Seven reasons for blacklisting you

Seven reasons for blacklisting you

Common sense tells us that users are the weakest link in IT risk management, especially for "naive and brave" users ...... But how did hackers use this naive (lack of protection awareness) to access user terminals and company accounts? Many of the methods they use involve some psychological tricks, and most of the attacks involve phishing and social engineering participation.

The following lists seven reasons why users should be hacked:

I. Automatic hook


Phishing is the best partner of hackers from beginning to end because of its effectiveness, high impact, and simplicity. It is often used as the starting point for Complex attacks. According to this week's Verizon DBIR report, 23% of phishing recipients open malicious messages, and 11% of them open attachments, on average, it took only 82 seconds to get bait from a fisherman.

How hard it is to skip the inexplicable links!

2. Believe in fraudulent phone calls


Similar to phishing, sometimes the easiest way for attackers is to directly ask the victims for their systems and accounts. It may sound incredible, but in many cases, hackers only need to pretend to call the user to log on to the account and password. Sometimes they pretend to be an internal employee or business partner who calls other employees to open a special document with a remote access trojan.

3. Do not update system patches



The latest Verizon DBIR report also shows a percentage of attacks exploiting different vulnerabilities. Verizon Investigates about 97% of attacks against top 10 vulnerabilities that have existed for many years. Users often choose not to install patches for these common vulnerabilities because they do not update the system. I would like to ask these users who do not update frequently. What are your reasons not to be hacked?

4. Use a simple password



Not long ago, Sony was attacked by hackers. Hackers exposed a Password used by Sony employees and IT staff. what's embarrassing is that there are many of them, including "12345" and "Password) popular universal password. As OWASP said in their simple password Introduction Test file,
"A password is the key to a kingdom, but users tend to overturn it in the name of users ."

5. Use unprotected public WiFi



At the 315 gala last month, "360 Network installation engineer" provided good evidence to users about why users need to protect themselves and VPNs when using public WiFi. Cylance researchers found serious security vulnerabilities in wireless routers in 277 hotels, data centers, and conference centers in 29 countries. Just a public free hot spot can provide hackers with a wide range of hunting ground to "Hunt" innocent people without fear.

6. Too much on social media



There are many reasons why hackers like to find prey in social media, one of which is to facilitate investigation. The information shared by people on social websites usually allows attackers to easily guess the user password or obtain the answer to the password reset question, at the same time, it also provides enough information to make it easier to implement the fish-and-cross type phishing. Imitating the graphics or plug-ins of popular social networking websites is also an important channel for distribution of malware. For example, an attacker has induced a user to click the like button on the website. In fact, this is a trigger that may cause malware installation. This "clickjacking" method is widely used by hackers in social media.

7. too dependent on the network



BYOD is a new concept, and IT autonomous service and self-guidance have become a norm. Users face more risks when they want to freely install more programs in their company systems or move data to unrestricted clouds. Therefore, we must find a solution that allows users to freely complete their work while ensuring data management and audit control over work and life.