Most of us are aware of the traditional types of invasive attacks, such as computer viruses and malware. But these merely touch the surface. Email phishing attacks, ransomware, crypto-jacking, data breaches, IoT attacks, Denial of Service attacks, and web-based attacks globally cost businesses billions of dollars per year and are on the rise.
It is important to keep in mind that most attacks occur because of user error or negligence, such as clicking a malicious URL, installing infected applications, or simply not paying attention. Educating staff (preventative measures) will improve overall security the most, followed closely by using appropriate security tools and services (reactive measures).
This month, we’ve put together a list of the most common types of cybersecurity breaches, and have listed several standard mitigations to help prevent them and protect your users. If you are reading this, and are a client with us, we’ve already got you covered!
Email attacks
Generally referred to as Whaling Attacks, these target high profile individuals in your business via regular email channels. The sending party, who is often a trusted source such as a partner, client or customer, has been compromised and the attacker is using their email system to masquerade as the trusted source in an attempt to obtain illegitimate information or payment. The most common Whaling attacks attempt to convince people to send payments for invoices through to a different bank account.
To prevent these kinds of attack, make use of an Email Threat Protection tool (such as Mimecast or Microsoft ATP) to best prevent these types of attacks. These work by sitting in front of your corporate infrastructure, intercepting malicious content before it enters the corporate environment and allowing legitimate content to pass through seamlessly.
Example:
The CEO is away on business and is sporadically responding to emails from his [email protected] address. A staff member receives a very short email from the CEO asking them to pay an invoice urgently. The email has the CEO’s standard signature and phrasing so it looks legitimate. The accountant, not wanting to get into trouble, obliges to the request, not realising the email has come from [email protected]. Thousands of dollars have been lost.
Denial of Service attacks (DOS)
DOS attacks explained: If the full bandwidth of your office network or computer is a single lane highway, DOS attacks attempt to send ten lanes worth of traffic through the network, effectively causing a digital ‘traffic jam’ where no data can be transmitted.
Denial of Service attacks traditionally target Internet Service Providers (ISPs), large corporations and cloud service providers such as Microsoft, Google, and Amazon. However, these have recently expanded to target multiple SMEs at once, causing severe outages to internet connections, usually localised to a per-country or per-region attack that brings down thousands of businesses at once.
These attacks use infected machines around the world to push more traffic to your network than can be processed, causing delays in transmitting legitimate network traffic. In addition, DOS attacks can infect computers en-mass, increasing the overall capability of the DOS attack globally.
These can be difficult to prevent but you can install a next-generation firewall that is able to react to attacks and only allow legitimate packets into your network.
Example:
Company X resides in a serviced office, with hundreds of businesses operating at the same location. It is 12 noon and staff are relaxing, eating lunch, and trying to watch cats chase lasers on YouTube. The videos are very slow to load, which is standard because it’s lunchtime. This persists long after lunch time, and at 3pm the decision is made to leave and close the office as the machines are barely workable. Half a day’s worth of productivity is lost due to a DOS attack on the building. There was no indication from the serviced office that they were under attack.
Ransomware
Ransomware attacks target users’ computers directly, infecting and encrypting all files on a machine and spreading across the rest of the network within minutes. To decrypt the files, the attacker will demand a cash payment, often in Bitcoin (making it untraceable), before they give you access to the files. The attacker will also take a copy of all documents they find and sell on the black market.
Ransomware is by far the most lethal of all attacks to Financial Services firms because it makes client data inaccessible, the ramifications of which have severe financial penalties with regulators.
Make use of a corporate antivirus and web filtering solutions to help prevent these types of attacks.
Example:
A user has been given a task from their manager to create content for a new marketing campaign. After asking the technology department, they are informed that they do not have any editing software available. The user searches the Internet and finds a website for free software. After downloading and installing the software, they find that all documents on the computer have been encrypted by malicious ransomware masquerading itself as legitimate software. In addition, the company shared documents they have access to are also encrypted. The ransomware organisation demands USD 5 million to decrypt the files.
Web-based attacks
Often used in conjunction with other attacks listed above, web-based attacks create a spoofed or manipulated website which appears to be legitimate. For example, it might hijack your computer and direct URLs to a different, identical website, or trick you to go to gooogle.com instead of google.com.
These are normally prevented by a web ‘proxy’ filter or URL scanning service that can detect such attacks.
Example:
A user is searching the Internet for a document template. They navigate to a website and download a PDF and open it. Unbeknownst to the user, the PDF is malicious and executes a script, installing several virus software and allows a hacker to access their workstation. The attacker then copies all corporate files, selling them and exposing the business to legality and regulatory punishment. The user was completely unaware that this was happening.