8 Most Common Cybersecurity Threats | Types of Cyber Attacks | Cybersecurity for Beginners | Edureka

00:22:04
https://www.youtube.com/watch?v=Dk-ZqQ-bfy4

Summary

TLDRThe video discusses eight significant cybersecurity threats, including malware, phishing, password attacks, DDoS attacks, man-in-the-middle attacks, drive-by downloads, malvertising, and rogue software. Each threat is outlined with an explanation of how it functions and provides insights into protective measures. The video emphasizes the critical nature of cybersecurity awareness, detailing specific strategies like maintaining up-to-date software, recognizing phishing attempts, employing strong password practices, and utilizing secure connections. By educating viewers on these threats, the video aims to enhance understanding and security in an increasingly interconnected digital landscape.

Takeaways

  • 🛡️ Cybersecurity awareness is crucial for individuals and businesses.
  • 💻 Malware is a significant threat that can cause data breaches.
  • 📧 Phishing attacks often pose as legitimate requests for personal information.
  • 🔑 Protect your passwords using strong, non-dictionary based phrases.
  • 🚀 DDoS attacks aim to overload services, causing disruptions.
  • 🔍 Man-in-the-middle attacks can compromise sensitive communications.
  • 🌐 Drive-by downloads exploit unpatched security flaws on websites.
  • 📢 Malvertising involves infected ads that can harm devices.
  • 🔍 Rogue software tricks users into paying for fake virus protection.

Timeline

  • 00:00:00 - 00:05:00

    The session introduces cybersecurity threats, highlighting the correlation between increased internet connectivity and the rise of cyber vulnerabilities. It sets the stage for discussing eight common cybersecurity threats and their prevention methods, emphasizing the need for education on these attacks.

  • 00:05:00 - 00:10:00

    The video showcases real-time examples of ongoing cyber attacks using Threat Cloud, illustrating the global scale of cybercrime. It begins with malware, explaining its various forms, including viruses, Trojans, and worms, detailing how they infiltrate systems and emphasizing the importance of security measures such as updated firewalls and operating systems to combat malware.

  • 00:10:00 - 00:15:00

    Next, phishing is defined as deceptive attacks that mimic legitimate requests for personal data, often through emails. The process of phishing is broken down into planning, execution, and theft of information. Awareness of phishing characteristics is essential for prevention, including scrutinizing email sources and avoiding suspicious links.

  • 00:15:00 - 00:22:04

    Password attacks are explored as attempts to gain unauthorized access through methods like brute-force attacks and keylogging. The segment outlines how password vulnerabilities can lead to serious breaches, urging the use of strong, non-dictionary-based passwords and multi-factor authentication to enhance security measures.

Show more

Mind Map

Video Q&A

  • How can you safeguard against man-in-the-middle attacks?

    Using encrypted connections and VPNs helps protect against these attacks.

  • What preventative measures can help against these cybersecurity threats?

    Regularly update software, use firewalls, and maintain strong passwords.

