Hacking and hacking over the internet have increased in recent months as a side effect of the Coronavirus epidemic
As working from home has become the norm, the cyber attackers have intensified their attacks; A PC is more fragile than the one that a company's technical team protects, and the average person is more likely to get lost and make a mistake while at home
So it is very important to know the most used hacking techniques. This knowledge will help you prevent and alert you to any such attack
To provide you with assistance in this regard, the cybersecurity company Proofpoint has published a report on the technologies most used by hackers during the last quarter of 2020
Therefore, they are the most popular scams which will continue to be tracked in 2021
Below is a summary of the report and tips on how to avoid the techniques described
Social engineering
Social engineering is the # 1 technology that hackers use to try to hack your computer. It's the tactic that is used 99% of the time
Typically, cyber attackers combine this technology with another tactic that exploits a security breach
Social engineering is understood as a ploy that manipulates the user so that he is the one who provides the hacker with unconscious access to his computer
For example, arriving at a malicious email asking you to open it is a social engineering tactic. Tricking you into clicking on a dangerous URL. Creating a fake page that resembles logging into a social network like Facebook to enter your login details is also social engineering
As you can see, in all of these examples, manipulation is used with a more technical tool: an email with malware, a URL that downloads a virus, or a fake webpage
Phishing email: a hacker trojan horse
Email is the most popular 'companion' to social engineering. In recent months, the vast majority of email hacks containing social manipulation and tech hoaxes have occurred
Proofpoint has listed the most commonly used technologies in these phishing emails
Run a macro for an Office document
A macro is a series of commands and instructions that automatically complete a task in Office whose original mission is to save time and steps for users. But hackers use it to infect computers, the user opens an email attachment they think is important and activates a hard-to-detect macro and directs Office to spread malware to all documents on the computer
Evading protection status
In theory, Gmail or Hotmail have systems that detect if email contains viruses. Threat detector usually plays suspicious content in a protected and isolated environment, for example on a virtual machine, to verify if it is safe or not
But hackers now use evasive techniques that prevent malware from activating during these tests. Thus, the malware detection tools are deceived and considered valid email that does not pose a risk to the user
PowerShell
There are techniques that use PowerShell in Windows to infect a computer in order to activate it. The user is manipulated to enter a page with code running PowerShell to invade the computer, since it is a technique used by an official tool, it is very difficult to detect
HTML
It looks the same as above: the user clicks and comes to a page with code that takes advantage of security breaches in browsers and even operating systems. It is a trick that is difficult to discover because it is sometimes hidden in ads on legitimate websites
Invading messages and impersonating the victim
This technology is only used when a victim's email account is actually accessed. The hacker then writes to the occupant's account contacts, and responds to them to impersonate the victim and direct the victim's contacts to the trap as well
Files with passwords
Sometimes, a threat detection tool won't identify a file with malware if opening it requires a password. The email will contain instructions for the user to open it and infect his computer himself
Geofencing
A new technology that consists of restricting the behavior of malware on certain sites, because this type of restriction prevents the detection of malware
You can read the full report via the following link : Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes
Thanks to this artificial intelligence, hackers can hack any website!
