Security
index, follow
index, follow
Cybercrime is the worst problem on the internet globally. Malicious people make software programs to steal information and money. So, nobody can say that he is 100% secure from all cyberattack types. Some of them are less dangerous, like spywares who spies users for displaying irregular commercials. Also, there are some more dangerous like stealing money, blackmail or just to offend users. But like in the real world, there are digital systems to prevent stealing, spying and blackmailing, so they make life more secure.
Malwares is the group name for all types of harmful software. They spread through internet to computers and servers, what we call it infections. That kind of cyberattack can destroy data, steal data, spy, blackmail or do hardware damage. In average, every day about 350 000 new malware software has been registered. Types of malwares are:
What are the different types of Malware? - Comtact
Malware Statistics & Trends Report | AV-TEST (av-test.org)
When a malicious person inserts himself into conversation between two sides. Then impersonates both sides and gains access to secret information like passwords is MITM Man-in-the-middle attack. Good SSL certificate prevents MITM attacks because usually, first it needs to strip SSL to make attack. Also, hosting and CDN provider must have DNSSEC for prevention.
DDoS or Distributed denial of service attack is meant by shutting down a machine or network to prevent work or to make it inaccessible to users. That is typically done with flooding the network with much traffic. Then servers and network cannot handle it and break down, or exhausted bandwidth. Good hosting can handle this type of attacks with more bandwidth, spread traffic across multiple servers on different countries, good firewalls, …
It is injecting malicious code via some form (like user login form) to SQL database. That code gives hackers access to make changes on databases, so he can destroy data or steal them. This is made often by programmer’s mistakes in code. Drupal communicated to database in PDO prepared statement to avoid SQL injection. PHP data object (PDO) is a procedure in programming to prevent SQL injection. PHP: Prepared statements and stored procedures - Manual
One of the most dangerous of all cyberattack types. Attacker searching for vulnerability in some software and when finds he deploys malware. It must be done before software user update software and deploy security patch. Then attacker malware is hidden in software for some time, perhaps years, before attacking. The only known prevention is quickly updating software. Drupal's security patches are realized approximately every month. Also, OOP architecture of Drupal minimizes this danger.
Sneaking camouflaged malicious code trough DNS and bypasses firewall and steal data like passwords. It is very difficult to detect it. But, prevention can be made with good hosting provider and CDN who has DNSSEC. eDot.pro to his clients gives excellent hosting and CDN provider, which prevents most of these attacks.
This attack cause victim user to make some action unintentionally. For example, user gets notification to type his email and password on fraud website. Then attacker can access to user’s email. After that, attacker can steal data about credit cards or access restricted web applications.
Simply, it is a changing code in some programming language. It can be malicious when somebody wants to do damage to make a cyberattack. Or it can be with good intentions for making software better. The term hacker is always represented as malicious attacker, but hacking some code can be in good faith. With OOP principles, there is no hacking or customizing a code for changing, there is just for cleaning bugs and deprecated code.
eDot.pro uses Drupal, which has a security team of 30 members. They organized tracking, investigating, verifying, and publishing possible cyberattack types.