View more video summaries

Get instant access to free YouTube video summaries powered by AI!
Subtitles
en
Auto Scroll:
  • 00:00:00
    [Music]
  • 00:00:06
    just as pollution was a side effect of
  • 00:00:09
    the Industrial Revolution so are the
  • 00:00:11
    many security vulnerabilities that come
  • 00:00:13
    with the increased Internet connectivity
  • 00:00:14
    cyber attacks are exploitations of those
  • 00:00:17
    vulnerabilities for the most part
  • 00:00:19
    individuals and businesses have found
  • 00:00:21
    ways to counter cyber attacks using a
  • 00:00:23
    variety of security measures and just
  • 00:00:26
    good old common sense hi guys my name is
  • 00:00:28
    Aria and today's session is all about
  • 00:00:30
    cyber security threats we are going to
  • 00:00:32
    examine eight of the most common cyber
  • 00:00:34
    security threats that your business
  • 00:00:36
    could face and the ways to avoid them so
  • 00:00:39
    before we actually jump into the session
  • 00:00:40
    let me give you how the session will
  • 00:00:42
    actually work we are going to discuss
  • 00:00:44
    the most eight common cyber threats
  • 00:00:46
    we're going to discuss in particular
  • 00:00:47
    what they are how the threat works and
  • 00:00:49
    how to protect yourself okay so now
  • 00:00:52
    let's jump in now cyber attacks are
  • 00:00:54
    taking place all the time even as we
  • 00:00:56
    speak
  • 00:00:57
    the security of some organization big or
  • 00:00:59
    small is being compromised for example
  • 00:01:02
    if you visit the site out here that is
  • 00:01:04
    threat cloud you can actually view all
  • 00:01:06
    the cyber attacks that are actually
  • 00:01:08
    happening right now let me just give you
  • 00:01:10
    a quick demonstration of how that looks
  • 00:01:12
    like okay so as you guys can see out
  • 00:01:14
    here these are all the places that are
  • 00:01:17
    being compromised right now the red
  • 00:01:18
    parts actually show us the part that is
  • 00:01:21
    being compromised and the yellow places
  • 00:01:24
    actually show us from where it's being
  • 00:01:26
    compromised strong ok as you guys can
  • 00:01:28
    see now that someone from the
  • 00:01:30
    Netherlands is actually attacking this
  • 00:01:32
    place and someone from USA was attacked
  • 00:01:34
    in Mexico it's a pretty interesting site
  • 00:01:36
    and actually gives you a scale of how
  • 00:01:38
    many cyber attacks are actually
  • 00:01:39
    happening all the time in the world
  • 00:01:41
    ok now getting back I think looking at
  • 00:01:43
    all these types of cyber attacks it's
  • 00:01:45
    only necessary that we educate ourselves
  • 00:01:47
    about all the types of cyber threats
  • 00:01:49
    that we have so these are the 8 cyber
  • 00:01:52
    threats that we are going to be
  • 00:01:53
    discussing today firstly we're going to
  • 00:01:55
    start with malware so malware is an
  • 00:01:58
    all-encompassing term for a variety of
  • 00:02:00
    cyber attacks including Trojans viruses
  • 00:02:03
    and bombs malware is simply defined as
  • 00:02:06
    code with malicious intent that
  • 00:02:08
    typically steals data or destroy
  • 00:02:10
    something on the computer the way
  • 00:02:12
    malware
  • 00:02:13
    about doing its damage can be helpful in
  • 00:02:15
    categorizing what kind of malware you
  • 00:02:17
    are dealing with so let's discuss it so
  • 00:02:19
    first of all viruses like the biological
  • 00:02:22
    namesakes viruses attach themselves to
  • 00:02:24
    clean files and infect other clean files
  • 00:02:26
    and they can spread uncontrollably
  • 00:02:27
    damaging a systems core functionality
  • 00:02:30
    and deleting or corrupting files they
  • 00:02:32
    usually appear as executable file is
  • 00:02:34
    that you might have downloaded from the
  • 00:02:35
    internet then there are also Trojans now
  • 00:02:37
    this kind of malware disguises itself as
  • 00:02:40
    legitimate software or is included in
  • 00:02:42
    legitimate software that can be tampered
  • 00:02:44
    with it tends to act as creat lis and
  • 00:02:46
    creates backdoors in your security to
  • 00:02:48
    let other malware sin' then we have
  • 00:02:50
    worms worms in fact entire networks of
  • 00:02:53
    devices either local or across the
  • 00:02:55
    internet by using the network's
  • 00:02:56
    interfaces it uses each consecutive
  • 00:02:59
    infected machine to infect more and then
  • 00:03:01
    we have botnets and such where botnets
