The most unpredictable cybersecurity factor is HUMAN
The biggest MATERIAL harmful "Cyber Attacks worldwide" are caused by the infection of malicious encryption and ransomware that infiltrates the system as a result of devices unconsciously plugged into computer systems by the inside and end user, clicking on phishing e-mails or clicking on malicious links on websites.
To avoid exposure to Internal Network attacks:
Training departments of companies affiliated to Human Resources and Information Technology (IT) departments should carry out joint training activities. Continuous trainings should be given to end users against "Cyber Attack Attacks".
What is the solution?
Password policy complexity requirements
Users should be rigorously trained on the complexity requirements they must meet when setting their passwords.
Ensure that a customised password policy is in place by requiring Passwords in your environment to include one or more of the following:
- Minimum length
- Use of both uppercase and lowercase letters
- Starting with a letter
- Special characters
- Figures
- Not using dictionary words, restricted/unacceptable words, or easy-to-break patterns
Types of Attacks
Dictionary attack
Dictionary attack, one of the most frequently referenced types of attacks, is carried out by trying every word in the dictionary against the password. This dictionary also includes frequently used passwords such as 123456, qwerty, monkey, princess, baseball, password, hunter2.
Brute force
In this attack, the attacker tries every possible combination of characters. In theory, any password can be cracked this way, but depending on the length of the password, it can take very, very long to implement. You can protect yourself from such attacks by using uppercase and lowercase letters, numbers, and characters such as $, & in your password. Of course, internet services also have their own security measures against brute force attacks.
Rainbow table
The Rainbow table is usually an offline attack. For example, an attacker obtains a list of user names and passwords, but the passwords are encrypted. Hashed passwords look completely different from the original. However, in some cases, an attacker could pass plaintext passwords through a hashing algorithm and compare them to passwords in an encrypted password file. In some cases, the encryption algorithm may be vulnerable.
The Rainbow table consists of a large number of algorithm-specific hashes (terabytes of space are sometimes needed to store these tables). The Rainbow table greatly shortens the time it takes to crack a hashed password.
Malware/keylogger
One of the most guaranteed ways to steal your login information is to take advantage of pests and keyloggers. If the attacker manages to install such software on your PC, they can take over all your accounts at the same time. Pests can sometimes target a specific type of data as well.
Social Engineering Attacks
End users must be constantly trained against social engineering attacks with examples. The main headings of the attacks to be trained should be as follows.
- Shoulder Surfing
- Garbage Mixing
- Trojans
- Role playing
- Phishing Phishing Emails
- Reverse Social Engineering
Types of Attacks
Angling attack
There is actually no complete "Hack" here. In a phishing attack, the attacker sometimes sends emails to hundreds of thousands of people, hoping that the victim will hand over their password with their own hands. The email tells you to take immediate action (change your password immediately to avoid being hacked, etc.) and the email appears to be from a real company. Research says that the number one in phishing attacks is fake bills and phishing mails.
Social engineering
Social engineering can be defined as the real life application of a fishing rod attack. The "attacker" tells you on the phone that he's from the new support team in your office and asks you for your password for a specific job. In the meantime, it is possible to easily hand over your password without thinking that there is a scammer in front of you.
In social engineering, which has been in operation for years, the goal may not always be your password. For example, sometimes a fake electrician may ask you to open the door to enter a secure building.
USB Attacks
End users should be rigorously instructed not to connect the following devices to any of the computer systems included in the company's inventory and network.
- USB Flash Memory devices
- Portable Storage Devices
- Tablet
- Phone
I hope my writing was useful. Unfortunately, companies do not attach much importance to personnel training for Cyber Security Attacks in the world and in our country. For cyber attacks that are no joke and cause irreversible financial damage when exposed, it will be very healthy for company managers to allocate more resources in their budgets for IT Software, Hardware and Personnel training items.
