Innovators and visionaries are two types of experts in cybersecurity. These experts build different cyber domains of the Internet. They have the capability to find the power of data and bind it. They provide service for cybersecurity and build special organizations for these services.
These organizations provide protection services to people from cyber attacks. These professionals must find threats and vulnerabilities because these are the main concern of cybersecurity professionals. Two situations are critical:
- When there is the possibility of a threat.
- When vulnerability makes a target at risk of an attack.
For example data in the unauthorized person can result in privacy loss for the owners and affect the credit of the owner and the career of the owner can be at risk. Google, Facebook, school, hospital, financial and government agencies, and e-commerce facing the greatest risks for identity theft.
Large organizations like Google have a resource to hire top cybersecurity professionals to protect their servers and data. Many organizations build databases containing personal information about the clients and people and they need cybersecurity professionals, so the demand for cybersecurity professionals is increased today. Cyber threats are unsafe for certain industries and the records they must keep up.
Types of Personal Records
The following are some examples of personal records that come from a few sources only.
Thieves can sell personal health information on the Internet black market. They can use personal medical credentials to get medical services and devices for themselves and others, or bill insurance companies for phantom services in your name.
The electronic health record (HER ) of patients includes physical health, mental health, and other personal information that may not be medically related. For example, the person goes to a checkup as a child because of major changes in the family. This will be somewhere in his medical history, so with a medical history and personal information, the record may also include information about that person’s family. Several laws shielding patient records.
Many medical devices use the cloud platform to enable wireless transfer, storage, and display of clinical data like heart rates, blood pressures, and blood sugars. These medical devices can produce, a huge amount of clinical data that can become part of a medical record.
The Education records which include grades, test scores, attendance, courses taken, awards, degrees awarded, and disciplinary reports. With the education record, there may also include contact information, health and vaccination records, and special education records, including individualized education programs (IEPs).
Employment and Financial Records
Employment records also include personal information, salary, and insurance information. Financial records are very attractive data for cybercriminals. This record may include information about income, expenditures, and credit card data. Tax records could include paycheck stubs, credit card statements, credit rating, and banking information. Cybercriminals can use their credit cards for purchasing or selling on the black market.
The information about access to the online system is very valuable on the black market. This the habit of a human using the same password for online accounts. So if someone manages to get hold of your Facebook password or email password then they will mainly be able to login into any of your accounts.
Threats to Internet Services
There are many necessary technical services needed for operating the internet. The required services are routing, addressing, domain naming, and database management. Without these services, the internet is not possible. These services of the internet are also primary targets for cybercriminals.
Cybercriminals use a different technique to capture data stream over a network. These techniques put in danger all sensitive data, like username, password, and credit card information.
These techniques included botnets, DDoS, hacking, malware, pharming, phishing, ransomware, spam, DNS Spoofing, and Man-in-the-Middle also. Criminals also used these techniques for monitoring and recording all information coming across a network. Following is a short explanation of the above technique.
Botnets are largely undetected because it collects software robots, or ‘bots’; that creates a group of infected computers known as “zombies”. Zombies have remotely controlled by its originator. You may one of them and you may not even know it
Distributed denial-of-service (DDoS)
A distributed denial-of-service attack or a DDoS attack is an attack when an infected user gets a network of zombie computers to sabotage a specific website or server.
The attack occurs when the malicious user tells all the zombie computers to connect to a particular server or a website again and again. That increases the volume of traffic on that specific server or a website resulting in overloading that slows the server and website for legitimate users; sometimes the website or server shuts down completely.
By using a malicious user computer the attacker also can take advantage of security vulnerabilities and weaknesses and could take control of your computer. The attacks are “distributed” because the attacker is using several computers to launch the denial-of-service attacks.
Hacking is an expression used to explain actions taken by someone to gain unauthorized access to a computer. This is a process by which cybercriminals gain access to any computer connected to the internet.
Pharming is another type of online fraud. It’s mean to point the user to a malicious and illegitimate website and redirecting the legitimate URL to a fake website even the entered address is correct.
Phishing is easy to execute and it required very little effort therefore many cybercriminals use phishing. Criminals sent fake emails, text messages, and created a website looking authentic. They use email, messages, and websites to steal personal and financial information from users. This is spoofing.
Ransomware restricts access to the user’s own computer and files. It is a type of malware that displays a message and demand payment to remove restrictions from the computer and files. The email has a malicious attachment and pop-up advertisement is the most common type of ransomware infection.
Spam is another common method of sending information out and collecting it from unsuspecting people. The spam distributes unsolicited messages; advertising or pornography to the addresses that are easily available on the Internet through like social sites; company websites and personal blogs.
This technique is also used to associate with phishing in trying to steal information. Domain Name Service (DNS) translates an IP address into name and Domain name into IP address; such as www.networkustad.com, into its numerical IP address and vice versa.
If a DNS server does not know the IP address of the required domain, it will ask another DNS server. Using DNS spoofing, the cybercriminal introduces fake data into a DNS resolver’s cache. These attacks develop a weakness in the software of the DNS system that causes the DNS servers to send traffic for a particular domain to the criminal’s computer; instead of the valid owner of the domain.
They also use irregular devices, such as unsecured Wi-Fi devices and access points. If the criminal installs unsecured Wi-Fi near a public place; unsuspecting people may sign in to these devices and the packet sniffer copies their personal information.
Packets forgery or packet injection interferes with established network communication by constructing packets to become visible just they are the part of communication. It allows a criminal to interrupt or catch real packets. With this process; a criminal can hijack an authorized connection or denies an authorized person able to use assured network services. This is a man-in-the-middle attack.