Safe Internet thought “You Ought to know…”
…some key threats in cyber security after attending SINET’s “Bridging the Gaps in Our Nation's Cyber Security: Connecting Leadership, Innovation and Policy."
At SINET’s conference last week, we sat attended the first panel “The Situation: Report from the Front Lines - A Non‘Beltway’ Perspective.” One of the panelists, Jerry Archer, Chief Information Security Officer of Intuit, Inc., mentioned some cyber security threats that we think you ought to know about...
- Pharming – When a hacker's attack redirects a web site's traffic to another “bogus” web site. A hacker can do this by changing the host’s file on a victim’s computer or by exploitating a vulnerability in DNS server (the computers responsible for transcribing Internet names into their real addresses) software.
Hackers use this to get access to credentials like user names and passwords. This is a major contributor to online identity theft and causes major concerns for businesses that have e-commerce and online banking sites.
- Phishing – The attempt to access credentials like usernames, passwords and credit card details by pretending to be an authentic electronic communication. This isusually through an e-mail or instant message that directs you to a fake web site.
- BotNets – Term for software robots, or bots, that run autonomously and automatically and become installed on your computer by web browser vulnerabilities like: worms, Trojan horses, viruses, or backdoors. Once installed on your computer the individual who created the “botnet” can control the group and your computer remotely.
- DDoS Attack – Short for distributed denial-of-service attack. This is an attempt to make a computer resource unavailable to its intended user. Typically the goal is to prevent an Internet site or service from functioning efficiently or at all. The targets of these attacks are usually sites or services hosted on high-profile web servers such as banks, credit card payment gateways and even root nameservers.
- Script Kiddies – Term used to describe those who use scripts or programs developed by others to attack computer systems and networks. It usually applies to juveniles who don’t know how to create their own hacking programs but want impress their friends or gain credibility in computer-enthusiast communities.
Readers – we’re looking for some good web sites to provide you so you can have regular updates about the Pharming and Phishing scams currently out there – so all of us will be in the know – stay tuned!