Senior Information Technologies
System and Network
Specialist Cyber Security Specialist
[email protected]
- .bak the process of opening and importing a SQL file
- .NET Framework 3.5 installation fails
- 1. Change user password with CMD
- 2. Create users with CMD
- 3. Delete a user with CMD
- 4. Open Port Inquiry CMD
- 5. Learning external IP with CMD
- 6. Domaine Alma with CMD
- 8. Creating a Folder with CMD
- 9. Shut Down a Remote Computer with CMD
- Account keeps locking
- Active Directory Security
- Active Directory Unlock Account Permission
- Add a Program to the Right-Click Menu
- Add Google Ads conversion tracking code to WordPress
- Add Opencart Google Ads conversion tracking code (add snippets)
- Add Whatsapp order button
- Adobe Illustrator Convert Type to Vector
- ALL ARTICLES
- Allow a standard user to run an application as an administrator in Windows
- ARİF AKYÜZ – SITE CONTENT
- Articles
- Backup Policy
- BC Search for Files and Folders with CMD
- Bitlocker Commissioned
- C# XML File Data Pull, Add, Delete, Update Operations
- Centos 7 IP Switching
- Change MAC Address
- Change the ADD to WooCommerce cart post
- Cisco Router Configuration
- Cisco Switch Model Learning Command
- Cisco Switch Setup
- CMD commands
- Combine columns one after the other in Excel
- Convert Picture to Text Converting Picture to Word
- Create a table of contents in Word
- Critical Files on Linux
- Cryptolocker Extension List
- CSS icon Package
- Cyber Security Certifications
- Cybersecurity Courses Passive Information Collection
- Data recovery via formatted disk
- Define the same proxy address for all users on Terminal Servers
- Delete Files and Folders with Task Scheduler Delete a File and Folder with PowerShell
- Deleting User Profile Files with Powershell
- DHCP Fail-over on Windows Server 2019
- Directory Structure on Linux
- Diskpart
- DNS Cache Clearing
- DOWNLOAD
- Exchange version information learning command
- Exchange: Bypass Malware Filtering
- File commands on Linux
- File Permissions on Linux
- Find out which port the app is using in Windows
- Forti Firewall IP Export
- Forti IP Export
- Google Advertising
- Google Advertising with ADS
- Google DNS
- Google Tag Manager Click Tracking
- Google Tag Manager Installation Turkish Lecture
- Group policy see command CMD applied to the computer
- How to Build an E-Commerce Site
- How to configure Proton VPN on pfSense using WireGuard
- How to Create a Shortcut to a Hyper-V Virtual Machine
- How to Create Trusted Self-Signed SSL Certificates and Local Domains for Testing
- How to Find Out the Motherboard Model?
- How to Get Facebook Pixel Code
- How to install FortiGate FortiOS 7.0
- How to Make a Vector Logo with Adobe Illustrator
- How to Put Password on Word Document
- How to Stay Safe From Stealer Attacks
- How to write IPv6 as a URL
- How to: Create CSR Code Through IIS
- HPE StoreOnce Systems
- IE Prevent running First Run Wizard
- Import Google Chrome passwords
- Instagram ad account closed
- INSTAGRAM ADVERTISING TRAINING
- IPv6 Proxy
- Kali Linux Installation
- LAPS Installation and Configuration
- Learning Exchange CU Info command
- Learning MAC address with IP
- List files in an Excel folder
- Log4j scan for Linux
- Log4j Scan for Windows
- Mbps to kbps Converter
- Microsoft Endpoint Manager
- Microsoft Intune EDR import Server
- Microsoft Security Compliance Toolkit 1.0
- Most used ports
- My Instagram Ad Account Has Been Closed, How Can I Open?
- Network Settings for Viritual Box Virtual Machines
- NMAP Commands
- Open the UBUNTU SSH Port
- Opencart social media icon pack
- Package Management on Linux
- Password Expiration Date AD User
- Password Policy
- Paste into Excel Filtered Cells
- PDF Encryption and PDF file encryption
- Persistent user account lockout
- Ping IPv6
- Process Management on Linux
- Pull List of Domain Admin Group Members
- Pull local admin accounts of devices in the domain with Powershell
- Pulling a List of Applications Installed on the Computer with CMD
- Random MAC Address Generation
- Random password generator
- Random Password Generator
- RDP Event Viewer ID
- Real-Time Cyber Threat Map
- Reliable and fast DNS Server List 2022
- Remove additional information, product description, and product review from the WooCommerce product page
- Remove vmware workstation encryption
- RVTools
- Samsung phone throwing rom
- Samsung tablet rom throwing
- See the open and closed ports on the Cisco switch
- Send Outlook future mail
- Server room Checklist
- Server Sustainability
- Showing the Lowest Price on Products with WooCommerce Options
- SMB Signing Disabled
- Social Engineering Attacks
- Speed test
- SQL Injection Attack
- SQL Server 2019 setup
- Switch commands
- This computer can't run windows 11 error solution
- Turn off Insecure TLS Versions
- User management on Linux
- What is a bot?
- What is Biometric Photography?
- What is EternalBlue?
- What is GRC?
- What is IPv6?
- WHAT IS NBTSTAT
- What is Penetration Testing? What is vulnerability scanning?
- What is Split Tunnel? What is Full Tunnel?
- Who reset the User's Password on AD
- Whoami commands
- Windows 10 Password Cracking Programless
- Windows 10 release history
- Windows 11 theme appearance customization
- Windows 2016 Startup Folder
- Woocommerce Closing to Shopping
- WordPress Search button removal hiding
- WordPress Whatsapp button add