Friday, January 30, 2015

Phishing, botnets and DDoS attacks

Phishing, botnets and DDoS attacks are the most feared trio by companies and users while it is the most used by cybercrime.

You get up in the morning and check your emails while the coffee is heating. Wow, that a Russian girl wants to meet you! A high Nigerian representative has died with no family and chosen you as his heir! You need to change your iCloud password now! Check that your data on an .exe file attachment are correct to deliver you a lottery prize which you didn’t even played! There several hooks to lead a victim to give up his data, access fraudulent websites or open malicious files.
Do you know how to find out if a communication is legitimate or it is a phishing campaign?
So you opened such file which encourage you to download a plugin. Congratulations! You became part of a botnet, which will use your device for harmful purposes, ranging from stealing personal data to use your Internet connection to perform DDoS attacks. Sorry my friend! The bad boys have the control of  your computer or cell phone so they can use it at will.

In fact, denial-of-service attacks terrify online services providers. According to Kaspersky, a simple DDoS attack costs an average of $ 450,000 for companies. Not to mention the impact on its reputation towards .

While you're quiet. The computer may go even faster, and besides, you're glad to see that WhatsApp finally has a web service. Enter it and you realize (maybe) that something is wrong. As recently demonstrated Indrajeet Bhuyan, a boy of 17, WhatsApp Web has two vulnerabilities. One of them allows someone to obtain the profile picture of any user (whether or not is one of your contacts). The other one could be used for maintaining audiovisual content on the computer itself, despite it has been deleted on the mobile client.

Now you switch off your device and go to the mall, where you are meeting up some friends for shopping. At some moment in the evening you decide to take a selfie and tweet it. Well doing this, both cybercriminals as some ogf the stores around there might be able to recognize you by crossing meta and shopping data with social networking, achieving up to 90% efficiency.

If this were not enough, the US Army is testing a new way to identify people. It has nothing to do with passwords or biometrics. It regards your habits in front of a keyboard, mouse or touch screen, which are unique to each individual. Thus they could put you a name wherever you are, with no need to even launch a phishing attack, add you to a botnet, or use your device whatsoever.

This is technology used for the worst intentions. Are you ready?


Post a Comment