HackDig : Dig high-quality web security articles for hacker

Major Ways of Stealing Sensitive Data

2017-10-31 23:55

Description:

There are various methods that hackers use to steal sensitive data:

  1. Packet sniffing –
    Packet sniffing, also known as packet analyzing, captures data from computer networks. The instruments that are typically used by system professionals too are the packet sniffers and protocol analyzers.

    For example, if you deploy communications protocol sites, then all the info that’s transmitted over the network is in clear-text, and it may be sniffed employing a tool like Wireshark.

  2. Keyloggers – One of the most common ways of stealing data is by using Keyloggers. Though keyloggers are not like other malicious tools as it does not pose any threats to the system. However, it might be a significant threat to the users. Once it is installed in the device, a keylogger logs all the keystrokes that you are using on your keyboard. The attacker will then have the log file created by the keylogger which will then be covertly transmitted back to engage into a potential attack.

    Keyloggers let the attackers to steal information/data from internet browsers, FTP applications, and passwords to online gaming accounts, instant texting apps, password managers, as well as all kinds of sensitive knowledge.

  3. Auto-complete – Browsers have a feature to recollect the recently used internet addresses, web entries, usernames, and passwords. Once a user starts writing, the browser suggests available matches like “Auto-complete “or “Remember Passwords” in Firefox, for example. If a browser is organized for “Auto-complete settings/Remember Passwords” to recollect the username and password, then each time a user logs into the appliance, the browser asks the user to remember the password. If the user had accidentally or advisedly clicked “Yes,” an attacker (if he has access to the system) will log in with the “remembered” password of the previous user. The browser stores the saved password either as clear-text or in a format that is simply reversible.

    For example, let’s say you log into your Facebook account. You see a small prompt somewhere at the corner of the page where it will ask you to remember your credentials.
    You may think about it as a useful feature as you are a frequent user and you would not need to enter your credentials repeatedly.

    Since Facebook is a popular website for the Cyber attacker to hack into, there is an excellent chance that in these instances your password will be hijacked. As a result, your account will be compromised and 100% available to the Cyber attacker.

    Ethical Hacking Training – Resources (InfoSec)

  4. Browser memory leaks – The browser remembers all the requests it is created, all the pages you visit, etc. The browser’s memory may be browsed using memory-reading tools like WinHex, which is readily available to the Cyber attacker.
  5. Exploiting a system in LAN – If you have a unpatched UNIX or Windows Operating system, an attacker in the network may scan the network and exploit the vulnerability to get Remote code execution on the system. Once an attacker has access to your system, he can easily read all your files, gain sensitive data and elevate credits and gain admin access on your system.
  6. Default / weak credentials – If you have configured weak passwords for login, and using the same password for all the accounts then beware you are at greater risk. An attacker may capture your password to gain sensitive data.

    You can refer the article
    http://resources.infosecinstitute.com/steps-make-stronger-passwords/ to know more about weak passwords, their hazards, and solutions.

Effects:

  1. Once you communicate over unencrypted channels, you risk your credentials and different sensitive data of getting sniffed and compromised.
  2. On a company level, sensitive data exposure can be a massive loss for the business or corporation and could result in financial ruin. Consider the business price of the lost data and impact to your overall reputation with your customers.
  3. Keyloggers may be used as tools in industrial spying. An example of this is accessing data which can have proprietary data and classified government material.

Solutions:

  1. Avoid using websites that doesn’t the support HTTPs protocol.
  2. Be careful in checking the contents and authenticity of your e-mails. Keep your anti-virus software updated.
  3. Avoid using the auto-complete feature in your web browser.
  4. Make sure your browser is completely closed after you are done browsing an internet site. Merely logging out isn’t enough.
  5. You can create a guest account for other people to use your device so that your credentials and sensitive data remain safe. Also, you can use password managers to help maintain and support all your passwords. It can also be used to create long and complex passwords which are difficult to crack.
  6. Avoid visiting cyber cafés or using public computers, as their hotspots are publicly available and thus, are not secure. This is especially true when accessing your financial data.

Good reads:


Source: /atad-evitisnes-gnilaets-syaw-rojam/moc.etutitsnicesofni.secruoser

Read:747 | Comments:0 | Tags:Computer Forensics Investigations Hacking

“Major Ways of Stealing Sensitive Data”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud