Changing your password is indeed the best way to ensure the security of your accounts. However, taking necessary precautions to mitigate password theft is also an important step to secure your account. Assuming that your password cannot be hacked is exactly what cybercriminals want you to think.
How to create a strong password?
Scoring the password to an individual account using traditional methods is easier than securing an organization’s account. However, cybercriminals often target business accounts for monetary and non-monetary reasons. They apply advanced techniques to compromise the accounts. Ethical hackers’ role comes in to ensure the security of your accounts. They test the probability of a compromise. They perform various methods of password hacking, which reduce the probability of being hacked.
6 types of password attacks commonly used by ethical hackers
| SNo. | Types of Password Attacks | Sub-divisions of Password Attacks | Process of Password Attacks |
| Non-electronic Accounts | It is a non-technical attack thatis performed even without sound technical knowledge. | Shoulder surfing Social engineering Dumpster diving |
|
| Active Online Attack | Password guessing | Attackers create possible passwords by collecting information from social media accounts and other online sources. Criminals use the default password provided by manufacturers to crack accounts. |
|
| Brute forcing attack | Attackers make multiple attempts with possible combinations until they crack the account. | ||
| Dictionary attack | Attackers load dictionary files of passwords and runs it against user attacks. | ||
| Rule-based attack | The attack is performed only after receiving information about the password. | ||
| Trojans/ Keylogger/ Spyware | Either of these viruses or malware are run in the background to track the passwords. | ||
| Hash injection attack | The attacker injects a compromised hash into a local session and uses it to retrieve the domain admin account hash. To log on to the domain controller, use the extracted hash. | ||
| 3 | Passive Online Attack | Man-in-the-middle | The attacker gains access to the communication channel to extract confidential information. |
| Wire-sniffing | Packet sniffer tools on the local area network are used to access and track the network traffic. | ||
| Replay attack | Packets and authentication captured using a sniffer are used to extract relevant information, and then they are placed on the network to gain access. | ||
| 4 | Offline Attack | Rainbow table | Captured password hashes are compared to the precomputed tables to recover passwords. |
| Distributed network attack | The technique is used to recover passwords from hashes using excess power of machines to decrypt passwords. |
Ethical hackers need to be aware of all these and various other password attacks that are commonly used by cybercriminals. It requires getting into the attackers’ shoes and wearing their thinking cap and performing all possible attempts to infiltrate business accounts. Moreover, if ethical hackers can compromise your password, then remember that cybercriminals can easily compromise it too.
Learn and acquire ethical hacking skills
Certified Ethical Hacker (CEH) is a recognized ethical hacking program and is a must credential to all the information security professionals to learn ethical hacking from its fundaments. The CEH trains you on the latest hacking tools and techniques used by information security professionals to secure and defend the organizations from future attacks.
Source: eccouncil.org
Posts
0 comments:
Post a Comment