- This topic has 27 replies, 18 voices, and was last updated 2 years, 6 months ago by Weerada Trongtranonth.
-
AuthorPosts
-
-
2021-09-07 at 9:27 am #31187SaranathKeymaster
-
2021-09-15 at 11:41 pm #31333Auswin RojanasumapongParticipant
Some possible means an attacker could use to conduct a security attack
– Accessing someone’s system without their permission. For instance, access their PC directly, or quietly remote their PC from another device.
– Pretending to be someone by stealing their key to access the system or the personal information. For instance, guessing their password (brute-force, dictionary attack), stealing their password (phishing, keylogging, peeking when someone input their password)
– Sniffing or modifying someone’s data while it is transferring.
– Accessing the server that the data has been transferred by any means, such as accessing the server hardware without permission, guessing or stealing passwords for accessing the server by any means.
– Use software bugs or vulnerabilities to gain access to the system.-
2021-09-20 at 7:23 pm #31433Arwin Jerome Manalo OndaParticipant
Speaking of “pretending to be someone”, I once received a text message telling me that my parcel from the post office is waiting for delivery and I’m being asked to pay for the customs fee. To be fair, I was waiting for an international package to arrive so I didn’t raise any suspicions yet. The text message has a website link that when opened, it would redirect you to the post office website. The URL is not encrypted so I had my initial doubts proceeding. I then searched on Google for this type of potential scam and apparently, it was indeed a scam. Good thing some netizens post their experience and warns other people of the evolving scams.
-
2021-09-22 at 12:44 pm #31489Napisa Freya SawamiphakParticipant
Thanks for sharing. I have heard about it before. It is a postal fraud that happens often in Asia. Some people were asked to pay a fake tax, in order to get the (fake) packages. I guess the scammers know their personal online shipment/order plan by hacking the delivery company database and know that we are waiting for the delivery.
-
-
-
2021-09-16 at 10:14 pm #31344TARO KITAParticipant
The following are examples of possible means of security attack.
1. Theft of account ID and password by taking advantage of insiders’ lack of knowledge, ignorance, or misconduct,
2. Unauthorized access through the system vulnerability due to the use of old version of OS, antivirus software, or any other application, that is not properly updated,
3. In a system where firewall is not setup,
4. Through wireless LAN with multiple devices sharing the same network and no security measures in place. -
2021-09-17 at 6:01 am #31357SaranathKeymaster
Thanks! Let’s wait for others to respond.
-
2021-09-18 at 10:37 am #31394Sri Budi FajariyanParticipant
The attacker can do many terrible things, something that often happens in Indonesia is skimming on automated teller machines so that customers lose their savings. besides that in the last few months in Indonesia there have also been many attacks on whatsapp application accounts, this messaging application is very popular and used by almost all smartphone users in Indonesia so that many old people who do not understand technology are targeted. the attacker sends a message requesting account reactivation. after that the attacker will send a message to borrow money to the contact on whatsapp
-
2021-09-18 at 5:34 pm #31409Karina Dian LestariParticipant
There are some ways for people to attack the security such as:
– Breach into the server and stole all the stored data in the server
– Being an impostor, pretending to be an IT maintenance personnel that can solve computer problems and asking for credentials (ID, passwords, security key)
– Sending an email with link or attachment that has virus or malware with it
– Intercept data transfer between network and the sender to modify or damaging the data-
2021-09-22 at 8:00 pm #31523Auswin RojanasumapongParticipant
About being an imposter, I have heard the IT support scams that tried to call random home computer users that their PC is infected with a virus and they can help to clear the virus or speed up the PC. The victims called the scammer, and the scammer would tell the victims to open the remote system that the scammer can access the victims’ PC. After that, the scammer would go through the data and steal important information, (e.g. password, bank account information) lock the PC, and demand cash to unlock the PC or the data in the PC.
If the victims did not aware of this kind of scam, they would have to pay the scammers.
