Here are 5 of the most common cyber attacks that are currently out there.
- Socially engineered Trojans
- Unpatched software
- Phishing attacks
- Network-traveling worms
- Advanced persistent threats
Here’s a brief explanation for these attacks that you need to be protected against.
1 Socially engineered Trojan;
Socially engineered Trojans provide the No. 1 method of attack. An end-user browses to a website usually trusted, which prompts him or her to run a Trojan. Most of the time the website is a legitimate, innocent victim that has been temporarily compromised by hackers.
Usually, the website tells users they are infected by viruses and need to run fake antivirus software. Also, they’re nearly out of free disk space and need a fake disk defragger. Finally, they must install an otherwise unnecessary program, often a fake Adobe Reader or an equally well-known program. The user executes the malware, clicking past browser warnings that the program could possibly be harmful. VoilĂ , exploit accomplished! Socially engineered Trojans are responsible for hundreds of millions of successful hacks each year. Against those numbers, all other hacking types are just noise.
2. Unpatched software;
Coming in a distant second is software with known, but unpatched exploits. The most common unpatched and exploited programs are Java, Adobe Reader, and Adobe Flash. It’s been this way for a few years now.
3. Phishing attack;
Approximately 70% of email is spam. Fortunately, antispam vendors have made great strides, so most of us have reasonably clean inbox’s. I think of an effective phishing email as a corrupted work of art: Everything looks great; it even warns the reader not to fall for fraudulent emails. The only thing that gives them away is the rogue link asking for confidential information.
4. Network travelling worms;
Computer viruses aren’t much of a threat any more, but their network-travelling worm cousins are. Most organizations have had to fight worms like Conficker and Zeus. We don’t see the massive outbreaks of the past with email attachment worms, but the network-travelling variety is able to hide far better than its email relatives.
5. Advanced persistent threats;
Lastly, I only know of one major corporation that has not suffered a major compromise due to an APT (advanced persistent threat) stealing intellectual property. APTs usually gain a foothold using socially engineered Trojans or phishing attacks. A very popular method is for APT attackers to send a very specific phishing campaign known as spearphishing to multiple employee email addresses. The phishing email contains a Trojan attachment, which at least one employee is tricked into running. After the initial execution and first computer takeover, APT attackers can compromise an entire enterprise in a matter of hours. It’s easy to accomplish, but a royal pain to clean up.
So now your probably wondering how can you protect your company from these things? Because lets face it, would you know what to do or who to turn to in the event of a cyber attack? I know I wouldn’t have had a clue before I started working for ITexpress. I was always of the opinion that it will never happen to me. Then as I started researching for this article, I realised it has happened to me in the past ! I received an email from HMRC requesting that I update my bank card details. I was requested to click the link that they had provided to fill out my bank details. It didn’t seem right to me so I hovered my cursor over the link they had provided without clicking my mouse. It came up with a link to a website that I had never heard of, and I instantly knew that I would not be doing as the email had requested. I deleted the email, and thankfully nothing happened after that, that I know of. But not everyone is aware that these things are a threat so close to home.
Anyway back to the point of what you can do to protect your self and your business; first of all make sure that your browser has anti phishing software installed (and of course check that this software is fully patched). Make sure your company passwords are strong. Don’t use your name in your password, your company name, date of birth, year of birth, it’s best not to use something that is directly connected to you or your company. And defiantly don’t use 1234 or abcd in there or password3. Familiarize you & your staff with what to look out for in an attack, if it seems too good to be true, it usually is. One thing that I did not mention above is ransomware, cases have multiplied over the the last few months. The attackers encrypt the information they get from companies in order to demand a ransom afterwards, threatening to otherwise destroy all data if it is not paid within a specified period of time. Imagen a new member of staff isn’t familiar with the computer in the office or the software, and the browser shows a threat. Not wanting to draw attention to themselves when they have only recently started the job, they follow the steps provided. The hackers now have access to all of your company data and can wipe everything with a click of a button. Could you come back from that? Do you have a remote back up? If the answer is no, this is something you should have.