Cyberattacks can come in a variety of forms and affect private individuals and corporations alike. Understanding how the different types of cyberattacks work and how to prevent them can help you and your company prevent hundreds of thousands, if not millions, of dollars is downtime.
The most prevalent kinds of cyberattacks today are:
- Phishing attacks
- Malware attacks
- SQL Injection attacks
- Man-in-the-middle attacks
- Denial-of-Service attacks
Phishing attacks are simply schemes that attempt to trick the user into divulging sensitive information such as username, password, credit card information, and other data. Phishing, spear-phishing, and whaling are all three terms of the same basic type of attack and often manifest themselves as an email sent from what it wants you to be believe to be a legitimate source, with the hope you will give up your information. Some common examples are:
- Emails from the CEO to the CFO requesting to wire funds to another account.
- Emails from another user in your organization with a hyperlink to a document that requires you to validate your credentials.
- Emails from your bank that they have noticed suspicious activity and need you re-authenticate your account.
All of these examples are real-world examples and fool thousands of people each day. The number one defense to these schemes is education, and we offer very simple to understand and practical training solutions for your team to identify the threat, report it, and safeguard the company.
Malware attacks originate from a file attachment or hyperlink that results in running a malicious script that ultimately encrypts all files on the user’s computer, after which a ransom demand is made. Not all malware is the same, they all behave differently, but share the common entry point: the end user opened an attachment or clicked a link. Once malware is on your computer it can do a variety of damage:
- Log keystrokes and take screenshots, sending back to the attacker.
- Take full or partial control of the computer.
- Send confidential data from your network back to the attacker.
- Encrypt your files, effectively rendering your device useless.
Malware attack prevention again is best handled with end-user training on how to identify common threat forms and what to do and not do.
SQL Injection attacks are simply attacks that exploit any known weaknesses in SQL (structured query language) databases and force the SQL servers to divulge sensitive information. SQL databases store volumes of customer data, such as usernames, passwords, credit card information, and other sensitive data. True for not only SQL databases but for all servers and systems, a primary threat reduction technique is to ensure all systems are 100% current and up-to-date with all patches and security updates. Criminals study known weaknesses but will also study newly released patches to understand what vulnerability it is addressing, which gives them a roadmap to specifically target the vulnerability on outdated systems.
Man-in-the-middle attacks are conducted on websites with servers that are not fully protected and updated. When you browse the internet and are conducting business on websites, there are many small transactions occurring between your computer and the website’s host servers, relaying information about who you are, what you are doing, and other information. Man-in-the-middle, or session hijacking, occurs when the attacker captures the session ID information and pretends to be you. When successful, they are able to gain access to personal information and other sensitive data you may have shared with that website in the past.
Denial-of-Service attacks and its other common form, Distributed Denial-of-Service attacks, in its simplest terms, are attacks that overwhelm a website with more traffic it can handle, which makes access impossible or difficult to access. If you were to take the traffic of a major city and re-direct it all to a small country road in a small town, that small town would be overwhelmed with traffic and no one would be able to get where they want to go quickly and efficiently. That is essentially what happens in these attacks.
Websites that are used to receiving high traffic volume, like news websites, have the infrastructure in place to handle high amounts of people simultaneously viewing the website. However, some smaller company websites are not positioned to handle this kind of traffic and can find their website shutdown either innocently via overnight rise in popularity or maliciously, shutting it down.
Distributed denial-of-service attacks effectively do the same thing but are done to appear to originate from many different IP addresses worldwide, making the source very difficult to determine.
We can help you with your cybersecurity needs and get your systems into a current state with a multi-layered security posture that protects your data. Be sure to contact us today to learn more.