-
-
2021-09-19 at 3:38 pm #31425Arwin Jerome Manalo OndaParticipant
Attackers can do the following to launch security attacks:
1. Convince a user to unintentionally disclose login information through survey forms
2. Act as a company representative (e.g. support technician) to gain trust of the user to disclose pertinent information
3. Intentionally asking for answers to security questions (eg., name of your first pet, name of childhood bestfriend)
4. Ask the user to provide the generated OTP
5. Tampering of terminals (e.g., installation of skimming devices on ATMs) to extract sensitive information on bank cards
6. Gain physical access on devices secretly
7. Send installation tools (eg. flash drives, CDs) to user that when plugged to a computing device, it will automatically run and execute commands to hijack the system
8. Intentionally spoof URLs to make them similar to the original URLs (eg. facebook.com to facabook.com) -
2021-09-21 at 1:08 am #31446Tossapol PrapassaroParticipant
From my point of view, insider threats may be potential and unpredictable hackers. As far as I remember, there is the news that the employee, who was fired, exposed the company’s information, data, and deleted the essential files. And also, in the movie that the employee sold the company data to the business competitor.
-
2021-09-21 at 10:02 pm #31452Theekhathat HuapaiParticipant
Imagine that you are working with sensitive health records at a high-profile physical data center. The attacker wants to seize control of the system admin. There are various types of hacking such as
– Social engineering: the attacker act like a yearly external auditor asking an employee who is working closely with the system admin. This attacker wants to know what is the operating system of a data center.
– Physical attack: the attacker is pick locking a door of a server room to install a keylogger.
– Keylogging: intercept an admin password from a USB keyboard in the server room.
– Phishing: the attacker is sending an email to an employee to intercept a password for identity theft. And using stolen ID for sending another phishing e-mail.
– Rootkits: the attacker is using the admin’s password to install malicious in the systems and taking control of the server and clients to do whatever they want. DDoS,MitM,ransom.-
2021-09-22 at 6:02 pm #31513Napisa Freya SawamiphakParticipant
Keylogging sounds interesting for me. The hacker can easily access to all networks starting from here. Thank you for sharing.
-
-
2021-09-22 at 5:12 am #31457Navin PrasaiParticipant
Attackers use different methods like sending an attachment or links which are similar to the normal links or attachments and once the users open it affects the security as in fact they are malware. Likewise, Denial-of-Service(DoS), Phishing are other methods used by attackers. In DoS, attackers overwhelmed the server with many websites and in Phishing, they send emails by pretending trusted friends, relatives, or employees.
-
2021-09-22 at 5:52 am #31462SaranathKeymaster
Thanks everyone for your participation!
-
2021-09-22 at 1:38 pm #31490Napisa Freya SawamiphakParticipant
Insider threat: An insider who was resigned from the organization but still uses internal access to explore the organization’s data, purposefully storage the data in advance then leaks or sells it to outsiders. They may also contact the organization’s customers to trick them or request customers’ personal data. Some insiders may accidentally disclose the data by losing a work device.
Guessing password: Several organizations usually write the password down and place it near their computers/work devices for convenience. Some data systems are required password change every 3-6 months, but employees may use a similar password or use a common password with meaning (e.g. contain room number/department) or use their personal information (e.g. name/date of birth/favorite brand/anniversary date). This may increase the risk of attacks because the hacker can guess the individual’s password easily from the environment.
Pretend to be someone: I read one article before. The hacker pretended to be a customer of one company. He searched for one executive manager’s name on the company website (let’s say, Mr. A), called the central call center, mentioned that he lost Mr. A business card and Mr. A requested him to have a call with his team who manages ABC department but he couldn’t remember the name (Let’s say, Mr. B). The call center forwarded the phone to Mr. B. Then, the hacker told Mr. B that Mr. A forgot to send him one document and Mr. A asked him to contact Mr. B directly for support. Mr. B didn’t doubt it because the call was forwarded from the internal number (call center) and Mr. A was on leave at that time. Therefore, Mr.B sent the document to the hacker finally. There are several gaps here, internal employees can communicate within the organization to confirm this request but in this case, Mr.A was on leave, so the hacker could trick them easier. It sounds impossible but so interesting for me.
-
2021-09-23 at 12:06 am #31566Anawat ratchatornParticipant
I agree that “Insider threat” can be very harmful and unfortunately, it seems to happen very easy.
Nowadays, during COVID19 in particular, we use many application to communicate and organize our team, thus many important information are on these applications and it’s very easy for resigned employee to use this information in wrong way.
