wonderfully unique software solutions

Understand hacking to better protect yourself, says NordVPN

All internet users — not just tech professionals — should understand how they are being targeted with malware and other cyberthreats, according to NordVPN‘s Daniel Markuson.

“By learning about the most common hacking methods and arming yourself with the right tools, you’ll be able to identify vulnerabilities and stop attackers in their tracks,” Markuson says in this blog post.

Hackers typically have multiple hacking techniques, tools and technical expertise at their disposal to target internet connections, which function as a kind of chain linking the user at one end to other computers.

“Hackers work by looking for weaknesses in links anywhere along the chain,” points out Markuson. “All of them exploit different vulnerabilities to access your data or infect you with malware.”

Five common techniques favoured by the laziest and least technical hackers include fake wireless access point (WAP) or evil twin attacks, bait-and-switch, credential reuse, SQL injection and browser locker attacks.

“In a fake WAP attack, the hacker sets up a wireless router with a convincingly legitimate name in a public spot where people might connect to it. Once they do, the hacker can monitor and even change internet connections to steal sensitive data or force the user to download malware onto their device,” says Markuson.

Encryption of all traffic — for example via virtual private networking (VPN) — can protect users from these but it’s still better to check you’re using the correct wifi network name and password in the first place. And because public wifi hotspots are rather insecure anyway, it’s still better to use encryption.

More about common attacks

VPN can also protect users against browser locker attacks, where a hacker creates a popup that takes over the screen so it is difficult or impossible to close, Markuson adds.

In bait-and-switch attacks, users click on what looks like a trustworthy advert and end up on malicious webpages where they could download malware, be clickjacked or browser locked to compromise their system — and VPN cannot always protect users in this case, Markuson notes.

“If you do click on ads, try to stick to more trusted advert distributors, like Google or Facebook,” he says.

Credential reuse attacks can happen when a server hosting user logins is breached. Because many people use the same password across multiple sites, the attacker can take login details and input them into other websites in hopes of gain.

“Your very best strategy is to create a different password for every site you use,” notes Markuson, although dark-web monitoring can help reveal whether credentials have been exposed.

VPNs cannot protect users against SQL injection either. Instead, ensure the websites you use are properly administered and secured, he suggests.

Other common attacks including macro attacks on .doc, .pdf or other common file types, cookie theft, sidejacking and session hijackings, Internet of Things (IoT) attacks, distributed denial-of-service (DDoS) attacks and more.

For some of these using a VPN can help, says Markuson, adding more tips for fighting a wide range of common hacks in the full blog post.

( Photo by Jamie Street on Unsplash )

Recent Articles

Arista warns SMBs to take precautions against edge threats

Arista Networks, the vendor of Arista Edge Threat Management (ETM) has warned that SMBs aren't always aware of the extent of targeting...

Instructure rolls out iWork update for Canvas LMS users on Apple

Learning management software company Instructure has taken the covers off an Apple iWork update for its Canvas learning management system (LMS).

E-learning player iSpring adds six integrations for its LMS platform

Customers of the iSpring Learn learning management system (LMS) can now connect to no less than six additional platforms with a view...

What’s new in JetBrains code analyser Qodana 2023.2

The code-quality platform Qodana, new from a cornucopia of JetBrains developer tools, now boasts server-side analysis integrated with the 2023.2 releases of...

N-able leads RMM field across multiple awards programmes

Remote monitoring and management (RMM) provider N-able has taken two more coveted titles for 2023, including a prestigious CRN award for the...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox