Strategies a hacker uses to access your data

Here are a few strategies a hacker may use to attack your systems:

Ransomware

Typically a form of malware which seeks to take control of your computer, stealthily encrypting your files with an encryption key of which only a hacker knows.

God forbid you find yourself in such a situation but if you do, your options would be to either pay the ransom, attempt to crack the encryption or to simply cut your losses. Most people pay but why let them win. Hackers tend to not ask for much to encourage a quick payment. The payment is usually via a largely untrackable cryptocurrency like bitcoin.

 

Malvertisement

A malware-infected online advertisement. They will pay to which ads they are.

Hackers are now placing their own ads containing scripts. To get around security checks, these scripts point to other scripts, which download other scripts from other locations, repeating this process until malware infiltrates a user on the website.

This intelligent method of misdirection uses these chains of scripts from an assemblage of changing locations, leading the advertising network on a merry dance and makes it difficult for them to know the difference of a good ad from bad. Particular ad's like these are placed through automatically. Many websites have their own advertising network although many of these websites still fall foul to this form of attack and have unwittingly hosted malware in the past. Malvertisement is a growing attack vector to be reckoned with.

 

Drive-By Attacks

Dramatic name for when you visit a website containing code to exploit your machine.

 

Naivity is your weakest link.

It is naive to believe going to a well-known website will mean you are safe to browse. Malvertisement should serve as an affirmation of this. Can you tell if a website has been hacked?

Jamie Oliver had his website hacked three times – the surface of his website had been infected with a bit of script, reaping much reward for the hacker. Jamie Oliver may have the resources to recover from such a misfortunate event but how about you?

Before clicking an ad, how sure are you of your staff asking themselves 'is clicking through worth the risk?'

I recommend typing 'HTTPS' directly into your browser but if you feel the website is being promoted suspiciously, remember 100% ignorance to an ad is as close as you can get to eliminating the risk.

But will your staff remember to do that?

Mitesh Patel

Managing Director

Mitesh Patel