  • 00:03:03
    are networks of infected computers that
  • 00:03:05
    are made to work together under the
  • 00:03:07
    controller of an attacker so basically
  • 00:03:09
    you can encounter malware if you have
  • 00:03:11
    some OS vulnerabilities or if you
  • 00:03:13
    download some L legitimate software from
  • 00:03:15
    somewhere or you have some other email
  • 00:03:17
    attachment that was compromised with
  • 00:03:20
    okay so how exactly do you remove
  • 00:03:22
    malware or how exactly do you fight
  • 00:03:24
    against it well each form of malware has
  • 00:03:27
    its own way of infecting and damaging
  • 00:03:29
    computers and data and so each one
  • 00:03:31
    requires a different malware removal
  • 00:03:32
    method the best way to prevent malware
  • 00:03:35
    is to avoid clicking on links or
  • 00:03:36
    downloading attachments from unknown
  • 00:03:38
    senders and this is sometimes done by
  • 00:03:40
    deploying a robust and updated firewall
  • 00:03:42
    which prevents the transfer of large
  • 00:03:44
    data files over the network in a hope to
  • 00:03:46
    weed out attachments that may contain
  • 00:03:48
    malware it's also important to make sure
  • 00:03:50
    your computer's operating system whether
  • 00:03:52
    it be Windows Mac OS Linux uses the most
  • 00:03:55
    up-to-date security updates and software
  • 00:03:57
    programmers update programs frequently
  • 00:03:59
    to address any holes or weak points and
  • 00:04:02
    it's important to install all these
  • 00:04:03
    updates as well as to decrease your own
  • 00:04:05
    system weaknesses so next up on our list
  • 00:04:08
    of cyber threats we have phishing
  • 00:04:10
    so what exactly is phishing well often
  • 00:04:13
    posing as a request for data from a
  • 00:04:15
    trusted third party phishing attacks are
  • 00:04:18
    sent via email and ask users to click on
  • 00:04:20
    a link and enter their personal data
  • 00:04:22
    phishing emails have gotten much more
  • 00:04:25
    sophisticated in recent
  • 00:04:26
    and making it difficult for some people
  • 00:04:28
    to discern a legitimate request for an
  • 00:04:31
    information from a false one
  • 00:04:33
    now phishing emails often fall into the
  • 00:04:35
    same category as spam but are way more
  • 00:04:37
    harmful than just a simple ad so how
  • 00:04:40
    exactly does phishing book well most
  • 00:04:43
    people associate phishing with email
  • 00:04:45
    message that spoof or mimic bank credit
  • 00:04:48
    card companies or other businesses like
  • 00:04:50
    Amazon eBay and Facebook these messages
  • 00:04:53
    look authentic and attempt to get
  • 00:04:55
    victims to reveal their personal
  • 00:04:56
    information but email messages are only
  • 00:04:59
    one small piece of a phishing scam from
  • 00:05:01
    beginning to end the process involves
  • 00:05:03
    five steps the first step is planning
  • 00:05:05
    the fissure must decide which business
  • 00:05:07
    to target and determine how to get email
  • 00:05:09
    addresses for the customers of that
  • 00:05:11
    business then they must go through the
  • 00:05:14
    setup phase once they know which
  • 00:05:16
    business to spoof and who their victims
  • 00:05:18
    are Fisher's create methods for
  • 00:05:20
    delivering the messages and collecting
  • 00:05:21
    the data then they have to execute the
  • 00:05:23
    attack and this is the step most people
  • 00:05:26
    are familiar with that is the Fisher
  • 00:05:27
    sends the phony message that appears to
  • 00:05:29
    be from a reputable source
  • 00:05:31
    after that the Fisher records the
  • 00:05:33
    information the victims enter into the
  • 00:05:35
    webpage or pop-up windows and in the
  • 00:05:37
    last step which is basically identity
  • 00:05:39
    theft and fraud the Fisher's use the
  • 00:05:41
    information they've gathered to make
  • 00:05:42
    illegal purchases or otherwise commit
  • 00:05:44
    fraud and as many as 1/4 of the victims
  • 00:05:47
    never fully recover so how exactly can
  • 00:05:50
    you be actually preventing yourself from
  • 00:05:52
    getting fished well the only thing that
  • 00:05:55
    you can do is being aware of how
  • 00:05:56
    phishing emails actually work so first
  • 00:05:59
    of all a phishing email has some very
  • 00:06:01
    specific properties so firstly you will
  • 00:06:04
    have something like a very generalized
  • 00:06:06
    way of addressing someone like your
  • 00:06:07
    client then your message will not be
