chapter four

4 External Attacks

In this chapter, we will:

Leverage the Hacker mindset and the OODA loop models to plan out our own theoretical attacks against Home and Company networks.
Explore how data injection attacks work, develop an XSS data injection attack and test its effectiveness.
Use knowledge of the different types of malware (virus, trojan, ransomware) to identify and develop different strategies in defending against them.
Explore how WiFi and mobile phone networks work, understand how data can be intercepted and spoofed, and how we can defend against this.

Now that we’ve looked at how to think like a hacker, and what mental models we can use, we get to the really fun stuff: exploring how the most common external attacks work. As part of helping you anticipate external attacks, this chapter will have several exercises to teach you how to think and plan an attack yourself. We’ll also look at the different types of malware, as well as dig into the security problems with WiFi and mobile phone networks.

By the chapter’s end, you will be able to think like an attacker – to understand how and why some of the most common attacks work. By understanding how to use malware and attacks using security problems with WiFi and mobile networks to steal users’ credentials and data, you’ll be better able to defend against these attacks.

4.1 How do hackers get in?

4.1.1 Home Setup

4.1.2 Corporate Network

4.2 Data injection attacks

4.2.1 SQL Injection (SQLi)

4.2.2 Defenses

4.2.3 Cross-Site Scripting (XSS)

4.2.4 Defenses

4.3 Malware: Viruses, Trojans, and Ransomware

4.3.1 Viruses

4.3.2 Trojans

4.3.3 Ransomware

4.3.4 Protection

4.3.5 The Four Golden Rules of Malware Security:

4.4 Dodgy Wifi

4.4.1 Defenses

4.5 Mobile phones, SMS, and 5G

4.5.1 Malware

4.5.2 IMEI cloning

4.5.3 SMS spoofing

4.5.4 Problems with 5G

4.5.5 Keeping safe

4.6 Chapter Summary