We are sure that you have watched many movies about cyber attackers and witnessed the same thing in almost all of them; there is a window in which a string of code is constantly flowing, the attacker presses a few keys and the target computer immediately allows to log in as "admin".
The problem is that real-life cyberattacks look nothing like this. But surprisingly, sometimes they can be even easier! Below, I list differences between cyberattacks in movies and real life ones.
Operating Systems in Movies Are Not Available in Real Life
Microsoft Windows may be the most popular operating system in the world in real life, but we hardly ever see it in the movies. There are two reasons for this: First, various licensing issues. The second is that Windows doesn't look "fancy" enough. Producers design interactive applications that consist of only a few screens to look beautiful, impressive, and "technological" on the screen, and these are the "operating systems" of the computers in movies. This kind of application is called "FilmOS". The number of productions using a real operating system in cyber-attack scenes is extremely limited. Mr. Robot was one of them, and Linux was used in the cyber attack scenes.
Attackers Don't Just Target Companies
Contrary to popular belief, cyber attackers do not only target large companies, government agencies and banks. If you have a popular social media account, you can be sure that you will be hacked sooner or later.
Even if you do not have an account on social media and you only use the Internet for browsing, you are at risk: Cyber attackers are looking for opportunities to make such computers part of "hordes of bots".
Your computer may have been compromised without your knowledge and used in a DDoS attack. So end users also need to pay attention to internet security, and protecting their connections through an encrypted tunnel is an important part of this.
An Attack Takes Much Longer Than In Movies
The attacks on movies may be complete in a matter of minutes, but in real life it doesn't work that way. For predictable reasons, once the attack has started, it must be completed as soon as possible. However, it takes months of preparation for that attack. First, you should identify the vulnerabilities of the target and learn everything possible about the system it uses. Then you need to examine the existing and yet unknown vulnerabilities of that system.
Vulnerabilities detected in an operating system or network protocol, but not yet published, can be sold at extremely high prices. Then you need to secure your own system and plan what to do to avoid leaving any traces behind. In other words, cyberattacks are not things you can pull the computer in front of you and complete it in a few minutes; they have serious costs and require a preparation process that can take months.
But Sometimes It's Even Shorter Than In Movies
If the target computer has not installed the operating system patches, is using older versions of programs with various vulnerabilities, and is unconscious about online security, that is, the average user, cyberattacks can sometimes take less time than in movies. Moreover, the attacker does not have to be an "expert". Even people with a basic knowledge of computers can get surprisingly effective results by typing "how to crack password" and searching it on Google! Is your password "12345"? Or did you decide to have your password "Password", displaying a practical intelligence?
Congratulations, both will take less than 5 seconds to crack. You can refer to the list below to get an idea of password strength. Brute force programs, i.e. hacking applications that keep trying until they find the correct password:
It can instantly crack an 8-digit password consisting of only digits.
It takes an average of 40 seconds to crack a 10-digit password that consists of only digits.
A seven-digit password with only uppercase or lowercase letters is also broken instantly.
6-digit passwords that use a combination of numbers and uppercase and lowercase letters can be cracked within 3 minutes.
The most secure passwords are passwords that use numbers, upper and lower case letters and special characters (such as?). It takes 57 days to crack such an 8-digit password.
Computer is not used at all in most attacks
Cyber attackers do most of their attacks in real life, not on the computer. Using techniques called "social engineering", you can take control of a network without writing a single line. Or you can ensure that you are given the password of a system that seems impossible to break. Sounds fanciful, right? However, this type of attack is the most common in real life.