  • 00:06:11
    actually from a very reputable source so
  • 00:06:13
    out here as you can see it's written as
  • 00:06:16
    Amazon on the label but if you actually
  • 00:06:18
    inspect the email address that it came
  • 00:06:20
    from its from management at maison
  • 00:06:22
    canada dot CA which is not exactly your
  • 00:06:24
    legitimate Amazon address third you can
  • 00:06:26
    actually hover over the redirect links
  • 00:06:29
    and see where they actually redirect you
  • 00:06:30
    to now this redirects me to wwf/e
  • 00:06:34
    amazon.com as you can see out here so
  • 00:06:37
    basically you know this is actually a
  • 00:06:39
    phishing
  • 00:06:40
    and you should actually report this
  • 00:06:42
    email to your administrators or anybody
  • 00:06:44
    else that you think is supposed to be
  • 00:06:46
    concerned with this also let me give you
  • 00:06:48
    guys a quick demonstration on how
  • 00:06:50
    phishing actually works from the
  • 00:06:52
    perspective of an attacker so first of
  • 00:06:56
    all I have actually created a phishing
  • 00:06:59
    website for harvesting Facebook
  • 00:07:01
    credentials I simply just took the
  • 00:07:05
    source code of the facebook login page
  • 00:07:07
    and pasted it and then made a back-end
  • 00:07:09
    code in PHP which makes a log file of
  • 00:07:12
    all the Facebook passwords that get
  • 00:07:15
    actually entered onto the phishing page
  • 00:07:16
    now I've also sent myself an email as to
  • 00:07:20
    make sure this looks legitimate but this
  • 00:07:23
    is only for spreading awareness so
  • 00:07:25
    please don't use this method for
  • 00:07:26
    actually harvesting credentials that's
  • 00:07:29
    actually a very legal thing to do so
  • 00:07:31
    let's get started first of all you will
  • 00:07:33
    go to your email and see that you get
  • 00:07:36
    some email saying the our Facebook
  • 00:07:38
    credentials has been compromised
  • 00:07:39
    so when you open it it looks pretty
  • 00:07:42
    legit well I haven't made it look all
  • 00:07:44
    that legit it should look legit but the
  • 00:07:47
    point out here is to actually make you
  • 00:07:48
    aware of how this works
  • 00:07:49
    so as you guys can see it says dear
  • 00:07:51
    client we have strong reasons to believe
  • 00:07:53
    that your credentials may have been
  • 00:07:54
    compromised and might have been used by
  • 00:07:56
    someone else we have locked your
  • 00:07:58
    Facebook account please click here to
  • 00:08:00
    unlock sincerely Facebook associate team
  • 00:08:03
    so if we actually click here we are
  • 00:08:06
    actually redirected to a nice-looking
  • 00:08:09
    Facebook page which is exactly how
  • 00:08:11
    Facebook looks like when you're logging
  • 00:08:13
    in now suppose I were to actually log in
  • 00:08:16
    to my Facebook account which I won't
  • 00:08:18
    I'll just use some random ID like this
  • 00:08:20
    is an email address email com and let's
  • 00:08:25
    put password as admin one two three and
  • 00:08:28
    we click login now since my facebook is
  • 00:08:32
    actually already logged in it'll just
  • 00:08:34
    redirect to facebook.com and you might
  • 00:08:36
    just see me logged in but on a normal
  • 00:08:38
    computer it'll just redirect you to
  • 00:08:40
    www.facebook.com which should just show
  • 00:08:43
    this site again okay so once I click log
  • 00:08:46
    in out here all that the backend code
  • 00:08:48
    that I've written in PHP out here will
  • 00:08:50
    do
  • 00:08:51
    is that it's gonna take all the
  • 00:08:54
    parameters that have entered into this
  • 00:08:55
    website that is my email address and
  • 00:08:58
    password and just generate a log file
  • 00:09:00
    about so let's just hit login and see
  • 00:09:02
    what happens so as you guys can see I've
  • 00:09:04
    been redirected to the original Facebook
  • 00:09:07
    page that is not meant for phishing and
  • 00:09:09
    on my system out here I have a log file
  • 00:09:14
    and this log file will show exactly as
  • 00:09:17
    you can see I've fished out the email
  • 00:09:19
    address this is an email address email
  • 00:09:21
    comm and it's also showed the password
  • 00:09:23
    that is admin one two three so this is
  • 00:09:26
    how exactly phishing works you enter an
  • 00:09:28
    email address and you're entering the
  • 00:09:31
    email address on a phishing website and
  • 00:09:33
    then it just redirects you to the
  • 00:09:35
    original site but by this time you've
