3 methods Cyber Criminal uses to hack your password

3 methods Cyber Criminal uses to hack your password

3 Methods Cyber Criminal Uses To Hack Your Password

Praise Maukazuva, 7 Feb 2017

Most people use a convenient password that they can recall in the future.

According to the Cyber Streetwise campaign that was carried out by the U.K Government in 2016, it is said that 35% of the people struggle to remember their passwords.

Unauthorized access is a major problem for people who use computers, tablets, mobile phones and other computer devices, and passwords act as the main defense in protecting your data. Here are some of the methods used by cyber criminals to acquire your passwords, for fraudulent reasons.

1. Password cracking

This includes guessing the most common passwords used by people.

The “Most Common Passwords of 2016 List” researched by Keeper Security revealed that 17% of the people used “12345” as their password to secure their accounts. More weak passwords include “Password” which comes as the second worst password. “QWERTY,” on the other hand is also widely used. Besides it being rather short and letters only, which makes it easy to break down. However, the movie “StarWars” based passwords have been widely used lately.

An example of a strong password that can be difficult to crack is “My$3cur1ty#” for “My security number.” as it includes all the required characters.

So how do these cyber criminals crack passwords? Two most common ways are “Brute Force Attack” and “Dictionary Attacks”.

In Brute Force attack, every possible password is tried and tested until it finds the right password. This method is only suitable for short words, because the longer the word the more time it takes to test the password. Brute force attack uses a lot of software tools, such as Cain and Abel, John the Ripper and Air cracking depending on the operating system.

Dictionary attack uses a list of common single words from the dictionary. This method is suitable for long words, and it is more advanced as you can add symbols and numbers in front or at the end of the word. But the words have to be real dictionary words that are spelt properly which can be a limiting factor. Software tools such as brutus and crowbar are used.

Image: Dribbble, Kristin Fall Bonett

2. Malware

Spyware is an example of malware, a malicious code that can access your computer through downloading pirated files or simply clicking pop up ads that are infected. This malware monitors a user’s activities such as sites visited and programs that were run thereby tracking log in passwords and usernames.

Shockingly 80% of personal computers is infected with some kind of spyware, without their knowledge, as it works in the background silently making changes and recording activities.

Image: www.taringa.net

3. social engineering

This is a manipulative way of getting personal information from individuals, this information is then used for fraudulent ways. Types of social engineering include, phishing and scareware.

  • In phishing, you receive an email that will enable you to click a link that redirects you to a fake website asking your for your passwords and credit card details. An email may come as :

“You won $1 million! Click here for your reward!”

With all the excitement you are quick to click on the link that will require you to enter your password.

  • Scareware on the other hand, involves the attacker tricking you into believing that you have malware in your computer. They will act as if they are helping you get rid of it but in turn, they are making you download the actual malware.

The more developed we are in terms of technology, the more methods of acquiring passwords maliciously there are, advancing with time also.

However, There are many ways of keeping your data safe with a password that is difficult or impossible to acquire.

Tips on choosing a good password

People struggles to create a good password because they think that the strongest passwords are not easy to remember. This is not true. Below are some of the ways of creating a strong password.

1.

Use of Long phrases with numbers, symbols, letters, lower cases and upper cases. The longer it is, the harder it is to break down.

2.

You need to have a different and unique password for every service. Avoid using the same password for your E-mail services and also banking services.

3.

Use of Biometrics. Nowadays mobile smart phones, tablets or laptops allow you to gain access to them using your fingerprints or through voice recognition. You don’t need to remember your password.

4.

Use of Password Managers. Examples of these include LastPass, DashLane, 1Password and Norton. It can be in the form of a mobile application, that stores all your passwords, for every service. You just need to remember your master password that will unlock your other passwords. They usually come with a browser extension where you can log in to your accounts automatically.

5.

The two-step Verification. During the signing in process, a code is sent to your mobile phone, and you are supposed to enter that code in order to gain access for example to your e-mails. However without the code, there is no access.

6.

This consists of simple steps, that are easily ignored such as, not sharing the password, not to write it down, and also to change it regularly.

Implementing a few of these facts is better than not implementing any of them. However the goal here is to make sure that our Personal files and data are kept safe by a very strong password.

