Blog Post
Four types of hacking attacks you may have never heard of
In this previous blog post, we went over how various consumer technologies have been developed to reduce the risk of having your personal information stolen by hackers.
However, just as the peppered moth evolved to adapt and avoid extinction, hackers are constantly hatching new devious schemes to take what they want.
In this post, we’re going to cover 4 types of hacking attacks that you may not have heard of. It’s better to arm yourself with information so you know what to look for and avoid being caught off-guard.
1. Bottom-feeding Phishing
Remoras, AKA sharksuckers, are an interesting breed of fish. Instead of foraging for food themselves, they simply follow larger sea creatures around, and scavenge for stray scraps of food.
Some hackers seem to have taken a page out of the Remora’s book, and have started leeching off the success of other hacking groups.
Just moments after the American health insurance provider Anthem announced publicly that they had been attacked by hackers, a large number of phishing and phone scam calls were made, in an attempt to lead unsuspecting folks to exposing more of their personal information.
So even if you’re just a small-time hacker, you can still steal personal information by leeching off the success of professional state-sponsored hackers.
Avoiding being a phishing victim is as simple as not taking the bait - be careful of suspicious looking emails and links, and look out for that little lock icon in your address bar stating if a website is secure.
2. Smishing
While it sounds like an old fishing technique where you smash fish with rocks, smishing is actually “SMS phishing”, where victims are baited with SMS text messages.
Phishing is generally done by embedding a URL which leads to a website designed to make you give away your personal information, or load your computer with malware.
While some smishing messages operate in the same way as traditional phishing, it has become commonplace to instead include a telephone number leading to an automated voice response system.
Upon calling the listed number, you will be prompted to key in your personal information, the same way you would when calling a bank.
What makes smishing so effective is that many tech-savvy people tend to be more suspicious around emails, where URLs are clearly visible and your HTML layouts will be scrutinized.
On a whole, smartphones can pose a huge threat to your personal data security. For example, the Google Play store is swarming with malware-ridden apps, and many users are not using any form of anti-malware solutions on their mobiles.
Because smishing is very similar in nature to phishing, the same defenses apply: keep your guard up, and trust no one, not even your closest friends (more on that below).
3. Zero-day exploits
For some hackers, news of a new software patch being released is like Christmas coming early.
If they look hard enough, vulnerabilities may sometimes be found in new software patches; vulnerabilities that they may exploit before software vendors can discover and patch.
Zero-day exploits are a lot more common than you might think. Last year alone, 3 big zero-day exploits named Heartbleed, Shellshock and POODLE were discovered, along with numerous other vulnerabilities in common software like Internet Explorer.
Most recently, hackers found a zero-day exploit in Adobe’s Flash Player, another common software found on many computers worldwide.
Keeping your system safe from the looming threat of zero-day exploits is not easy; it requires you to constantly be in the know about new exploits, and quick action to fix those exploits.
Of course, sometimes the threat of vulnerabilities could come built into the very computer that you purchased, in which case, you’re more vulnerable.
4. Roleplay
Getting someone to tell you their innermost secrets requires trust, which is built slowly over time. Or, you could just impersonate someone who has already gained your victim’s trust and exploit that for your own ends, which is what a lot of hackers are doing.
In a threat report published by FireEye, it was discovered that hackers impersonating IT staff is a popular tactic in data breaches. 44% of observed phishing emails were designed to impersonate the targeted company’s IT department.
On a more personal level, just a few months back a gift card scam schemes was circulating on the popular messaging app LINE, where hackers broke into LINE user accounts and convinced their contacts to iTunes gift cards on their behalf.
I received a few of those phony requests myself, and while I found myself wondering “Who would fall for this”, I did hear first-hand accounts of a friend who got scammed out of $100 through this method.
Again, to avoid falling prey to these scams, practice simple caution when dealing with anyone over the internet.
Knowledge of these hacking attacks can help you stay protected
Many of these lesser-known attack types are so effective because they are just that: lesser known.
Many Generation X and a shamefully large portion of Generation Y tech users are simply not aware of the possible threats that come with staying connected, which is why they don’t stop to consider the risks before giving hackers what they want.
Sometimes, staying safe is as simple as staying educated. You and your company would greatly benefit from investing time and resources into education on security issues. Even giving someone the responsibility to stay abreast on this subject, and sharing information across your company, can go a long way.