- This topic has 18 replies, 13 voices, and was last updated 1 year, 7 months ago by Tanatorn Tilkanont.
-
AuthorPosts
-
-
2022-09-05 at 2:08 pm #37946SaranathKeymaster
-
2022-09-14 at 9:34 pm #38059PREUT ASSAWAWORRARITParticipant
There are many ways to hack the information system.
– Remember username and password while an authorized user log in the system
– Send some spyware or key logger to get log in information while the authorized user type the username and password
– Create phishing e-mail or screen that mimics the official screen and defraud the authorized user to type the information
– Physically attack a server room, and control the system
– Interfere communication of information in network and hack the information system
– Clinkjacking attack by create sham button that link to defraud pages
– Create viruses and trojans, send them to the server, and operate the server to send information -
2022-09-14 at 11:58 pm #38060Kawin WongthamarinParticipant
Based on my experience, I think there are a number of hacking methods which are likely to be divided into two major groups, one is human error, for example tricking for a password or storing it in an unsafe place.
Another group is system errors where security is not strong enough, such as storing passwords as plain text or not encrypted, setting a simple password that can be easily guessed, or using words in the dictionary, which will make the system easily hacked. -
2022-09-15 at 6:49 am #38065Boonyarat KanjanapongpornParticipant
Without deep knowledge in technical technology, I wouldn’t be able to steal people’s identity by breaking into computer networking. If I have to get people’s data, I might do a physical stealing when people are unaware. I could look at people’s passwords when they’re signing into their account at public places such as coffee shop or using cctv. At an organization, I might have chances to sneak to the working table and guess their password to access people’s gadgets or in case of automatic login, this might even be easier. Moreover, I could search people’s information on the internet and possibly get their id,birthdate,telephone number and other information that I could use to access their personal assets. Without awareness, strong passwords, authority setting and steps of authentication, I might be able to subrogate targeted identity and control their assets.
Apart from physical breach, I would possibly be able to conduct phishing by pretending to be an official account. For example, scam targeted by using imitated banking emails and creating an urgent situation to get passwords.-
2022-09-21 at 6:46 am #38210Kansiri ApinantanakulParticipant
Totally agree with you that a weak password is a hole in the system.
I agree that most people are likely to use their name, surname, birthday, or phone number as the password.
-
-
2022-09-15 at 9:40 am #38068ABDILLAH FARKHANParticipant
One important thing about attackers is they definitely commit their malicious action in a/an well-structured, organized, and planned method. They will observe any chance by looking the limitation of the system, limitation of the technology, and weakness of human capacity who operates the computer. When they capture every little opportunities, for example when they see the people are unaware, the attackers will be spreading the virus infection to cause data damage errors and evoke physical or economic loss.
-
2022-09-20 at 5:16 pm #38194Tanyawat SaisongcrohParticipant
Good points, this’s so true. Like Ajarn Nawanan said that the hackers need just one little hole to attack the system. Thank you for sharing.
-
-
2022-09-17 at 1:33 pm #38135Hazem AbouelfetouhParticipant
Based on the hacker experience, there are many ways to get unauthorized access to confidential information by defining a gap in the system or the process.
– using Phishing, send a fake email with a link to steal users’ passwords and personal information.
– using brute force attacks to target user accounts with a weak common password.
– arrange a Denial of Service (DoS) attack on the system server to shut it down and make it inaccessible to the end-users. -
2022-09-18 at 9:50 am #38141Kansiri ApinantanakulParticipant
First, I would say I have little to no basic knowledge of advanced computer science, computer security, or something like this.
From my perspective, I would separate the methods into 2 groups: physical attack, and technical attack.
Physical attacks:
1) Simply steal the password from the user’s record in a notebook, post-it, or excel file. This might happen from corporate’s colleges who have malicious intentions. If the user uses the same password for more than one system/platform, the hacker could potentially access systems across the corporate’s platform
2) Unauthorized access to colleagues’ computers when they are away from their desks and leave the laptop screen unlocked.
3) Physically attacking server room or network routers. This might happen from corporate’s colleges who have malicious intentions.Technical attacks:
1) Phishing: The hackers use the fake user interface to fool the user into clicking the malicious link. Once the user clicks it, the hacker may steal user information or at worst stole the user’s money by using the stolen banking credential.
2) Malware: Malware is the broad term for computer threats including viruses, spyware, worms, trojans. Each type may differ in spreading pattern, and accessing user information capability.
3) Keylogger: It’s known as keyboard capture, which is the technique of tracking a user’s keystroke to steal the user’s credentials.In conclusion, I think almost of threats need the user’s action to let the threat attack the system. Apart from incorporating the protection system, It’s the user’s responsibility to be aware of potential risks and implements preventive measures to protect them at the user’s level.
-
2022-09-30 at 12:44 am #38450Tanatorn TilkanontParticipant
Thanks for sharing an informative perspective. I like the way you provide the idea of two different groups of attacks. And I agree with all of your thoughts. It is important that the user should be responsible and educated on the awareness of potential risks and implements preventive measurement.
-
-
2022-09-18 at 4:59 pm #38144Siriphak PongthaiParticipant
There are many possible ways that attacker could attack security system.
First, I would think of basic way by stealing one’s password. For example, attacker can steal one password by looking at the one, who’s logging in account. Or if a person who is in organization, attacker might see written password attached on desks or computers.
Second, by searching personal public information on the internet. Nowadays, we can access to internet and personal’s information so easily. By knowing their name, email, birth of date, high school, telephone number, sometimes favorite sport and book, or even identification number. These kinds of information can be used as a Q&A in identifying and verifying person for some websites. Since attacker knows your personal information, attacker can pretend to be you.