Can you get hacked?

Can you get hacked?

Imagine the amount of personal information, the purchases you make and all your day to day processes that are stored in your computer. Are they all secure?

Cyber Security is one of the most urgent issues of the day. Cyber attacks have evolved over the years in parallel to the advancement of the tech industry and will continue as the network expands. It is advisable to take the right prevention techniques as they say prevention is better than cure.

Let’s take a look at some of the most common cyber attacks around.

1. MALWARE

Malwares are basically software with a malicious intent to either steal your data or to destroy your operating system. It operates on computers, smartphones, tablets and even servers. It houses a variety of cyber threats:

  • Worms – Just like a virus, it replicates itself and spreads, but only across the network.
  • Trojan horses – they are harmless until they are activated and their intentions are to steal data or files. Trojan horses generally don’t spread like worms.
  • Viruses – This type of malware reproduces itself and spreads from file to file, slowing down the system, disrupting operations and also deleting files.
  • Spyware – Spyware monitors all your activities, sites visited, programs run to track login and password information.

Malwares are transmitted via email attachment, instant messaging or a website that is either infected or malicious. Some websites will automatically download the malware without users’ knowledge.

It tricks you into clicking, for example, an email attachment or a software download, resulting in it being installed in your computer. Once installed, it spreads and starts executing malicious commands.

How to avoid

 

  • This type of cyber attack can be avoided by simply installing an antivirus or antimalware software, once installed it has to be updated and run regularly. You can schedule automatic scans on your computer too for consistency.
  • Avoid opening emails or messages from unknown recipients and also websites with illegal or pirated content. Files should always be scanned before they are downloaded.
  • Use strong passwords, include upper cases, lower cases, numbers and symbols as they are difficult to crack. Avoid using common English words.
  • Lastly, backup all your files, using an external hard disk or cloud services regularly.

2. RANSOMWARE

This is a new type of malware. It limits users from accessing their systems or files by locking their screens or the files until a ransom in the form of money is paid in order to restore your computer.

The data can be converted into a code that can not be read or understood, and in order to make your data understandable, an online payment must be made. This malware can be delivered to your computer through email attachments or pirated downloads.

It tricks you into clicking, for example, an email attachment or a software download, resulting in it being installed in your computer. Once installed, it spreads and starts executing malicious commands.

How to avoid

  • Install an antivirus software that supports internet security features. This will scan your emails and downloads.
  • Your data always backup your files. You can use external hard drives, USB flash drives or Cloud storage such as Dropbox.
  • Use strong passwords, include upper cases, lower cases, numbers and symbols as they are difficult to crack. Avoid using common English words.
  • Do not open attachments that look suspicious or messages sent by unfamiliar people and avoid clicking on just any hyperlinks especially on social media.

3. PHISHING

Phishing is when personal data such as passwords, usernames, or credit card information are stolen. How does it work?

A user receives an email from someone pretending to be a trustworthy bank or credit card company for example, that will redirect the user to a fake website that is identical to the original website.

The website will then prompt the user to enter personal email address, password or credit card information.

How to avoid

Phishing, however, can be avoided. Received emails must be checked carefully. Phishing emails usually have a “dear customer” without stating the name of the receiver. Such emails need you to verify with the organization stated in the email. During the verification, one should not use any email address or phone number from the email received.

Entering confidential information should be avoided at all costs, and this information should never be sent through emails. Online banking credentials should be changed regularly to avoid targeted attacks.

4. DENIAL OF SERVICE (DDoS)

This cyber threat disrupts the service of a network and brings servers to a halt. Attackers use multiple computers to send large volumes of data packets and traffic to the network.

This will slow down the network performance and the user will not be able to access any websites, resulting in low productivity especially for businesses. There will also be a dramatic increase in spam emails.

How to avoid

DDoS attacks can be prevented by installing a firewall. Firewalls can be hardware or software based, and they control the amount of incoming and outgoing traffic.

Firewalls can detect irregular traffic patterns and fend them off.

Email filters, on the other hand, will reduce spam emails.

“Understand what data you hold, how you are using it, and make sure that you are practicing good data hygiene

David Mount, Director, Micro Focus, London – April 2016