Üsküdar University Faculty of Engineering and Natural Sciences Computer Engineering English Department, Head of Cyber Security Master's Program, Dr. Instructor Member Ahmet Şenol made evaluations and recommendations about cyber attack methods.
Stating that the definition of Cyber Security differs in terms of institutions, companies, states and individuals, Dr. Ahmet Şenol said, “Cyber security can be defined as what we pay attention to, what we do and what we do not do in order to use our technological devices and accounts securely, and to minimize the risks of possible attacks or malicious situations. We can also call it the state of taking precautions against a cyber attack. We can define a cyber attack as the work done by a person or organization deliberately and maliciously to seize, block, or cause the system or account of another person or institution to work incorrectly. used the phrases.
Dr. Şenol also talked about the phishing method, which is generally sent to the person as an e-mail and redirects the person to a fake website:
“In the e-mail message sent in the phishing method, it is stated that the person has won a prize or that he/she needs to make a correction in their account information, and for this, they can do this by clicking the link in the e-mail. It is one of the most common types of cyber attacks. When the person clicks on the link specified in the e-mail sent to him, he is redirected to another fake site with the image of the website of the institution he actually receives service from. When the victim, who clicks on the link, enters the customer number and password, this information will not go to the user code and password verification system it really belongs to, but will be registered in the cyber hacker's own database. Here, because the hackers got the information they wanted, the hourglass continued to spin for a relatively long time on the login screen of the pirated fake software they had made, and then 'Sorry. They will end the transaction with a message such as "Our bank is temporarily unavailable". We should not open such e-mails against a phishing attack, we should pay attention to the web address to which the link leads us.”
Dr. Ahmet Şenol said that the safest method in internet banking today is to install the mobile application of the relevant bank on our own mobile phone, to perform internet banking through the mobile application of the bank, to use the phone lock effectively, not to let anyone else use our smartphone, and warned that we should not enter internet banking by clicking on a link sent.
Stating that another type of cyber attack on individuals is the transformation of computer or mobile devices into a device used in cyber attacks against the will of the person, Dr. Ahmet Şenol said, “For example, when searching for subtitles for a downloaded movie on the internet, when clicking on one of the sites brought by the search engine to download subtitles, the file extension that should be .srt is loaded as .exe. Thus, when the .exe file is run, there is a 99 percent chance that the computer is infected with malware. This malware can turn the computer into a soldier of someone else's cyber attack, or it can be spyware that captures the keys pressed on the keyboard and sends it to another address. User codes and passwords are usually included in the keys pressed on the keyboard. Pay attention to the downloaded file type and extension, avoid pirated software and content. The vast majority of cracked pirated software downloaded from the Internet contains malware. Especially if we are not sure of the sender of the executable files, .exe, .bat and .com files, we should not open or run them. Even visiting websites that download pirated content with a web browser can infect a computer with malware.” said.
Stating that ransomware is among the malware that will infect mobile devices and computers, Dr. Ahmet Şenol said, “Ransomware is transmitted due to reasons such as running the executable file attached to the e-mail and having a security vulnerability in a program installed on the computer. In a ransomware attack, all data on the person's disk is encrypted and the owner of the device is asked to deposit a certain amount of money, usually in crypto money, into an account. If the money is deposited, it is promised that the password will be opened by giving the key of the encrypted files. According to the data of the European Union Cyber Security Agency, the average amount of ransom demanded per incident by cyber attackers in 2021 increased from 71 thousand Euros to 150 thousand Euros compared to the previous year. According to the same agency data, a total of 2021 billion Euros ransom was paid worldwide for ransomware, including 18. It should be ensured that our device receives updates and security patches against ransomware, and the external disk from which the backup is taken should be physically disconnected from the device by making frequent backups of our data to the external memory. If we have an up-to-date backup, even if the ransomware has encrypted our data, we will reinstall our system, return from the backup and avoid paying the ransom.”
Üsküdar University Cyber Security Graduate Program Head of Department Dr. Instructor Member Ahmet Şenol listed the simple measures that can be taken against cyber attacks as follows:
- The smart mobile phone and computer must be locked automatically, and must be brought to the locked position when leaving the device,
- The password of the workplace and home wireless network should only be shared with trusted people and should be changed periodically,
- When sending or selling our device for repair, we should remove the disc, backup important data and securely delete files and reset passwords saved in web browsers,
- The password of our computer should not be written under the keyboard, on the back of the monitor, etc.,
- Attachments in incoming e-mails should be opened with care, even if they come from an e-mail address that we know,
- Be careful against phishing attacks,
- Pirated software should not be used on devices, unused software should be removed.
Günceleme: 06/12/2022 16:41