Hacking & And

how to improve
your Security
#:# -> Think before you click!!
Issue number : 2
28/12/2022

AFDIS
IT DEPARTMENT
 What is Hacking?
• Hacking is the act of compromising digital devices and networks by
gaining unauthorized access to an account or computer system.
What kind of devices are prone to hacking ?
• Phones , Motor vehicles , CCTV Systems, Laptops , Alarm
Systems etc.
Who are the targets?
• Small and Well Established Firms
• Celebrities
• High Achieving People
• Top Management Personnel's
#:# -> Hence there is need for us to use heavily secured password as
those directed to in Newsletter 1 ( A 12 length character long with
numbers & special characters e.g. !@#$><
For example : C0nfiguR@+1on!
#:# - > Thus , That’s why we have adjusted our Password Policy as AFDIS
to use a 12 Character length Password which includes the above
mentioned.
For Example : newHPd3sktop@sam123*
Case Studies :
1) ZEC Got Hacked -> https://news.pindula.co.zw/2022/11/16/zec-says-
team-pachedu-hacked-its-website/
2) TM Pick n Pay $22m fraud ->
https://www.pindula.co.zw/TM_Pick_n_Pay_$22_Million_Email_Heist
3) FBC bank loses $27m to fraudster -> FBC bank loses $27m to
fraudster - The Zimbabwe Independent (newsday.co.zw)
2
Phases of Hacking
#:# Break the cycle

• 1. Reconnaissance:
• 3. Gaining Access:
• This is the first step of Hacking. It is also called as Foot
printing and information gathering Phase. This is the • This phase is where an attacker breaks into the
preparatory phase where we collect as much system/network using various tools or methods.
information as possible about the target. We usually After entering into a system, he has to increase
collect information about three groups, Network, his privilege to administrator level so he can
Host, People involved install an application he needs or modify data or
hide data.
• There are two types of Foot printing:
• 4. Maintaining Access:
• Active: Directly interacting with the target to gather
information about the target. E.g. Using Nmap tool to • Hacker may just hack the system to show it was
scan the target vulnerable or he can be so mischievous that he
Passive: Trying to collect the information about the wants to maintain or persist the connection in
target without directly accessing the target. This the background without the knowledge of the
involves collecting information from social media, user. This can be done using Trojans, Rootkits or
public websites etc. other malicious files. The aim is to maintain the
access to the target until he finishes the tasks he
• 2. Scanning: planned to accomplish in that target.
• Three types of scanning are involved: • 5. Clearing Track:
• Port scanning: This phase involves scanning the target • No thief wants to get caught. An intelligent
for the information like open ports, Live systems, hacker always clears all evidence so that in the
various services running on the host. later point of time, no one will find any traces
leading to him. This involves
• Vulnerability Scanning: Checking the target for modifying/corrupting/deleting the values of
weaknesses or vulnerabilities which can be exploited. Logs, modifying registry values and uninstalling
Usually done with help of automated tools all applications he used and deleting all folders
he created.
• Network Mapping: Finding the topology of network,
routers, firewalls servers if any, and host information
and drawing a network diagram with the available
information. This map may serve as a valuable piece
of information throughout the hacking process.

3
 Good Practices that keep us safe from hackers

Things You Need to Do to Prevent Getting Hacked How to protect yourself from hackers
• Encrypt Files While Storing and Transferring • Protect your personal data when using emails
• Use Browser Extensions to Block Malicious Sites and Harmful Downloads • Keep your data secret
• Install a Strong Anti-Malware Program • Enable the firewall
• Don’t Share Any Information via HTTP Sites • Use strong passwords
• Recognize Signs of Fake or Malware-Infected Websites
• Do not synchronize all your digital accounts together
• Learn to Recognize Fake vs. Legitimate Software and Applications
• Use two-level authentication
• Recognize Phishing Emails
• Download files from trusted sources only
• Beware of Phishing SMS Messages
• Update your operating system and programs regularly
• Don’t Log in Via Existing Third-Party Platforms
• Enable Two-Factor Authentication (2FA)
4
How do you prevent yourself from being hacked?

There are several key steps and best practices Avoid Clicking on Ads or Strange Links and
that organizations and users can follow to ensure downloading files from untrusted Emails
they limit their chances of getting hacked. Advertisements like pop-up ads are also widely used
by hackers. When clicked, they lead the user to
Software Update inadvertently download malware or spyware onto
their device. Links should be treated carefully, and
• Hackers are constantly on the lookout for strange links within email messages or on social
vulnerabilities or holes in security that have
not been seen or patched. Therefore, media, in particular, should never be clicked. These
updating software and operating systems can be used by hackers to install malware on a
are both crucial to preventing users and device or lead users to spoofed websites.
organizations from getting hacked. They
must enable automatic updates and ensure Change the Default Username and Password on Your
the latest software version is always installed Router and Smart Devices
on all of their devices and programs.
Use Unique Passwords for Different Accounts Routers and smart devices come with default
usernames and passwords. However, as providers
• Weak passwords or account credentials and ship millions of devices, there is a risk that the
poor password practices are the most credentials are not unique, which heightens the
common cause of data breaches and chances of hackers breaking into them. It is best
cyberattacks. It is vital to not only use strong practice to set a unique username and password
passwords that are difficult for hackers to
crack but also to never use the same combination for these types of devices.
password for different accounts. Using
unique passwords is crucial to limiting
hackers’ effectiveness.
• Constant IT Audits and Penetration Testings