  • 00:09:37
    already compromised your credentials so
  • 00:09:39
    always be careful when dealing with such
  • 00:09:41
    emails so now jumping back to our
  • 00:09:43
    session the next type of cyber attacks
  • 00:09:45
    we are going to discuss is pass with the
  • 00:09:47
    docs so an attempt to obtain or decrypt
  • 00:09:50
    a user's password for illegal use is
  • 00:09:53
    exactly what a password attack is
  • 00:09:55
    hackers can use cracking programs
  • 00:09:57
    dictionary attacks and password sniffers
  • 00:09:59
    and password attacks password cracking
  • 00:10:01
    refers to various measures used to
  • 00:10:03
    discover computer passwords this is
  • 00:10:05
    usually accomplished by recovering
  • 00:10:07
    passwords from data stored in or
  • 00:10:09
    transported from a computer system
  • 00:10:10
    password cracking is done by either
  • 00:10:13
    repeatedly guessing the password usually
  • 00:10:15
    through a computer algorithm in which
  • 00:10:16
    the computer tries numerous combinations
  • 00:10:18
    until the password is successfully
  • 00:10:20
    discovered now password attacks can be
  • 00:10:22
    done for several reasons but the most
  • 00:10:24
    malicious reason is in order to gain
  • 00:10:26
    unauthorized access to a computer with
  • 00:10:28
    the computer's owners awareness not
  • 00:10:30
    being in place now this results in
  • 00:10:32
    cybercrime such as stealing passwords
  • 00:10:34
    for the purpose of accessing bank
  • 00:10:36
    information now today there are three
  • 00:10:38
    common methods used to break into a
  • 00:10:40
    password-protected system the first is a
  • 00:10:42
    brute-force attack a hacker uses a
  • 00:10:44
    computer program or script to try to log
  • 00:10:47
    in with possible password combinations
  • 00:10:49
    usually starting with the easiest to
  • 00:10:50
    guess password so just think if a hacker
  • 00:10:52
    has a company list he or she can easily
  • 00:10:55
    guess user names if even one of the
  • 00:10:57
    users has a password one two three he
  • 00:10:59
    will quickly be able to get in the next
  • 00:11:01
    our dictionary attacks now a hacker uses
  • 00:11:03
    a program or script
  • 00:11:05
    try to login by cycling through the
  • 00:11:06
    combinations of common woods in contrast
  • 00:11:09
    with brute-force attacks where a large
  • 00:11:10
    proportion key space is searched
  • 00:11:12
    systematically a dictionary attack try
  • 00:11:15
    is only those possibilities which are
  • 00:11:17
    most likely to succeed
  • 00:11:18
    typically derive from a list of words
  • 00:11:20
    for example a dictionary generally
  • 00:11:22
    dictionary attacks succeed because most
  • 00:11:24
    people have a tendency to choose
  • 00:11:26
    passwords which are short or such as
  • 00:11:29
    single words found in the dictionaries
  • 00:11:30
    or simple easy predicted variations on
  • 00:11:32
    words such as appending a digit also now
  • 00:11:35
    the last kind of password attacks are
  • 00:11:37
    used by keylogger attacks a hacker uses
  • 00:11:40
    a program to track all of the user's
  • 00:11:41
    keystrokes so at the end of the day
  • 00:11:43
    everything the user has typed including
  • 00:11:45
    the login IDs and passwords have been
  • 00:11:47
    recorded a key logger attack is
  • 00:11:49
    different than a brute-force or
  • 00:11:50
    dictionary attack in many ways not the
  • 00:11:52
    least of which the key login program
  • 00:11:55
    used is a malware that must first make
  • 00:11:57
    it onto the user's device and the key
  • 00:12:00
    logger attacks are also different
  • 00:12:01
    because stronger passwords don't provide
  • 00:12:03
    much protection against them which is
  • 00:12:05
    one reason that multi-factor
  • 00:12:06
    authentication is becoming a must-have
  • 00:12:08
    for all businesses and organizations now
  • 00:12:11
    the only way to stop yourself from
  • 00:12:13
    getting killed in the whole password
  • 00:12:15
    attack conundrum is by actually
  • 00:12:17
    practicing the best practices that are
  • 00:12:19
    being discussed in the whole industry
  • 00:12:21
    about passwords so basically you should
  • 00:12:23
    update your password regularly you
  • 00:12:25
    should use alpha numerics in your
  • 00:12:27
    password and you should never use words
  • 00:12:29
    that are actually in the dictionary it's
  • 00:12:30
    always advisable to use garbage words
  • 00:12:33
    that makes no sense for passwords as
