We learned recently that October has been designated National Cybersecurity Awareness month, so we’ll be doing some blog posts on the topic of Cybersecurity.
First, we’ll look at the most common types of Cyber Attacks that hackers engage in.
Malware
Malware encompasses many types of attacks that all begin with the installation of some malicious software inside a victim’s computer system.
Malware is delivered to the system in many ways – such as from a link, an email attachment, a compromised software installation file, embedded into documents/spreadsheets, or planted on USB thumb drives. The victim unknowingly allows the malicious code to be installed on their computer.
There are many types of Malware:
Viruses – this type of malware is capable of replicating itself and attacks the host, for example, by messing with the way your computer works, or destroying/corrupting files.
Trojans – this is malware that hides inside some other program and is typically used to create a backdoor into a network.
Worms – this type of malware makes its way across networks by spreading copies of itself. It is typically delivered through an email attachment, and the worm may access your contact list and email a copy of itself to all your contacts. Worms can be used to take an email server down or instigate a denial-of-service attack.
Ransomware – this is malware that shuts off access to the victim’s data accompanied with threats to delete the data or publish the data unless a ransom is paid. Basically, the victim’s data is held hostage. A Ransomware attack may encrypt the victim’s data, rendering it inaccessible without a special decryption key. And, of course, the hacker will provide the decryption key if a ransom is paid.
Spyware – this type of program collects information about the user and its network or collects information about the user’s behavior. The program will send the data it collects to a remote location. For example, keystroke logger spyware keeps track of all your keyboard keystrokes so the hacker can figure out your usernames and passwords for important websites or email.
Phishing
Phishing is a common attack where a hacker sends a massive number of emails that looks like it’s being sent from a legitimate source. The email may contain commonly recognizable business logos and be formatted to the business’s typical layout. Clicking on a link in the email may install malicious scripts or link the user to a malicious file.
Phishing subcategories include:
Spear Phishing – attacks targeted to a specific company or a specific person.
Pharming – directing users to a bogus website that looks like a legitimate website and typically contains a login screen which allows the hacker to obtain usernames and passwords.
Whaling – phishing attacks that target senior executives, where emails are typically sent masquerading as another senior executive and is designed to have the target perform a secondary action, such as transferring funds.
Man-in-the-Middle Attack
When accessing a website, you exchange data back and forth between your computer and a remote website server. When you are using a shared network, for example, in a café, there are ways for a hacker to insert themselves between you and the remote website server. So what may seem like a private session may actually have a hacker in the middle facilitating the data exchange, and at the same time stealing personal information.
Denial-of-service (DOS) attacks
A DOS attack takes a system down by overloading the network with traffic making the system respond so slow that it is useless and unusable. You may also know this as a Distributed Denial-of-service (DDOS) attack – because the flood of traffic comes from many servers/computers distributed around the globe. DDOS attacks can target a specific website, email server or DNS server.
We’ll list some more common cyber attacks in another post.
Visit our website to learn more about Cybersecurity solutions offered at Everleap.
No responses yet