routing to deceive users .
Because routing acts as a “ full-time ” Work of , We are always facing new network threats , But most users don't know that their devices face many dangers . Here are some simple and effective ways for cyber criminals to attack end-user equipment , I hope you will be vigilant , Take corresponding preventive measures , Avoid giving attackers an opportunity .
one , Phishing
Ragan say , Phishing is still the easiest way to attack users . Phishing attacks mainly use malicious attachments to attack specific users ; for example , Macro enabled Office Document or beyond its system PowerShell script .
Fincher Agree with this statement , And she found that some victims fell into phishing websites by clicking on links via email or text , This method is called “ SMS phishing of pseudo base station strategy （SmShing）.
Fincher Added ： The cost and threat of this method are very low , The skill requirements for attackers are also very low , And it is possible to attack multiple targets at one time .
two , Wireless hijacking or interception
Ragan say , When cybercrime injects malicious payloads into end-user devices , Or damage it Internet Traffic and redirect it to when installing malware , This attack will occur . This method may be relatively easy , Because there are many network tools available .
for example ,“wifi
pineapple” End user equipment can be compromised through wireless attacks . An attacker can use this tool to enable end-user devices to communicate with them Wi-Fi Network separation , And the same one simulated by the attacker Wi-Fi network connections . therefore , An attacker can receive traffic and inject malicious code .
Ragan point out , This can only be achieved by being closer to the victim ; If the distance is too far, it cannot be achieved .
Social-Engineer CEO Chris
Hadnagy express ： The two biggest carriers of cracking devices are SmShing Or phishing . Jailbreak or mobile phones that allow side loading of apps will increase the risk of users .
As mentioned above , SMS phishing of pseudo base station strategy （Smshing） The attack will require users to click on malicious links sent by SMS .Hadnagy It also lists the recent default of an overseas bank , At that time, a large number of users received SmShing Malware and malicious links .
Fincher say , As end-user equipment is brought into the workplace , This security risk is rising . Because smartphones , Notebook computers and tablet computers are widely used in the office environment , Link public WiFi. But many companies are not aware of their risks , And there is no clear indication whether it is necessary to check the company email on the mobile phone , Check the equipment even before approving the equipment to enter the office .
Hadnagy say ,BYOD It increases the security risk of the enterprise , Because when a hacker successfully invades a user's end-user device , It may endanger the business security of the whole organization .
four , Simulated attack
Ragan say , Impersonation attacks are often used to reset passwords , Transmit telephone number control or bypass other security controls . for example , Hackers can hijack phone numbers and intercept two factor authentication passwords and messages for specific operators . This is a “ It's simple ” Attack method , Attackers do not need to have a very high level of technology .
Fincher say , If an attacker can get access to the company's network through the phone VPN credential , actually , Hackers don't need to attack any devices at all , You can log in as a legal user , And browse the victim's privacy information . In fact, most end-user attacks are carried out by individuals disguised as legal entities .
She went on to explain , In fact, it only needs a little open source intelligence collection （open source intelligence gathering
, abbreviation OSINT）, The attacker can find enough information . They can pretend to be bank customer service , Company boss , Customers or friends , Then send a seemingly normal request , But because most people are too busy or careless , Personal information is often sent directly to the attacker without knowing the situation .
five , Physical access
Ragan say , If the physical access attack succeeds , Means this “ Attack Game ” It can be over . If there is enough time , Motivation and skills , attacker “ Almost always ” Enter the stolen laptop . Physical access attacks can also involve malicious attacks USB Driver , Stolen hard disk ,boot Attack or Keylogger, etc .
Mobile devices are generally more difficult to crack , Especially mobile devices that have been properly configured for security . So Apple decided to iPhone Update to 6 Bit cipher , And forcibly lock the device after exceeding the number of login attempts , This protects mobile devices from attack threats .
The above is the of hackers invading terminal devices shared today 5 Big simple way , If you want to learn more technology, you can chat with bloggers in private !