The document provides guidelines for ensuring cybersecurity. It discusses threats like malware, phishing, and social engineering. It recommends practicing safe online habits like using strong passwords, updating software, and avoiding unsafe downloads. The document also provides tips for organizations, including access controls, monitoring networks, backups, and supplier management. The overall message is that cybersecurity requires vigilance across individual, technical, and policy levels.
13. SQL Injection
SQL Login
SELECT UserID
FROM User
WHERE UserName = '$userName'
AND Password = '$password'
userName password POST input tag Username Password
SQL Injection Post input tag
WHERE CLAUSE
User name: 1' = OR '1 = 1
Password: 1' = OR '1 = 1
SQL
SELECT UserID
FROM User
WHERE UserName = '1' = OR '1 = 1'
AND Password = '1' = OR '1 = 1'
Last update 13/06/2013
SQL Injection
hacker
SQL
Input UI
INSERT, UPDATE, DELETE, DROP
form input
post
19. The top threats for 2013, as
seen by McAfee
Mobile threats
Mobile worm infections could go on a shopping spree in 2013 -- once embedded in a
smartphone or tablet after a dodgy download, they'll purchase malicious apps and do
their stealing through near-field communications (NFC) technology, McAfee says. NFC
and other "tap and pay" mechanisms could also make it easier for our phones to become
infiltrated. McAfee suggests that "bump and infect" scenarios will become more common
in order to steal money and that these kinds of malware will be most commonly found in
densely populated areas including airports and malls.
In addition, mobile malware that prevents your smartphone or tablet from updating
security software is expected to rise.
Build your own ransomware
McAfee predicts that ransomware "kits" designed around mobile technology will rise, allowing people
without advanced programming skills to be able to more easily attempt to extort money out of the
general public, especially through the Windows PC platform, which saw reported attacks triple in 2012.
Ransomware differs from backdoors, keyloggers or Trojans as it "locks" a system, leaving users without
the means to access their data or system. This is where the malicious software comes in; pay up or
potentially lose your data.
Last update 13/06/2013
20. The top threats for 2013, as
seen by McAfee
Attacks focused on new platforms
The report suggests that we will see a "rapid development" in ways to attack both
Microsoft'snew Windows 8 platform and HTML5, a standard for Web-based applications.
Rootkits, the use of bootkit techniques and attacks which target master boot records, the
BIOS and volume boot records are expected to diversify and evolve. Windows 8 platform is
expected to be targeted through malware as well as phishing techniques. McAfee warns that
platform upgrades will not necessarily protect your system, although it is deemed more
secure that previous versions.
An increase in large-scale attacks
According to the firm, large scale attacks reminiscent of Stuxnet or Flame, designed to destroy infrastructure
rather than based on purely financial gain, will firmly take hold in 2013. Used in order to cripple
businesses, steal intellectual property and simply cause as much damage as possible, large-scale hacktivism
can be devastating for businesses that are often vulnerable to the simplest methods, such as distributed
denial-of-service (DDoS) attacks.
Last update 13/06/2013
21. The top threats for 2013, as
seen by McAfee
Snowshoes and spam
In addition to an increase in attacks based on botnets, "shoeshoe" spamming of
legitimate products available online, made through numerous IP addresses, is expected
to be a cyberattack trend in 2013. Well-known businesses can fall prey to shady
marketing companies that promise e-mail address lists of potential customers, and
blatant spamming still goes unchecked.
Hacking as a service
Hacking "as a service" is expected to rise, mainly due to the rise of invitation-only and fee-
paying professional hacker forums available to only those who have guarantors to ensure their
authenticity. Based on e-commerce shopping cart models, it is expected that anonymity will be
maintained through anonymous payment methods including Liberty Reserve.
The decline of Anonymous, but a rise in
extreme hacktivism
McAfee argues that a lack of structure and organization in the hacking collective referred to as Anonymous has
impacted the idea's reputation. Misinformation, false claims and hacking for the simple joy of it may result in the
collective's political claims taking a beating. As a result, success and fame will decline -- but higher-level
professional hacking groups may take up the slack, and promote a rise in military, religious, political and
"extreme" campaign attacks.
Last update 13/06/2013