Richard Clarke, a former counter-terrorism expert for the United Government, once said, "If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked". While the latter is a tad harsh (we wouldn't wish a cyber attack on anyone!), the former is certainly true.
If you don't protect yourself and your business from cybercrime, it's only a matter of time before you'll be the victim of an attack. In 2015, worldwide cybercrime damages amounted to $3 trillion. Forecasts say that this amount will double by 2021.
The best way to protect yourself is to know about the different types of cyber attacks. Then you can use that information and take steps to make your networks secure.
8 Common Types of Cyber Attacks
Cyber attacks can come in different forms. Some target the human attack surface. This refers to security holes that are created by people due to negligence, employee turnover or human error. Other attacks target security holes in the networks themselves.
1. Password Cracking Attacks
In password-based attacks, hackers use software and brute force attacks to access secure accounts. They have password-cracking software that can test thousands of potential passwords. These machines are successful because password rules have made passwords less secure.
Users often follow patterns when told that their passwords need to contain a capital letter and punctuation mark. The result is that it is easier for machines and hackers guess your password and break into your account.
The best way of securing your accounts is by using passwords that are legitimately random. Give up your habit of using the street you grew up on or your locker combination from high school. Another way to protect your accounts is by having long passwords. These are much more difficult for machines to guess.
Finally, be sure to keep your passwords safe. This means using different passwords for business and personal uses and changing them on a regular basis. Also, consider using a password or credential manager.
2. Social Engineering Attacks
Social engineering attacks such as password phishing emails are one of the most common types of attacks. For these cyber attacks, hackers send out emails that have been designed to look official. This means that they'll spoof the emails that are sent out by companies like Paypal and Amazon. Hackers hope that potential victims will follow the links in the email and enter their passwords or banking information.
The Nigerian prince emails from the 90s are one example of a social engineering attack. And while people familiar with this scam may laugh about it, there are many internet users falling prey to social engineering attacks. Not all phishing attacks are as outlandish as the Nigerian prince wanting to give you several million dollars. The majority of successful cyber attacks on businesses are the result of spearphishing. This is a strategy where emails are carefully tailored to seem authentic to their recipient.
The best way to protect your business from social engineering attacks is through training and education. These attacks are only successful when people are not able to spot the false emails. Encourage your employees to be vigilant when clicking email links before they enter their secure data.
Another way to protect your business is by implementing two-factor authentication (2FA). This is a secure login system that requires a physical object as well as the username and password. Some examples of this include receiving an SMS on a registered number or biometric data.
You can also look into phishing detection tools such as email filters, anti-virus software, and firewalls. These tools will give a warning if they detect something suspicious.
3. Social Media Attacks
Have you ever seen a post on Facebook where a friend or family member is inexplicably hawking sunglasses? This person has fallen victim to a social media attack. These attacks are usually designed as friend requests or invitations to play a game. When you accept the request or invitation, it grants excessive access to your profile that hackers can take advantage of.
Facebook no longer requires a registered email address to sign up. This makes it difficult for the average user to prevent someone from creating a fake profile in their name. Then, when people see a request from someone they know (or so they think), they don't think twice about accepting it.
For companies, there is often a team of people who have access to the company's accounts across social media. This leaves companies open to savvy corporate hackers who will then take over the account in order to embarrass the company.
Again, education plays a pivotal role in preventing social media attacks. Remind employees not to share the passwords for social media accounts. In addition, teach your social media managers what to look for to determine if an account has been hijacked.
4. Malware attacks
Malware is a portmanteau for "malicious software". Hackers design viruses, worms, Trojan horses and more to disrupt companies by destroying or encrypting their files.
The best way to prevent malware attacks in the first place is by having the right software protecting you. This means not just installing anti-virus software and setting up firewalls but also keeping them updated. When your anti-virus and other protective software becomes outdated, it actually becomes easier for hackers to get in then if you didn't have any anti-virus software in the first place.
5. Denial-of-Service Attacks
A denial-of-service attack is where hackers render a site inaccessible to legitimate customers. Hackers do this by overwhelming the website with traffic and data until the website crashes. Although denial-of-service attacks do not have a direct financial cost to the victims, the indirect cost of lost sales can be high not to mention the frustration of getting the website up and running again.
E-commerce websites are the most likely targets of denial-of-service attacks. That said, hackers have been known to go after different types of high-profile businesses including media agencies and government organizations.
Besides keeping your anti-virus software and security patches up-to-date, you should also be monitoring your traffic reports to protect against a denial-of-service attack. A sudden increase in traffic or other strange traffic patterns could be an early sign of this type of attack.
6. Man-in-the-middle Attacks
With the normal flow of information, data flows seamlessly from users to the servers and back. With a man-in-the-middle attack, that flow gets disrupted when the hacker steps in the middle and intercepts the data being sent. One of the most frustrating things about a man-in-the-middle attack is that the users are not aware of what is happening or that their data has been breached.
To prevent man-in-the-middle attacks, pay attention to the security of websites you're using. This means, only enter confidential information on websites where the URL is "HTTPS" instead of HTTP. Also, pay attention if your browser warns you that a website's security certificate is out-of-date. These websites are vulnerable to man-in-the-middle attacks.
7. Eavesdropping Attack
With an eavesdropping attack, hackers listen in on data that flows through the network. This gives them access to things like passwords, identifying details and credit card numbers. Eavesdropping attacks are different from man-in-the-middle attacks because the data still directly reaches its destination. Because of this, eavesdropping attacks are even harder to detect than man-in-the-middle attacks.
There are two types of eavesdropping attacks; passive eavesdropping and active eavesdropping. With passive eavesdropping, the hacker simply "listens" to data that is passing through the network. With active eavesdropping, hackers disguise themselves. This allows them to impersonate a website where users would normally share their private data.
To prevent being the victim of eavesdropping attacks, make sure that you're using data encryption in transit.
8. Drive-by Download Attacks
Hackers use drive-by download attacks to spread malware. With this style of attack, hackers are casting a wide net as opposed to attacking specific targets. They upload the malicious code to unsecured websites. When users visit this site, the webserver code automatically installs the malware or redirects the user to another corrupted site. These drive-by download attacks may be lurking in emails or pop-up windows as well.
The best way to avoid drive-by download attacks is to stay away from suspicious websites. That said, malware can be installed on any website so you need an additional layer of protection. Keeping your firewall software up to date will help in this regard. Finally, keep apps and plugins on your device to a minimum. These tools increase your attack surface and leave you vulnerable to attacks.
Stay Vigilant to Protect Your Business and Prevent Attacks
Cybercrime isn't going anywhere so businesses need to adopt a "not if but when" attitude to staying vigilant. By educating your employees and maintaining the quality of your anti-virus software and firewalls, you will be taking the first steps towards protecting your business.
To further secure your business against different types of cyber attacks, get in touch with us at Alpine Security. We can run penetration testing on your current security procedures and advise you how to improve your security protocols.