-
-
2021-09-23 at 12:14 am #31567Anawat ratchatornParticipant
If I have to think out of the box an as not an IT professional. First thing that come into my mind is to use “Forget your password” function. This function exists on many website and unfortunately some website is not design well in this function. We can get password with a few personal information. Nowadays, we can search for personal information on Google. Uploaded document such as recruitment results, test results, academic history, contains enough personal information to fill on “Forget your password” and make us can reach or reset victim’s password.
Traditional way to hack that I saw everyday in my hospital is physical hack. Many computer in many hospital that I used to work as a physician weren’t locked at all. Those computer were always ready to use. Although those computer require logging in with user authorization, it’s sometime lack of auto-lock-off function. Thus anyone walked around there can access to many information on that computer with no logging in needed.
-
2021-09-23 at 12:47 am #31571Tossapol PrapassaroParticipant
Yes, I think so. And some program has the “common password” that everyone knew, so everyone can access it easily.
-
2021-09-24 at 6:46 am #31611Ashaya.iParticipant
I agree, forget your password function is very easy to use, we can fill a few information and the reset password steps are not that complicate.
-
-
2021-09-23 at 3:09 pm #31599Pisit SaiwangjitParticipant
If I was about to steal certain confidential information, there were several ways to approach the goal. First, we can take advantage of people’s ignorance to retrieve their information. Some people tends to write their password down on the stick notes and attach to the computer or write down in their notebooks or cellular devices so we can exploit these to get their authentication to receive the confidential data. In addition, they are likely to set their passwords as a ‘easy-to-guess’ passwords such as their birthdays, their names, etc. which ease to get their authentication just to guess the password.
Second, we can steal their data by phishing. We trick someone to send their user accounts/passwords or secured information by pretending to be the trustworthy organization. Lastly, we can easily steal the organization information as their employee because as a employee we can directly access through the organization database if the organization has not limited the authorization. -
2021-09-23 at 10:08 pm #31601chanapongParticipant
Using public free WIFI named as a public or private organization, and some acquaintance people is vulnerability to your computer to be hacked. It is more secure when you use your cellular data when doing transactions or important matters.
The easily guessed passwords like “123456789” or date of birth are commonly used in present. The hackers may have to try passwords like these to unlock your computer.
Using other computers and act like the owner is possible means for the attacker to get your information. To prevent this event, having functions like automatically log out from a program or computer within setting time or requiring authentication before proceeding with the operation are suggested.
-
2021-09-24 at 6:53 am #31612Ashaya.iParticipant
Guessing the password is the first thing that pop up in my mind. It is the simplest thing, some of them will be occur with people who know each other so guessing is not that too difficult. In my workplace, there is the password that set as a default password, some of worker do not change because it may hard to remember so it easy to anyone to access the system and get some information that should not be disclosed.
-
2021-09-26 at 10:47 pm #31675Hazem AbouelfetouhParticipant
A hacker may use one of the following to hack or corrupt a system:
1- If a hacker has access to the physical server, He can cut the power or the internet cable!
2- If he knows someone has an account with high privilege, He can try to reset his password and check his mobile for OTP. Or install malware on his computer to capture all keyboard entries!
3- Maybe ask a user for his password on another less important system and use it as a start point to guess his password on another system.
4- Make a call to IT support from a user’s mobile ask to reset his password.
5- Hack a password-saving application on the user’s phone or computer. -
2021-09-28 at 12:28 am #31685Pimthong SinchaiParticipant
Some possible means that an attacker could use to conduct a security attack included;
– When unsuspecting users fall prey to phishing attempts and enter their login credentials on fake websites.
– Weak passwords and password reuse make credential exposure the way for initial attacker access the account.
– With setup/app server configuration not disabled, the hacker can determine hidden flaws, and this provides them with extra information.
– Missing encryption leads to sensitive information including credentials being transmitted either in plaintext, or using weak cryptographic ciphers or protocols.Thank you
-
2021-10-07 at 3:18 am #31936Weerada TrongtranonthParticipant
The basic way to hack the system without any technical skills is to guess passwords from basic information such as phone number, DOB, Name, or even email address. Since much people always set the weak password to avoid forgetting.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here