Clearly some people are at risk, so how do you know if you are one of them?
Hackers usually choose easy and lucrative targets.
Criminal hackers like small business that have weak information security.
Ransomware, which is rampant against these targets, is particularly devastating because they often don’t have the technical staff to recover and many think about, or resort to paying the ransom.
As with most things, hackers can accomplish more in a group than they can on their own.
There are a few ways hackers crack passwords. The first is brute force guessing. This involves running a program that rapidly guesses multiple potential passwords to see if anything works. By default, these programs try the most common passwords, but savvy targets may avoid this pitfall.
To get around this, attackers will gather open source intelligence (OSINT) on their target, checking things like social media profiles or public records, to get an idea for the keywords the target’s password might contain. Once these are identified, the attacker configures cracking software to mix these keywords into the guessed passwords.
The second password-based attack method is taking advantage of previously breached accounts or users who repurpose passwords.
Trojans masquerade as innocuous software, files or URLs that the target is likely to seek out or accept blindly. Targets who want what appears to be offered often lower their guard. Most attackers will exploit a vulnerability that already is known to exist, but users may not have patched.
Last (at least in this high-level overview), but not least in black hat tradecraft is the man-in-the-middle (MITM) attack.
This is one of the more aggressive but more effective assaults that malicious hackers can carry out, because they literally get between their target’s device and all communication channels. Attackers might take MITM attacks to the next level by compromising a device on your network like a wireless router or Internet of Things appliance.
Once malicious hackers take over, they see much of what you’re doing on the network, and often can get between you and the Internet through tricks like ARP (Address Resolution Protocol) spoofing, which fools your computer into passing your Internet traffic through the infected device. The only way to spot something like this is to review your ARP table. Have you checked your ARP table recently? Exactly.
Password managers and immense benefits.
Your best line of defense is to bolster your passwords with a password manager. This simple program creates an encrypted file with all your account passwords inside, and opens it only when a master password is entered. With them, every password can be unique, preventing attackers from retrying passwords successfully. They also allow you to create highly random passwords for each account, obviating dictionary-driven brute force attacks.
A Firewall Helps you Monitor and Block IP’s.
A firewall is a network security system, monitoring & controlling incoming and outgoing network traffic. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, based on security rules.
Scrutinize all messages you receive.
As social engineering exploits natural human tendencies, there is no single tool or cognitive heuristic that defeats it.
Before you respond to a message or comply with its directives, always perform some kind of sanity check that validates that the message is from the party it claims to be from.
Files are a common vehicle for destructive trojans. With that in mind, be careful with the files you handle. Anti-virus and Malware detection is not perfrct and much of what happens to your computer will be a consequence of your actions, so think, before.. clicking.