  • 00:12:35
    they just increase your security so
  • 00:12:38
    moving on we're going to discuss DDoS
  • 00:12:40
    attacks so what exactly is a DDoS or a
  • 00:12:44
    DOS attack well first of all it stands
  • 00:12:47
    for distributed denial of service and a
  • 00:12:50
    dos attacks focuses on disrupting the
  • 00:12:52
    service to a network as the name
  • 00:12:53
    suggests attackers send high volume of
  • 00:12:55
    data of traffic through the network
  • 00:12:57
    until the network becomes overloaded and
  • 00:12:59
    can no longer function so there are a
  • 00:13:01
    few different ways attackers can achieve
  • 00:13:03
    dos attack but the most common is the
  • 00:13:05
    distributed denial of service attack
  • 00:13:07
    this involves the attacker using
  • 00:13:09
    multiple computers to send the traffic
  • 00:13:11
    or data that will overload the system in
  • 00:13:13
    many instances a person may not even
  • 00:13:16
    realize that his or her computer has
  • 00:13:18
    been hijacked and a
  • 00:13:19
    contributing to the DOS attack now
  • 00:13:21
    disrupting services can have serious
  • 00:13:23
    consequences relating to security and
  • 00:13:25
    online access many instances of
  • 00:13:27
    large-scale dos attacks have been
  • 00:13:28
    implemented as a single sign of protests
  • 00:13:31
    towards governments or individuals and
  • 00:13:33
    have led to severe punishment including
  • 00:13:34
    major jail time so how can you prevent
  • 00:13:37
    dos attacks against yourself well
  • 00:13:40
    firstly unless your company is huge it's
  • 00:13:42
    rare that you would be even targeted by
  • 00:13:44
    an outside group or attackers for a DOS
  • 00:13:46
    attack your site or network could still
  • 00:13:48
    fall victim to one however if another
  • 00:13:50
    organization on your network is targeted
  • 00:13:52
    now the best way to prevent an
  • 00:13:54
    additional breach is to keep your system
  • 00:13:56
    as secure as possible with regular
  • 00:13:58
    software updates online security
  • 00:14:00
    monitoring and monitoring of your data
  • 00:14:02
    flow to identify any unusual or
  • 00:14:04
    threatening spikes in traffic before
  • 00:14:06
    they become a problem
  • 00:14:07
    dos attacks can also be perpetrated by
  • 00:14:10
    simply cutting a table or dislodging a
  • 00:14:12
    plug that connects your website server
  • 00:14:14
    to the Internet so due diligence in
  • 00:14:16
    physically monitoring your connections
  • 00:14:18
    is recommended as well okay so next up
  • 00:14:21
    on a list is man-in-the-middle attacks
  • 00:14:23
    so by impersonating the endpoints in an
  • 00:14:28
    online information exchange the
  • 00:14:30
    man-in-the-middle attack can obtain
  • 00:14:31
    information from the end user and the
  • 00:14:33
    entity he or she is communicating with
  • 00:14:36
    for example if you are banking online
  • 00:14:39
    the man in the middle would communicate
  • 00:14:40
    with you by impersonating your bank and
  • 00:14:43
    communicate with the bank by
  • 00:14:44
    impersonating you the man in the middle
  • 00:14:46
    would then receive all of the
  • 00:14:48
    information transferred between both
  • 00:14:49
    parties which could include sensitive
  • 00:14:51
    data such as bank accounts and personal
  • 00:14:53
    information so how does it exactly work
  • 00:14:56
    normally an MIT M gains access through a
  • 00:14:59
    non encrypted wireless access point
  • 00:15:01
    which is basically one that doesn't use
  • 00:15:04
    WEP WPA or any of the other security
  • 00:15:06
    measures then they would have to access
  • 00:15:09
    all the information being transferred
  • 00:15:11
    between both parties by actually
  • 00:15:13
    spoofing something called address
  • 00:15:15
    resolution protocol that is the protocol
  • 00:15:17
    that is used when you are actually
  • 00:15:19
    connecting to your gateway from your
  • 00:15:20
    computer so how can you exactly prevent
  • 00:15:23
    MIT M attacks from happening against you
  • 00:15:25
    firstly you have to use an encrypted W
  • 00:15:28
    AP that is an encrypted wireless access
  • 00:15:30
    point
  • 00:15:32
    next you should always check the
  • 00:15:33
    security of your connection because when
  • 00:15:36
    somebody is actually trying to
  • 00:15:37
    compromise your security he will try to
  • 00:15:39
    actually strip down the SC DPS or SSDs
  • 00:15:42
    that is being injected in the website
  • 00:15:44
