Ethical hacking
4
Jul

Ethical Hacking Like Never Before!

From identity theft to financial disruption, black hat hackers seem to be constantly wreaking havoc, regardless of who is affected. To combat these malicious attackers, we have white-hat hackers who, using the same skills as a hostile hacker, find vulnerabilities in a system, so that those vulnerabilities can be patched. These white hat hackers are popularly known as— Ethical Hackers!

Through the ages technology is constantly evolving, creating space for developments, both good and bad. For an ethical hacker to truly combat a malicious hacker, they must have access, and more importantly, must understand the latest tools and techniques in the hacking world.

Skills That a White-Hat Hacker Needs to Even the Field

1. IoT Hacking

The adoption of Internet of Things (IoT) technology has raised many security queries over the years and has initiated a numerous amount of new cybersecurity threats. While the Mirai Botnet is the most memorable IoT-based cyber-attack, so far, there have been many more IoT-based cyber-attacks happening around us:

There was a clear case of data exfiltration in an unnamed North American casino where hackers managed to transfer data to a device in Finland, through an internet-connected thermometer from an aquarium in the lobby.[2]

A study of the sudden spike in activity of an architectural firm lead to the observation that the drawing pads used by the designers of the company, were being hacked. This denial-of-service attack ensued as the default login credentials of these devices were left unchanged. The hacker identified this vulnerability and exploited the devices, distributing data to websites all around the world. [2]

In 2015, a team of researchers managed to hack and take control of a Jeep SUV using various entry points. The first infiltration was through the car’s Wi-Fi where they finally took control of the head unit’s system. They then further researched and found that the vehicle could also be infiltrated through its CAN bus to control the steering wheel, brakes, windshield wipers, door locks, engine, and much more, all over the Sprint cellular network.[3]

With the number of IoT connected devices to increase from 10.3 billion in 2014 to 29.5 billion in 2020[4], it is essential that cybersecurity professionals contain the right skill-set to fight IoT hackers.

2. Vulnerability Assessment

Vulnerability assessments scan networks for vulnerabilities and security flaws in an organization’s infrastructure. These identified loopholes are then used by attackers to further exploit the network.

At the same time, vulnerability assessments are conducted to strengthen one’s security from internal and external cyber attackers. Through an assessment, an organization can gauge the requirement for updated anti-virus software and firewalls, check configurations, troubleshoot hardware with default configurations, and much more.

3. Cloud Computing

The implementation of cloud computing in many organizations has issued unmatched benefits, bringing each organization a step closer to digital transformation. However, this could also mean that huge amounts of data are left unprotected.

The cloud is what many hackers consider to be a supply of unlimited treasures as thousands of passwords, bank account details, and social security numbers are stored on it. Many major data breaches have been implemented due to security flaws in the cloud, such as the Dropbox hack which led to the leak of over 68 million user passwords and IDs[5] , or worse, the Yahoo hack that affected 3 billion Yahoo users[6]. In fact, the number of attacks on cloud-based accounts has increased by 300%, according to Microsoft’s Security and Intelligence report.[7]

4. Artificial Intelligence and Machine Learning

Artificial intelligence is often viewed as a double-edged sword, used by criminals and white-hat hackers alike. Increased advancements in technology, such as self-driven cars, language translators, and big data, often equals increased cyber-threats such as social engineering, ransomware, phishing, botnets, etc.

Using artificial intelligence and machine learning to identify vulnerabilities and security flaws is a faster solution to defending systems against various cyber-attacks that a normal anti-virus scan cannot normally detect.

Both artificial intelligence and machine learning are now being used by many industries to detect cyber-threats[8] from large amounts of data, collected by organizations.

5. RansomwareEthical Hacking

Ransomware has been on the scene for over a decade but does not seem to be showing any signs of slowing down, in fact, it is quite the opposite. With 39% of malware attacks in 2017 being ransomware[9] and a 253% rise in mobile ransomware attacks[10] it is becoming quite obvious that unless drastic measures are taken, this epiderm is not going to die down.

Cyber criminals have found some creative ways to spread ransomware attacks using phishing techniques, existing botnets, and “free software”. The invention of cryptocurrency has only made it easier for malicious attackers to cover their tracks.

6. IoT Botnets

A botnet is a collection of internet-connected devices, whether it is PCs or mobiles. These devices can be accessed remotely and is set up to transmit malware to other computers on the internet. However, the Internet of Things does not comprise of solely computer systems but includes household appliances, automobiles, hospital equipment, and smart home devices.

Mirai botnet, a malware that turns networked devices into remotely controlled bots was the largest DDoS attack launched using an IoT botnet. The botnet was first found in 2016, targeting online devices such as IP cameras and home routers. This attack targeted huge portions of the internet, including Twitter, the Guardian, Netflix, Reddit, and CNN.

7. Android Malware

Android malware has increased from half a million in 2013 to 3.5 million in 2017[11]. Over the last few years, the main threat to Android users has been rooting malware, exploiting system vulnerabilities to the extent where the malware was able to reset the device’s factory setting so that the device is unable to get rid of the malware.

Other android malware attacks include phishing attacks where a Trojan overlays the application’s interface to collect card details on hotel, taxi, and ticket booking apps; new WAP Trojans were discovered where the malware visited pages with WAP subscriptions, using the money from the user’s mobile account.

8. Banking/Financial Malware

Although ransomware is viewed as the biggest threat in the cyberspace, the financial threat space is 2.5 times bigger than that.[12] Banking trojans like the Zeus (Zbot), that captured credentials through keylogging, form grabbing, and the injection of additional HTML on legitimate banking websites, became the foundation of many other banking trojans from Gameover Zeus to Floki Bot.

The 10th edition of the Certified Ethical Hacker (C|EH v10) by EC-Council was unveiled at the “Scaling the Unscalable Mountain of Cyber Capability” webinar, affirming its status as the “world’s best ethical hacking certification course”.[1] To learn more about C|EH, visit http://bit.ly/2HIvsg8


Sources:

  1. https://www.csoonline.com/article/3230444/certifications/the-best-ethical-hacking-courses-and-certifications.html
  2. https://www.darktrace.com/resources/wp-global-threat-report-2017.pdf
  3. https://securityintelligence.com/eight-crazy-hacks-the-worst-and-weirdest-data-breaches-of-2015/
  4. https://www.mckinsey.com/~/media/McKinsey/Business%20Functions/McKinsey%20Digital/Our%20Insights/The%20Internet%20of%20Things%20The%20value%20of%20digitizing%20the%20physical%20world/The-Internet-of-things-Mapping-the-value-beyond-the-hype.ashx
  5. https://www.theguardian.com/technology/2016/aug/31/dropbox-hack-passwords-68m-data-breach
  6. http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html
  7. https://www.microsoft.com/en-us/security/Intelligence-report
  8. https://www.gartner.com/newsroom/id/3731817
  9. https://www.gdatasoftware.com/blog/2017/04/29666-malware-trends-2017
  10. https://www.techrepublic.com/article/ransomware-reigns-supreme-in-2018-as-phishing-attacks-continue-to-trick-employees/
  11. https://www.techrepublic.com/article/report-mobile-ransomware-attacks-soared-in-2017-up-250-in-q1/
  12. https://nakedsecurity.sophos.com/2017/11/07/2018-malware-forecast-the-onward-march-of-android-malware/
write-for-ec-council
Write for Us