Top Hack Attacks Vectors.
Hackers, beginners or professionals have a broad selection of hacking techniques and tools at their disposal.
How good they are depends on if they study the software carefully or in special cases, create their own.
Start learning about the most common hacking methods and arm yourself with the tools you need, you’ll be able to identify vulnerabilities and even stop attackers.
Beginner hacking techniques:
- Bait and switch - All depends on how much a user trusts the advertisements on the site they are visiting.
- Browser locker
- Credential reuse
- Fake WAP ( Beginner level - Wireless Access Point) attack, where the hacker sets up a wireless router with a legitimate name in a public spot where people can connect to it. Once they do, the hacker monitors all and can even change internet connections to steal sensitive data, or force the user to download malware onto their device/s.) Fake WAP can be thwarted by using a VPN.
- SQL injection
Intermediate hacking techniques:
- Brute force attack
- Clickjacking/UI redress
- Cookie theft / sidejacking / session hijacking
- Cross-site scripting
- DDoS attacks
- Dictionary attacks
- DNS spoofing
- IoT attacks
- Keylogger attacks
- Macro in documents
- Man-in-the-middle attack
- Phishing
- Watering hole attack
- Social engineering
Large advertisers like META and Google have a number of safeguards in place to prevent this, but they aren’t 100%.
If you click on the ads, the attacker can use a number of attacks, like downloading malware, clickjacking or browser locking, just to to compromise your system.
In the end it is your common sense that will protect you. A safe browser and ad-blocking plugins will go a long way.
Credentials re-use:
Is a very common attack method. It works under the assumption that many people use the same password across multiple sites. A VPN will not protect you against this type of attack.
However some VPN companies like NordVPN and Surfshark offers a DarkWeb monitoring solution. Which basically means they try to scan the DarkWeb for your leaked credentials, and if found they find anything, they will alert you.
SQL injection:
Probably the most powerful hacking method, which targets vulnerabilities in sites that are not up to date. In unsecured systems that make use of the SQL programming language, hackers can insert code into text fields in the website (like a password or username field, for example) which then the website will run.
The code they insert can be used to extract information from your website or give the hacker a foothold, from which they then can launch further attacks. SQL injection is essentially an attack on your website and once a hacker has successfully performed a SQL injection, your site can be used to attack its visitors or other sites.
Note: That you can be legally held responsible if your site is running outdated software. So if you buy a site, make sure you keep it updated.
Will a VPN protect you?
A VPN will not protect you against a cross-site scripting attack, SQL injections can easily turn a legitimate website into the hacker’s tool. It can also steal or modify data on a website that you’ve already chosen to share your information with.
While it is relatively simple to protect yourself against these attacks, many web admins don't know how to, or they just let it slide.
The browser lock method:
This is aimed at the less technologically literate. This basically leads a user to a malicious site or infects a legitimate one, while the hacker creates a popup, that takes over the screen and makes it difficult or impossible for the user to close.
The popup might pose as an antivirus alert or encourage the user to visit a bogus tech support link or call a bogus number. The victim might wind up unknowingly paying the attacker to remove the “virus” from their computer.
Other attack vectors:
Microsoft macro malware is a very common type of malware, that is easy to detect and avoid if you know what you’re looking for.
Many document file types, like .doc or .pdf, have the ability to run scripts when they’re opened. However, these functions usually have to be given permission by the user to run through a prompt when the document is opened.
It is recommended not to allow macros to run !
A very common attack:
Cookie theft / side-jacking or session hijacking.
Cookies provide more than just a way for ad providers to follow you around online. They also let websites keep track of their users who visit their site. For example: When you log in to your account, the website sends you a cookie so you don’t immediately get logged out on the next page you visit on their website.
A VPN can protect you, except for in a case like this: The site is already hacked !
Other attack vectors:
IoT devices are vulnerable and almost never updated ! The devices mentioned have limited computing power and storage, leaving no room for any robust security features.
People buying these devices often leaves, the passwords as they are: "factory defaults", meaning anyone can log into them. Even worse, they provide a direct bridge between the digital and physical worlds.
Know that any hacker, despite his or her level of knowledge, can hack into your air conditioner, oven, refrigerator, or your home alarm system.
Don't be like Scrooge, if you are not poor !
Find out which apps run on what IoT appliances. Then where possible, buy security solutions to protect them and make sure they are always updated, with the latest signatures.
DDoS "Minion" attacks:
The malware used to perform the DDoS attacks, doesn’t hurt people infected by it, but instead, it turns their device/s into one small part of an army of evil "bots". The Black Hat hacker, first creates a network of bots ( which he/she controls ), once the bot network is large enough, it is used to completely flood their target/s with fraudulent requests, stopping the system from processing genuine user requests and eventually, it shuts down their server/s.
These attacks often lead to financial, reputational, and temporal losses for both individuals and businesses.