    which is basically the security
  • 00:15:46
    protocols so if something like this
  • 00:15:48
    HTTPS is not appearing in your website
  • 00:15:50
    you're on an insecure website where your
  • 00:15:52
    credentials or your information can be
  • 00:15:54
    compromised and the last and final
  • 00:15:57
    measure that you can actually use is by
  • 00:15:59
    investing in a virtual private network
  • 00:16:01
    which spoofs your entire IP and you can
  • 00:16:04
    just browse the Internet
  • 00:16:05
    with perfect comfort next up on our list
  • 00:16:08
    is drive-by downloads so gone are the
  • 00:16:11
    days where you have to click to accept a
  • 00:16:13
    download or install a software update in
  • 00:16:15
    order to become infected
  • 00:16:16
    now just opening a compromised webpage
  • 00:16:19
    could allow dangerous code to install on
  • 00:16:22
    your device you just need to visit or
  • 00:16:24
    drive by a webpage without stopping or
  • 00:16:27
    to click accept any software add the
  • 00:16:29
    malicious code can download in the
  • 00:16:31
    background to your device a drive-by
  • 00:16:33
    download refers to the unintentional
  • 00:16:35
    download of a virus or malicious
  • 00:16:37
    software onto your computer or mobile
  • 00:16:39
    device a drive-by download will usually
  • 00:16:41
    take advantage or exploit a browser or
  • 00:16:44
    app or operating system that is out of
  • 00:16:45
    date and has security flaws this initial
  • 00:16:48
    code that is downloaded it is often very
  • 00:16:50
    small and since this job is often simply
  • 00:16:53
    to contact another computer of where it
  • 00:16:55
    can pull down the rest of the code onto
  • 00:16:56
    your smartphone tablet or other
  • 00:16:58
    computers often a web page will contain
  • 00:17:01
    several different types of malicious
  • 00:17:02
    code in hopes that one of them will
  • 00:17:04
    match a weakness on your computer so how
  • 00:17:07
    does this exactly work
  • 00:17:08
    well first you visit the site and during
  • 00:17:11
    the 3-way handshake connection of the
  • 00:17:13
    tcp/ip protocol a Bacchan script is
  • 00:17:16
    triggered as soon as a connection is
  • 00:17:18
    made vile the last ACK packet is sent a
  • 00:17:20
    download is also triggered and the
  • 00:17:23
    malware is basically injected into your
  • 00:17:25
    system now the best advice I can share
  • 00:17:27
    about avoiding drive-by downloads is to
  • 00:17:29
    avoid visiting websites that could be
  • 00:17:31
    considered dangerous or malicious this
  • 00:17:33
    includes adult content file sharing
  • 00:17:35
    websites or anything that offers you a
  • 00:17:38
    free trip to the Bahamas now some other
  • 00:17:40
    tips to stay protected include keep your
  • 00:17:43
    internet browser and operating system
  • 00:17:44
    up-to-date
  • 00:17:45
    use a safe search protocol that warns
  • 00:17:47
    you when to navigate to a malicious site
  • 00:17:49
    and use comprehensive security software
  • 00:17:51
    on all your devices like McAfee
  • 00:17:53
    all-access and keeping it up to date
  • 00:17:56
    okay so that was it about drive-by
  • 00:17:58
    downloads next up is my lad vert icing
  • 00:18:01
    or malvert icing so malvert icing is the
  • 00:18:04
    name we in the security industry give to
  • 00:18:06
    criminally controlled advertisements
  • 00:18:08
    which intentionally infect people and
  • 00:18:10
    businesses these can be any ad on any
  • 00:18:13
    site often ones which you use as a part
  • 00:18:16
    of your everyday internet usage and it
  • 00:18:18
    is a growing problem as is evident by a
  • 00:18:20
    recent US Senate report and the
  • 00:18:23
    establishment of bodies like trust in
  • 00:18:25
    ads now whilst the technology being used
  • 00:18:27
    in the background is very advanced the
  • 00:18:30
    way it presents to the person being
  • 00:18:31
    infected is simple to all intents and
  • 00:18:34
    purposes the advertisement looks the
  • 00:18:37
    same as any other but has been placed by
  • 00:18:39
    criminal like you can see the mint ad
  • 00:18:41
    out here it's really out of place so you
  • 00:18:44
    could say it's been made by a criminal
  • 00:18:45
    now without your knowledge a tiny piece
  • 00:18:48
    of code hidden deep in the advertisement
  • 00:18:50
    is making your computer go to the
  • 00:18:52
    criminal servers these and catalog
  • 00:18:55
    details about your computer and its
  • 00:18:56
    location before choosing which piece of
