5 hacking techniques used by cyber attackers

Singapore's worst cyber attack affected 1.5 million of SingHealth's patients. PHOTO: THE NEW PAPER
Vincent Chang
Updated
Jul 22, 2018, 08:09 AM
Published
Jul 22, 2018, 05:00 AM

SOCIAL ENGINEERING

Targets the end-user, often cited as the weakest link in IT security. One of the most common types is phishing, which uses fraudulent e-mails or websites masquerading as trustworthy entities to trick users into giving up sensitive information.

Prevention: Users can be taught to verify e-mails and websites before giving their information.

MALWARE

Malicious software such as viruses that can infect your system. They can infiltrate via the Web browser or through apps downloaded from unofficial websites or stores.

Prevention: Download apps only from reputable websites and app stores. Refrain from clicking on pop-ups. Have antivirus software to detect and block malware.

DENIAL OF SERVICE

Take down a website or server by flooding it with resource-intensive requests. It could also be used to trigger software bugs that may lead to attackers gaining control of the affected hardware or application.

A Distributed Denial of Service (DDoS) attack uses numerous computers (botnets) to generate sufficient network traffic to overwhelm a server or website and prevent legitimate users from accessing it. It can be used as a diversion to tie up security teams while attempting another form of cyber attack.

Prevention: Third-party DDoS protection services can mitigate the impact of these attacks by inspecting incoming network traffic and filtering legitimate traffic from that of botnets.

ZERO-DAY ATTACK

Exploits new or unpublished security vulnerabilities in computer software that have yet to be fixed. Often used by nation-state actors that have the technical capability to find and stockpile these bugs to use when required.

Prevention: Be diligent in updating the software to fix bugs. But not much can be done for security bugs that are unknown to everyone except the hacker.

MAN IN THE MIDDLE

Attacks that intercept the data between sender and recipient in order to read or alter the data sent to either party. May be used to record confidential information or trick users into installing malware.

Prevention: Avoid public Wi-Fi hot spots. Use virtual private networks to encrypt network data.

Related Stories
SingHealth database hackers have targeted other systems here since at least 2017: Symantec
Data leaks are serious business and other lessons to learn from SingHealth breach
Tiered model of Internet access being considered for public healthcare sector, says Gan Kim Yong
11 critical sectors to shore up defences in response to SingHealth COI report: Iswaran
Organisations must prepare for cyber breaches, as if already under attack: SingHealth COI chair
COI on SingHealth cyber attack: Change the way security incidents are reported, says CSA chief
SingHealth COI: Communication problems hampered data breach response, says expert witness

Join ST's WhatsApp Channel and get the latest news and must-reads.

A version of this article appeared in the print edition of The Sunday Times on July 22, 2018, with the headline 5 hacking techniques used by cyber attackers. Subscribe

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top