In fiscal year 2021, 408 out of 429 cases of violations of the Unauthorized Computer Access Law were due to unauthorized access. Furthermore, 398 out of the 408 cases involved logging in using another person’s ID and password and unauthorized use.
To prevent damage from cyber attacks, all companies using communication systems need to understand that they can be targeted by hacking and take appropriate measures. This article introduces basic knowledge of hacking and cyber attacks, which is essential for considering corporate security measures.
Table of Contents
- What is Hacking?
- Not All Hackers Are Evil
- Cyber Attack Techniques Using Hacking
- Zero-Day Attack
- Shoulder Hacking
- Watering Hole Attack
- SQL Injection
- Brute-Force Attack
- Four Countermeasures Against Malicious Hacking
- Information Gathering and Addressing Vulnerabilities
- Utilizing Security Software
- Secure Coding
- Complicating Passwords and Login Methods
- Summary
1, What is Hacking?
Hacking refers to the act of modifying programs and systems by technicians with specialized computer knowledge after verifying and analyzing the security of the programs and systems. The term “hacker” in IT terminology originally referred to a technician who performs hacking. However, the negative image has become established because some cybercriminals have called themselves “hackers.”
White hat hackers can be active in all industries that connect personal computers and smartphones to the network for work. The Japanese government and foreign governments are also paying attention to the importance of white hat hackers, and it is a profession with high demand in the computer society.
1-1, Not All Hackers Are Evil
Hackers are divided into two types, white hat hackers and black hat hackers, depending on whether their purpose is good or evil. The differences between the two types are as shown in the table below.
| White Hat Hacker | ・A person who uses hacking techniques for good intentions ・The main purpose is to prevent black hat hacker attacks and implement security measures |
|---|---|
| Black Hat Hacker | ・A person who uses hacking techniques for malicious intentions ・The main purpose is to connect to their own profit by selling information, etc., or to satisfy intellectual curiosity |
White hat hackers can be active in all industries that connect personal computers and smartphones to the network for work.
The Japanese government and foreign governments are also paying attention to the importance of white hat hackers, and it is a profession with high demand in the computer society.
2, Cyber Attack Techniques Using Hacking
Even if you know the words “hacking” and “cyber attack,” it is difficult to take concrete measures if you do not know the content of the expected damage or the attacker’s methods.
The following describes typical examples of damage that companies are expected to suffer when they are cyber attacked and the main methods of hackers.
2-1, Zero-Day Attack
A zero-day attack is a method of launching a cyber attack at a stage before vulnerabilities related to the OS or software are disclosed and defense measures are established. A vulnerability means a security defect caused by a program defect or design error.
The following are examples of damage expected when a zero-day attack is received.
| ・Leakage of confidential information ・Data tampering ・Server shutdown |
|---|
Leakage of confidential information is a factor that leads to a decline in corporate image. If the server shuts down, you will not be able to operate the website or web application, which may affect sales.
2-2, Shoulder Hacking
Shoulder hacking is an attack that steals information by peeking at IDs, passwords, etc. over the shoulder of an employee. Hackers log in to web applications, etc. based on the stolen information and commit criminal acts.
Shoulder hacking can be countered to some extent by raising employees’ security awareness. To prevent damage, educate them on rules such as not entering IDs and passwords when people outside the company are around and always locking the screen when leaving their seats.
2-3, Watering Hole Attack
A watering hole attack is an attack that infects people by embedding malware (malicious programs) on websites that are frequently viewed by people from companies that are targeted for attack. The name “watering hole attack” comes from the act of ambushing and attacking animals that come to an oasis.
Examples of damage expected when infected with malware are information leakage and hijacking of terminals. Hijacked terminals may be used as bases for expanding damage.
2-4, SQL Injection
Many companies’ websites and e-commerce sites use web applications that are linked to databases. SQL injection is an attack that injects unauthorized SQL statements into web applications to tamper with, delete, or steal information stored in the database. In recent years, there have been noticeable cases of websites being tampered with by commands using SQL injection.
2-5, Brute-Force Attack
A brute-force attack is an attack that breaks through ID and password authentication by sequentially trying all possible combinations of numbers, letters, and symbols that can be entered. For example, for a 4-digit number password, it tries to authenticate by sequentially trying 10,000 combinations from “0000” to “9999.”
Hackers usually use programs that automatically create and authenticate combinations of numbers, letters, etc. to perform brute-force attacks. Using a program makes it easy to find IDs and passwords and succeed in authentication.
3, Four Countermeasures Against Malicious Hacking
If you are hacked, it will affect consumers and business partners, and you may suffer economic losses such as suspension of transactions and payment of damages. To prevent hacking damage, it is important to have a high level of security awareness on a daily basis and implement sufficient measures.
The following are examples of hacking countermeasures that companies can practice on a daily basis.
3-1, Information Gathering and Addressing Vulnerabilities
Hacking techniques are becoming more sophisticated every day, and new types of attacks are being carried out one after another. Information system managers should check the media that are disseminating security-related news on a daily basis to understand the trends of hackers.
Also, to prevent hacking damage, it is necessary to collect information on vulnerabilities in the OS and software you are using.
If updates related to vulnerabilities have been released, update them promptly and use the latest version.
3-2, Utilizing Security Software
Security software is software that is used to protect computers from attacks by hackers, etc. By utilizing comprehensive security software, you can efficiently develop a working environment that is less susceptible to hacker attacks.
Examples of functions included in security software are as follows:
| ・Detection and removal of malware ・Protection of personal information ・Detection and access restriction of malicious Web sites ・Software update status management ・Detection and notification of vulnerabilities |
|---|
Note that the functions, prices, and support systems that are actually included vary depending on the security software. When introducing security software, check the details and select one that suits your company.
3-3, Secure Coding
To prevent SQL injection, you can use the secure coding method. Secure coding refers to performing highly reliable coding according to the guidelines of development tools and avoiding the occurrence of vulnerabilities.
To strengthen the security of existing websites, consider receiving a vulnerability diagnosis to identify security issues. Address the issues identified by the vulnerability diagnosis as soon as possible and improve to a state where it can be operated safely.
3-4, Complicating Passwords and Login Methods
To prevent brute-force attacks, etc., you can consider complicating passwords. The following are tips for creating passwords that are difficult for hackers to guess:
| ・Combine numbers, letters, and symbols ・Increase the number of digits ・Avoid using words listed in the dictionary ・Do not include personal information such as names |
|---|
To strengthen security, in addition to complicating passwords, adopting multi-factor authentication (an authentication style that combines password authentication with fingerprint authentication, face authentication, etc.) is one idea. Alternatively, you can prevent brute-force attacks by limiting the number of attempts, such as “lock after failing to enter the password more than 3 times.”
Summary
Hacking means stealing confidential information or shutting down servers, etc. by exploiting specialized knowledge about computers. To prevent malicious hacking, it is necessary to make efforts to collect security-related information on a daily basis and to utilize security software that suits your company.
By utilizing EXO Security, you can effectively take measures against various cyber attacks including hacking. If you are a manager or information system manager who wants to take hacking countermeasures and develop an environment where employees can work with peace of mind, please consider introducing EXO Security.
Virus Countermeasure Security Software “EXO Security”
Click here for EXO Security usage fees
Click here for EXO Security features
Please contact globalsupport@jiran.com for further assistance.