  • 00:18:58
    malware to send you and this doesn't
  • 00:19:00
    need a new browser window and you won't
  • 00:19:02
    know about it so basically you're
  • 00:19:04
    redirected to some criminal server the
  • 00:19:07
    malware injection takes place and voila
  • 00:19:09
    you're infected it's a pretty dangerous
  • 00:19:11
    thing to be in so how exactly can you
  • 00:19:14
    stop magnetising well first of all you
  • 00:19:17
    need to use an ad blocker which is a
  • 00:19:19
    very must in this day and age you can
  • 00:19:22
    have ad blocker extensions installed on
  • 00:19:25
    your browser whether it be Chrome Safari
  • 00:19:26
    or Mozilla also regular software updates
  • 00:19:29
    of your browser and other software's
  • 00:19:31
    that work peripheral to your browser
  • 00:19:32
    always help and next is some common
  • 00:19:36
    sense any advertisement that is about
  • 00:19:38
    lottery that's offering you free money
  • 00:19:40
    is probably going to scam you and inject
  • 00:19:42
    malware too so never click on those ads
  • 00:19:45
    so the last kind of cyberattacks we are
  • 00:19:48
    going to discover today and discuss
  • 00:19:50
    about is rogue software so rogue
  • 00:19:52
    security software is a form of malicious
  • 00:19:54
    software and Internet fraud that
  • 00:19:56
    misleads users into believing that there
  • 00:19:59
    is a virus on their computer and
  • 00:20:00
    manipulates them into paying money for a
  • 00:20:03
    fake malware removal tool it is a form
  • 00:20:06
    of scare that manipulates users through
  • 00:20:08
    fear and a form of ransomware rogue
  • 00:20:10
    security software has been a serious
  • 00:20:12
    security threat in desktop computing
  • 00:20:14
    since 2008 so now how does a rogue
  • 00:20:16
    security software book these scams
  • 00:20:19
    manipulating users into download the
  • 00:20:21
    program through a variety of techniques
  • 00:20:22
    some of these methods include ads
  • 00:20:24
    offering free or trial versions of
  • 00:20:26
    security programs often pricey upgrades
  • 00:20:28
    are encouraging the purchase of the
  • 00:20:30
    deluxe versions then also pop-ups
  • 00:20:33
    warning that your computer is infected
  • 00:20:34
    with the virus which encourages you to
  • 00:20:36
    clean it by clicking on the program and
  • 00:20:38
    then manipulated SEO rankings that put
  • 00:20:41
    infected website as the top hits when
  • 00:20:43
    you search these links then read
  • 00:20:45
    directly to a landing page that claims
  • 00:20:47
    your machine is infected and encourages
  • 00:20:49
    you a free trial of the rogue security
  • 00:20:51
    program
  • 00:20:51
    now once the scareware is installed it
  • 00:20:54
    can steal all your information slow your
  • 00:20:56
    computer or corrupt your files disable
  • 00:20:59
    updates for Less limit antivirus
  • 00:21:00
    software or even prevent you from
  • 00:21:02
    visiting less timet security software
  • 00:21:04
    vendor sites while talking about
  • 00:21:06
    prevention the best defense is a good
  • 00:21:08
    offense and in this case an updated
  • 00:21:11
    firewall makes sure that you have a
  • 00:21:12
    working one in your office that protects
  • 00:21:15
    you and your employees from these type
  • 00:21:16
    of attacks it is also a good idea to
  • 00:21:19
    install a trusted antivirus or anti
  • 00:21:21
    spyware software program that can detect
  • 00:21:23
    threats like these and also a general
  • 00:21:26
    level of distrust on the internet and
  • 00:21:28
    not actually believing anything right
  • 00:21:30
    off the bat is the way to go ok guys so
  • 00:21:32
    that was me about all the a different
  • 00:21:34
    types of cyber threats and how they
  • 00:21:36
    actually work and how you could prevent
  • 00:21:38
    them I also hope you enjoyed the
  • 00:21:40
    demonstration I showed about phishing
  • 00:21:42
    that's it for me goodbye
  • 00:21:44
    I hope you have enjoyed listening to
  • 00:21:46
    this video please be kind enough to like
  • 00:21:49
    it and you can comment any of your
  • 00:21:51
    doubts and queries and we will reply
  • 00:21:53
    them at the earliest do look out for
  • 00:21:56
    more videos in our playlist and
  • 00:21:57
    subscribe to any rekha channel to learn
  • 00:22:00
    more happy learning
Tags
  • cybersecurity
  • malware
  • phishing
  • DDoS
  • password attacks
  • internet safety
  • drive-by downloads
  • malvertising
  • rogue software