Cybersecurity is the practice of protecting yourself cyber-attacks, that are targeted to access, change, steal away your inestimable information. The information could be used to extort money, interrupt normal business, or intrude elections. It is challenging because now technology can reach out to the common people far easier than ever before, the amount of data transferring over the internet is unprecedented. Even governments, military, corporates organizations are collecting your precious data for your good as they say. A significant amount of this data is sensitive and if bad guys have access to it, this could be used in many malevolent ways. People are relying more and more upon the internet, for a business, a better lifestyle, but nothing is free. The lucidity comes with a cost. With the data getting bulkier getting every moment, leaks are always possible and you could not protect yourself against attacks due to leaks. The data transferred over the internet is encrypted with keys about which only the sender and receiver know about it. The fight is to secure the key either by increasing the length of key or introducing as much randomization as possible. Both these ways have their limitations. Longer key makes the transfer speed slow and also the CPU has to do more work making the system slow. While randomization because the ways to randomize are limited. Some ciphers used to encrypt are-
- Substitution Cipher
- Caesar cipher
- Monoalphabetic cipher
- Polyalphabetic cipher
- Vigener cipher
But the limitations of many ciphers is that key size is small which makes them susceptible to brute force attack. Brute force attacks are attempts to create every possible key by trying each and every permutation. This is a last resort for the hackers since it is tedious and time taking.Some cybersecurity threats are-
- Phishing- The practice of sending fraudulent emails that seem authentic but are designed to steal away the login data or credit card information. The data entered is transferred to the fraud address rather than the authentic address.
- Side-channel attacks- Side-channel attacks are determined to extract information that devices are leaking out. Everything around us is now digital, which relies on electricity, and we all know that magnetism is complementary to electricity. We send data packets over the internet that interferes with the magnetic fields of those appliances which in turn affects the electrical appliance, we are not sensitive to the changes that are caused due to this but other electronic appliances are. Types of equipment are engineered to read the variation caused which could be used to read inside the data packet or use it to read the keys. Also, the vibrations in the mechanical parts of the devices cause an acoustic noise called ‘coiled whine’ which is in sync with the computation going on. Since cryptoanalysts design secure pathways by making some assumptions, but hackers violate those assumptions to ease off their tasks of ramming into the gates of cryptography.
- Malware- Softwares like viruses, trojans, or spyware designed to gain unauthorized access and cause damage to the system.
- Ransomware- Most notorious as it blocks access to the file or the system until the Ransom is paid. The main problem is, paying the ransom doesn’t guarantee access to the files or the system.
- Social engineering- This attack relies on human interaction. The users are tricked to leak their personal and sensitive data themselves most common being romance scams. Where attackers disguised as users of chat rooms, dating sites trick the victim to leak their data.
The systems used are not secure since they are antiquated. With the advancements in technology, the attackers have enhanced themselves but not the systems used by institutions due to financial obstructions. In 2014, a blast furnace of the German steel plant was shut down remotely by hackers that led to massive damage. Authorities suggested hackers used phishing as well as social engineering to infiltrate the plant. Wannacry the most notorious of the ransom wares recently hit the world hard leaving many banks, health infrastructures aghast. A report published by Group-IB in February 2020 suggested that credit card details of 460,000 users were put on sale on the dark web. many of those details have been collected through bank portals. You can’t defend yourself from being attacked, all you can do is be vigil. Don’t open up spam emails, use credit cards and debit cards judiciously, and never try to leak your data. These steps won’t ensure you being protected from cyberthreats but sure could make you a less appetizing prey.