24 security threats that all IT staff should know about

As more of our lives become connected to the internet, threats to our private data and computer systems increase.

Last week we discussed dedicated Information Security careers, the employment prospects, and what you’ll need to secure a job. However, understanding network, computer, and data security is vital in any IT position. You need to know what the threats are, how to prevent them, how to fix them and be willing to stay on top of the latest IT security news.

Hacking is when your computer, database, or website, is accessed without permission. The person who attacks your system is called a hacker, who may change the system’s security to accomplish a variety of goals. In the past, we have looked at cybersecurity breaches. Below are 24 security threats that people working in IT need to know about.

it-security-threats-1

Threats to individual computers

Where there are computers, there are security threats. A virus is a malicious program that replicates itself with the aim to destroy a computer so it can not be used again. Viruses can be spread through any document, so it is recommended that you never open attachments from people you don’t know and install virus scanners on your chosen email. Viruses were more popular a decade ago, but have been overtaken by malware because of its ransom capabilities.

Malware comes in a variety of forms but involves taking control of a computer system for the hackers end goal. In ransomware, this involves locking a computer system so that it cannot be used until a specified ransom amount has been paid. Spyware, as its name implies, is used to spy on a computer. The information the spyware collects can then be used by a hacker to create targeted ransomware.

When you are infected with scareware or fake AV, you will see notifications for computer infections even though you don’t have them in a bid to get you to buy fake software to contain the threat. Likewise, adware involves multiple pop up advertisements appearing on your computer, which is more annoying than threatening.

If someone uses malware to take over your computer and commit a crime, then it is called crimeware. In this case, a Trojan or other malware is installed on the computer so it appears that you are the person committing the crime, instead of the attacker. A Trojan sits undetected on your computer and steals information from within your computer system. Some Trojans include a keylogger, which can also be installed separately and logs your keyboard use in order to steal your personal information.

Computer bugs are glitches in the computer system created by problems in the coding. These are usually more annoying than dangerous, but in the case of Microsoft XP recently a  glitch can become an avenue for hackers to gain access to user software. When this is deliberately replicated to make transferring viruses or Trojans easier it is known as a backdoor.order to steal your usernames and passwords. Exploits also take advantage of software bugs, finding vulnerabilities in your programs in order to gain access to your computer.

Worms are designed to spread throughout from computer to computer throughout your network. While they are relatively harmless, they will take up lots of disk space. Wabbits also replicate themselves within your computer but do so to create a form of denial of service (DoS) attack (see below). A botnet infection can also result in large-scale DoS attacks, but in this case where a single person controls multiple bots in different infected computers.

Rise in online threats

Websites are always at risk of hacking, which can cause wide-scale disruption to service. A Denial of Service (DoS) attack is when a website server is inundated with traffic and the server is overloaded, so the website shuts down. This can result in the disabling of security features that can enable hackers to steal data. DoS attacks can happen accidentally, as occurred in Australia during their national census, or as an arranged bombardment, such as the one John Oliver created against the U.S. Federal Communications Commission.

A phishing attack is when a fake website or email looks exactly like the real thing in order to steal your personal details, such as usernames, passwords, and banking information. This often occurs with financial institutions such as banks and PayPal. Pharming works the same, but instead of using other organizations’ details to trick you, it hijacks your DNS and diverts all your website traffic to another, external site. Browser hijacking is even more dangerous than phishing and pharming because it uses a Trojan to take control of your browsing session and change the destination of money transferred via online banking.

An SQL Injection is a virus that infects websites rather than computers. It gains access to steal any private information stored on the website database. Mousetrapping is when you visit a webpage only to be diverted to a completely different site. You navigate back and it still redirects you back to that annoying product promotion you just know is going to be malware if you click on it. Sometimes, it will be able to set itself as your homepage when quit your browser in despair.

Threats to new technology

The rise of the Internet of Things (IoT) involves everyday household items being connected via wifi internet. While the IoT has created some amazing innovation, it has also made hacking a whole lot easier. Because it is everyday objects that are connected, users are often more lax with security, updates, and passwords, making hacking a more straightforward process.

Bluetooth technology has its own threats. Bluesnarfing Is when a hacker gains access to your cell phone or laptop via Bluetooth. This unauthorized access allows them to steal all the personal information and files on your device. Less threatening is Bluejacking, which uses your Bluetooth connection to send information to another device with Bluetooth, but doesn’t necessarily access your personal data.

If you work on a help desk, IT support, network administrator or in information security you need to be able to diagnose and treat all of the problems outlined above. CCI Training’s IT Security Fundamentals course, along with the others within its Computer & Network Administrator Program, provides you with an understanding of IT security issues. For more information, fill out the form on this page and we’ll be in touch.