According to statistics and analytical forecasting revealed by Total Telecom, there will be around 30 billion devices around the globe that will be connected to the internet which, needless to say, is a lot. We currently only have around 8 to 9 billion connected devices, and we are already unable to keep ourselves fully protected from even the known and probable attacks.

What’s more, with every new attack we come across, we are finding new vulnerabilities in our system while being completely in the dark about how to patch the vulnerabilities we already know about. Therefore, it’s clear that nobody is safe from these attacks, even if we keep the regular security patch updates in the equation, we cannot guarantee a safe internet. Why? Because most of the attacks we are facing right now have less to do with susceptibilities and are more to do with the personal vulnerabilities.

We know by now, that companies are doing their best to ensure the security of their systems, by implementing programs like Apple’s Secure Enclave, and Google’s project treble. So maybe it is time for the end users to get more active. We know that most of the low scale hacking is happening by exploiting human naivety. We can see it with the attacking of apps of prominent platforms, where the security checks prevent apps from using the susceptible touch points of the system but cannot decide the permission that the app will ask users. Even users themselves have little inclination in understanding the various authorisations an app usually asks for and here in this position of human openness, lies the seed of the journey that ultimately led to data theft and the series of consequent actions, which was exploited by Dark Caracal in one of its most recent APT campaigns.

So what’s the takeaway here? Be aware of what apps and software you install, and since it’s not possible to read all the terms and conditions of usage for all the apps you use, keep yourself in the safe zone of well-trusted sources for app installation.

Another non-technical way through which we can prevent hacking from happening is to have a deep understanding of the Hackers’ motives. That way we can understand the way they think, preventing many of their attacks before they occur. Primarily hackers plan their attacks with the objective of data theft, ransom, political manipulation, advantage over competition, and even revenge. Now with the emergence of Cryptocurrency, they are also trying to gain unauthorized access over the systems for the purpose of data mining, as was done through the virus Coinhive.

So, now we are aware of the motives of hackers, we can begin working on setting the necessary precautions by keeping ourselves updated with their latest strategies. Here is a list of the most common and long-established practices that you can use to protect yourselves.

• • Ransomware: With the increasing value of data and growing liabilities around it, these attacks are bound to become more severe. Most of the simplistic attacks involve luring the victim to an infected website and then compelling them to take an action through some incentive.
  • Changing the content you see: This is a rather new strategy which, fortunately, has not yet been used by any group of bad actors. Discovered by a cybersecurity firm Red Balloon Security, this strategy involves changing the pixel values of the victim’s monitor display. With that, they can make an unsafe site take the appearance of a safe one, convincing the victim to share private information without any apprehension, as was meticulously shown by Business Insider in this video.
  • Phishing: Almost all of the attacks are done with the motive of data theft, ransom or revenge and they begin with phishing (an attempt to gain unauthorised access over sensitive data). There are many ways attackers have been phishing around, but most recently, they’ve adopted the use of SMS, because an SMS can be seen as seemingly harmless.
  • Cross-Site Scripting: In these attacks, vulnerable websites are injected with a malicious code, wherein the data entered by the user can easily be sent to the system of the attacker. Such vulnerable sites can usually be detected by seeing the transfer protocol they are using. For example, a site using HTTP is more vulnerable than HTTPS, which involves another secure socket layer for the security of data that prohibits the presence of any such malicious code in web pages.

Now you are aware of the most common motives and attack tactics used by hackers, you’re definitely better prepared to explore the online world. Other than that, always be vigilant about the new techniques that are occasionally being disclosed by the good actors of cybersecurity stage. Also, don’t forget to use the conventional technical safeguards like firewalls and security patches, so that your experience of the internet remains safe and hassle-free.

Resources:

https://blog.lookout.com/dark-caracal-mobile-apt

https://www.totaltele.com/498777/30-billion-connected-devices-worldwide-by-2023

https://www.gartner.com/newsroom/id/3165317

https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/

https://www.cnet.com/news/your-smartphones-are-getting-more-valuable-for-hackers/

https://www.forbes.com/sites/forbestechcouncil/2018/03/08/protect-yourself-online-by-thinking-like-a-hacker/2/#2410213b4704

https://www.rapid7.com/fundamentals/types-of-attacks/

https://www.businessinsider.in/Hackers-can-gain-access-to-your-computer-monitor-a-cybersecurity-expert-shows-us-how-easy-it-is/articleshow/61535509.cms