In order to make the right decision on the proper protection your business needs then you must have a key understanding of the threats out there on the market as each threat has unique properties. In this section of the guide, we will give you a greater understanding of the most common cyber security threats putting you at risk:
Phishing is one of the most common weapons at a cyber attackers arsenal. Phishing is an un-targeted tactic and is the process of tricking a victim (whether an organisation’s staff or customers) into imparting confidential information such as passwords and account details to a third party via email, websites and instant messaging that masquerades as a trusted entity. Phishing attacks commonly rely on social engineering to be successful manipulating people into actions rather than hacking the system.
The lure is most typically sent via email and a modern day phishing attack can target large-scale email addresses around the world that are obtained through security faults in retail websites. There are a multitude of attack tactics used by phishers ranging from man-in-the-middle attacks and key loggers, to complete re-creation of a corporate website, these attempts are often very sophisticated which means customers can easily be fooled into submitting personal, financial and password data.
Phishing emails can also contain attachments or links within the message that install malware, spyware or Trojans on the user’s device, which collect a user’s credentials locally, and are transmitted to the phisher.
There are a considerable number of variations of phishing attack which are utilised by cybercriminals, the following are a sample of the types of tactics utilised by attackers:
- Email Phishing – Is the mass distribution of messages which contain requests for users’ to disclose some form of confidential information including verifying account information or updating payment details.
- Spear Phishing – Spear phishing is a targeted form of phishing which takes the principles of phishing sending emails masquerading as a legitimate entity but are targeted to specific users or organisations.
- Man in the middle phishing (MITM) – This form of phishing technique is where attackers position themselves in between the end user and a legitimate organisation to record the confidential information being passed through. MITM can be one of the most difficult forms of phishing attack to detect as victims transactions/interactions with the organisation are still submitted.
- Keyloggers and Screenloggers – Utilise forms of malware that monitor and feedback keyboard input in order to fraudulently gain access to passwords and other confidential information.
- Pharming – Also known as ‘phishing without a lure’ is a practice whereby malicious code is installed on a user’s server which directs users to fraudulent websites without their knowledge. This can be done by corrupting a user’s host file which will take a user to the corrupted website even if they type in the correct web address. A particularly sinister version of pharming is known as DNS (Domain Name System) poisoning where users are directed to fraudulent websites without the need for corruption of the personal host file.
- Malware Phishing – Is the process of download malware on a users’ device either through an attachment in an email, a downloadable web file or exploiting software vulnerabilities.
Malware is a term that encapsulates all types of software that are created with the capabilities of corrupting and damaging a computer, network or device with malicious intent. As an umbrella term malware contains a swathe of dangerous software that you can potentially be at risk to. At its core, malware is designed to go undetected, hiding not only users but detection mechanisms as well.
Incidents involving malware cyber attacks continue to plague both large and small organisations in 2015 with nearly three-quarters of large organisations subject to malware targeting and three-fifths of SME’s which was a 36% increase in the number of attacks on small businesses on the previous years’ figures.
Here we will explore some of the different types of malware present in the cyber security environment:
- Viruses – A virus is a form of malware that replicates itself inside a users system to the point where it can corrupt the system of destroy data.
- Worms – Like a virus, worms are a self-replicating computer program that penetrate a users’ operating system with the intent of spreading malicious code. Worms utilize networks to send copies of the original code to other computers, causing harm by consuming bandwidth or possibly deleting files or sending documents via email.
- Trojan Horses – A Trojan horse is a destructive form of malware that masquerades itself as a useful application performing one or more destructive tasks once activated, such as stealing identity or financial data.
- Rootkits – A rootkit is a software or group of software that is designed to mask the fact that your operating system has been corrupted. They enable malware such as worms and viruses to infect your system by cloaking them as useful files to your antivirus software. They are extremely difficult to detect due to the fact they corrupt your system before it starts.
- Backdoors or Trapdoors – A hidden bypass to a program’s security area, a backdoor or trapdoor may be created by a programmer to expedite troubleshooting or for some other innocuous purpose. But once discovered, the technique may be used by an attacker to damage, destroy or steal data.
- Spyware – Is a form of malware that is installed on to a users’ computer aimed to capture confidential information such as passwords, banking and credit card details. Spyware is another form of malware hidden from the user in order to garner valuable data.
- Botnets – Botnets are a network series of private, internet connected devices that are infected with malware and controlled without a users’ knowledge. These devices are then controlled to distribute phishing attacks, send spam and undertake DDoS attacks.
- Distributed Denial of Service (DDoS) – A DDoS is a form of attack whereby a target network, server or website is overloaded due to a number of devices (usually malware infected) being made to hit those areas.
- Ransomware – Is a type of malware that encrypts files and blocks elements of your PC or network with a threat to pay money, complete surveys, or perform other actions those capabilities are released.
- Advanced Persistent Threat (APT) – Are covert attacks used with the purpose of stealing data from a network or organisation. APTs are an attack to the network which give an unauthorized person access to the network where they can stay undetected for a long period of time.