There are a variety of ways to ensure a Strong password. Passwords should not be simple to guess, and should at least be greater than 7 characters at minimum. In creating a password best practices indicate to create a random combination of alphanumeric and special characters. (Chapple, Stewart, & Gibson, 2018, p. xlix) In addition to the above, song titles or any phrases may help as well. An example would be a favorite song title, but the title then in turn mixed with different symbols or alphanumeric characters which would greatly lessen the possibility of a brute force attack successfully working.
Hackers are always trying to find new avenues in regards to targeting companies and individuals. Phishing occurs, when a hacker sends out an email impersonating a reputable company in the hopes of stealing or exploiting user’s credentials. An example would be an email from Bank of America, mentioning that your account has been compromised. Once the credentials have been exploited, the hacker has free reign to the account.
Spear phishing, a hacker may specifically target an individual or company, and even mention a certain project to get people to click on the link. Whaling is another form of phishing. A whaling phishing attack occurs when there is a high-value target, normally a CEO or CFO, that tend to have access to highly sensitive material. Once a hacker is able to successfully secure and retrieve these files the target is generally forced to transfer money in order for it to not be released or sold to the black market. Rouse, Margaret (2018, July) whaling attack (whaling phishing) Retrieved from URL https://searchsecurity.techtarget.com/definition/whalingNot all hackers are specifically out to target individuals for their own capital gain. There are hackers known as “hacktivists” which join may join groups like Anonymous (Also known as a Nation-State hacking group) in order to show their disdain towards corporations and governments and other organizations that do not align with their views. “These hackers don’t consider themselves to be bad actors. They see their activity in a positive light, viewing themselves as contributing to a greater body of knowledge, or furthering a good cause, and often hacking without a clear vision of the second- and third-order effects of their actions.” Walls, Mike (2018, Jan 08) Nation-State Cyberthreats: Why They Hack Retrieved from URL https://www.darkreading.com/informationweek-home/nation-state-cyberthreats-why-they-hack-/a/d-id/1318522
There are generally two types of attacks in which foreign hackers will tend to engage other countries on. The two major categories are cyber espionage and cyber warfare. Cyber warfare will specifically be digital. An example of this would be taking control of an HVAC system in a data center, if the servers systems are overheating that can cause major issues to any infrastructure or organization. On the other hand, with cyber espionage the main motive for a hacker is to gather secret information so that it can be leveraged for an advantage. Diane (2014, February 25)
WHAT’S THE DIFFERENCE BETWEEN Cyber Warfare and Cyber Espionage Retrieved from URL http://securityfirstassociates.com/whats-difference-between-cyber-warfare-cyber-espionage/
There are a multitude of different types of password cracking attacks. A dictionary attack is where a hacker would construct a script or run a premade script which would go through every word contained in the dictionary until access is gained. A Hybrid attack is similar to a dictionary attack but it would also include the addition of combination of numbers and special characters. Another common cracking attack is rainbow tables. In order to increase security measures newer systems tend to store passwords in a hash. B.(2019, Oct 25) How To Protect Yourself Against The Most Common Password Attacks Retrieved from URL https://bloggingwizard.com/password-attacks/ In order for this technique to be successful, a hacker must first gain access to website where the encrypted hashes are stored. Hashes can unfortunately, be cracked. A common strategy is for a hacker to hash all the dictionary words along with the hashed passwords. If a hashed password then matches the hashed dictionary word, more than likely it is a match and that is the password. B.(2019, Oct 25) How To Protect Yourself Against The Most Common Password Attacks Retrieved from URL https://bloggingwizard.com/password-attacks/
There plenty of ways to for an individual to defend themselves against password cracking attacks; I will be going through each option. A very popular option to defend against the attacks are to use a password generator, these are the perfect counter against the hybrid attacks. The second form of defense is to never use the same password more than once. The third defense is to download a password manager, this would work perfect in conjunction with the random password generators. Many of these password managers will contain their very own password generator. A few of the popular ones are LastPass, KeepPass and 1Password. There’s a website called “Have I Been Pwned” which should be checked periodically. The primary function of the website is to track breaches. If a users’ email has been compromised, immediately change your password to the associated site. Many applications now offer multi-factor authentication. Multi-factor authentication allows for another layer of security. An example of this would be a RSA token or a users’ mobile phone will be given a randomized pin which can be used in conjunction with the users’ password. The pin will consistently change, so even if a hacker does gain access to users’ password, there’s another safety net. B.(2019, Oct 25) How To Protect Yourself Against The Most Common Password Attacks Retrieved from URL https://bloggingwizard.com/password-attacks/
There are several reasons why proper cyber security should be in place for every single health care facility. Hospitals contain very sensitive information, hackers would look to extract any information and sell it to the highest bidder on the black market. The major concerns with this are that patient data can be used for fraud and other illegal activities. Another major concern is that our data can be sold to a foreign entity, which has the possibility of compromising our country if the information falls into the wrong hands. Roohparvar, R.(2017, July 23) Why is Information Security Important For the Healthcare Sector Retrieved from URL https://www.infoguardsecurity.com/information-security-important-healthcare-sector/Generally speaking, hacking can be quite lucrative with the right target is exploited. Another major motive behind hacking would be the thrill of it. Another major motive can be for political reasons. A hacker group may be potentially paid off by a foreign entity to potentially saw an election. Lastly, some hackers would just like a challenge and breaking into a company or a business will fulfill their need.
- Townsend, United States Cybersecurity Magazine. (2019, February 20).
- What is the Difference Between a White Hat Hacker and Black Hat Hacker? Retrieved from URL https://www.uscybersecurity.net/white-hat-hacker-black-hat-hacker/\nReferences
- Bloggingwizard, B. (2019, October 25). How To Protect Yourself Against The Most Common Password Attacks. Retrieved from https://bloggingwizard.com/password-attacks/
- Chapple, M., Stewart, J. M., & Gibson, D. (2018). (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. xlix).
- Rouse, M. (n.d.). What is whaling attack (whaling phishing)? - Definition from WhatIs.com. Retrieved from https://searchsecurity.techtarget.com/definition/whaling
- Security First, D. (2014, February 25). WHAT’S THE DIFFERENCE BETWEEN Cyber Warfare and Cyber Espionage. Retrieved from http://securityfirstassociates.com/whats-difference-between-cyber-warfare-cyber-espionage/
- United States Cybersecurity Magazine, Townsend, C. (2019, February 20). What is the Difference Between a White Hat Hacker and Black Hat Hacker?. Retrieved from https://www.uscybersecurity.net/white-hat-hacker-black-hat-hacker/
- Walls, M. (2015, January 8). Nation-State Cyberthreats: Why They Hack. Retrieved from https://www.darkreading.com/informationweek-home/nation-state-cyberthreats-why-they-hack-/a/d-id/1318522