Third, through authorization methods. Even attacker doesn’t know your password but if they can access to the phone (by stolen). Attackers can also get into the system via authentication system since the login method will send notification to phone’s authenticator application.
Forth, I think would target to poorly designed security and networking system. This is because attacker can get access through the system easily due to lack of well-established security system.
Fifth, through malwares e.g. viruses or ransomware. Even though this kind of threats have been using as attacking system for decades, but it still works for some reasons.
Lastly, phishing is the most popular method of attacking nowadays since attacker could spread fake links to random phone numbers or emails, Line messages, or comment in public Facebook pages. People who don’t have knowledge in cyber security attacks or even educated one can be victim of this type of attack.
In summary, there are many types of attacks that could harm to not only health information system but also a person’s privacy or financial accounts. I think to educate and give awareness to people about cybercrimes would help them stay away and safe from those attackers.
-
2022-09-19 at 2:42 pm #38161Boonyarat KanjanapongpornParticipant
Thank you for sharing many ideas of system attacks and I agree with the your summary system protection, awareness and education would enhance the safety of people assets.
-
-
2022-09-19 at 10:19 pm #38165SIPPAPAS WANGSRIParticipant
Identify some possible means as attacker could use to conduct a security attack
First of all, I’d like to say that I am not from an IT or specific field in computer science. From my experience, I have seen multiple ways for an attacker to “hack” a network system. By the term “hacking”, I mean the situation when someone gains an unauthorised access to protected resources within a network. It is no joke that many organisations where a number of older people (no offence, but in my case it is true) who are not familiar with computer or anyone who is just a typical user who has less security concern in minds, are vulnerable to get hacked. IT guys may enforce the use of strong passwords, containing special characters and so on. It is the right way but not very pragmatic. For example, you can’t expect a 56-year-old guy who started to use computer a couple of years ago to remember a password like I@mJohnD0e*1966 right? So instead, he wrote it down to a post-it and paste it on his monitor… Well, and that’s the end of it. Not to mention a weak password, use single password everywhere, easy-to-guess password, use default password which all pose a security risk to the whole network.
Another situation is about gaining users’ credentials without their knowledge if they are not careful. This includes spinning up a phishing website, physical access to their notes or any devices that are left unlocked and install malicious software, or it can be so easy just to walk pass by and sneak a glance when they’re typing in passwords.After obtaining credentials, an attacker can use it to initially gain access to internal resources and if a breached user is a privileged one, they could use it to elevate access for other/decoy user not to raise suspicion or may simply act on his/her behalf. If not, an attacker may try to do a lateral movement using various tools to escalate their privileges as an administrator, for example.
An attacker, especially who is an insider an organisation himself, may have access to network devices, such as router, LAN port on the wall, or wireless network. If these ports are not protected by the security endpoint such as firewall, they can simply plug in their tools such as a computer specialised for security research and will be able to do almost every possible ways mentioned earlier.
-
2022-09-20 at 5:10 am #38169SaranathKeymaster
You all gave great answers. Thank you!
-
2022-09-20 at 11:37 am #38185Zarni Lynn KyawParticipant
Possible means an attacker could use to conduct a security attack are
-Malware – the attacker may use a malware to conduct a security attack
-Phishing – the attacker may use Social Engineering methods to gain entry to the systems
-SQL Injection Attack – the attacker may use complex techniques which would result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information
-Denial of Service (DoS) and Distributed Denial of Service (DDoS) – a single or a group of attackers may use sophisticated DoS attack to disrupt the service
-Session Hijacking, Sniffing and Man-in-the-Middle Attacks – the attacker may use hijacking tools to steal confidential information.Although some of the attack methods mentioned above are sometime complex, some hacker use simple methods like trying to gain physical entry to the attack site and if the physical security protocols are not in place (e.g., employees logging out of their computer when they are away or put their password on a post-it notes), hackers may still gain entry to the systems.
We need to be mindful about both physical and technical attacks.
-
2022-09-28 at 7:31 pm #38395Siriphak PongthaiParticipant
I agree with you that by preventing attackers, we have to be careful in both physical and technical ways.
-
-
2022-09-20 at 5:08 pm #38193Tanyawat SaisongcrohParticipant
As my understanding, hacker can attack the system at the users’ computer, the network, and the server, either physical or technical means.
By the physical means, such as, attacking at the server room, stealing computer or server hard drive, unauthorized using other computers when users are away, steal user’s password that perhaps on the desk, steal administrator’s account password for privileges use.
By technical means, for example, remote access by guessing the password, Sniffing, DoS/DDoS attack, Man-in-the-Middle attack, attack through software vulnerabilities and protocol weakness, sending a malware and also phishing unaware users.
-
2022-09-21 at 6:43 am #38209Kansiri ApinantanakulParticipant
Thank you for sharing.
A steal administrator’s account password might be a great threat to the system since the administrator could access almost all levels of information in the system.
-
-
2022-09-30 at 12:32 am #38449Tanatorn TilkanontParticipant
The following are some possible means that an attacker/hacker could use to conduct a security attack.
1. Physical attack, such as
– Using a weak password that is easy to guess
– Unaware of username/password record keeping that the hacker can easily attack.
– Unaware of a user that does not log out of the system once away.
2. Malware, including viruses, worms, spyware, ransomware, and trojans which access to steal information or disruption of data/functionality.
3. Phishing, the hacker sends a message with a link to malicious websites, convinces to download software, and requests sensitive information through an e-mail that pretends to be from trusted sources.
4. Unsecure public WiFi, the hacker may spy in the middle and steal data during transmission between networks and our computer.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here