5 Common Types of Cyber Attacks
5 Common Types of Cyber Attacks
The number of businesses suffering from data breaches and cyber attacks are now higher than ever before. In fact, one in three UK businesses confirmed that they had experienced a breach in the past 12 months alone.
This increase means that cyber security investment is finally becoming a priority for UK businesses. However, many are struggling to uncover what their actual cyber risks and weaknesses are. This confusion has now grown so strong that many businesses are reportedly “investing blindly” in security.
And indeed, it can be challenging for the average business owner to recognise what the experts would consider ‘suspicious’.
Although it seems like the internet is dark and full of terrors, there are a few types of cyber attacks that are more common than others. Let’s take a closer look at the most common threats - and what you can do to stop them.
Phishing is incredibly successful because it preys on human interaction - which is arguably one of the most vulnerable aspects of cyber security.
These attacks involve sending out personalised emails - pretending to be from someone you know - where they trick you into either revealing personal data, download malware or make a financial transaction. But it doesn’t stop there.
‘Whaling’ is a close relative of the traditional phishing email. This is when you receive an email, which appears to be from someone senior in your organisation, where they request you to make an urgent payment or update already existing payment details. The costs can be extraordinary if the attack isn’t discovered.
In 2016, an Austrian aircraft manufacturer lost £38 million to a whaling attack. The company only managed to recover £10 million - and both the CEO and his chief financial officer was sacked following the scandal.
I dare say that most of us will have received a phishing email at some point in our lives. While some are incredibly easy to spot, others - such as the HMRC scam that has made its way around the internet recently - can be more difficult to spot.
Here are 5 quick ways to recognise a phishing email:
- The email address is different from the company’s original email address. Is the domain amazon.com or samazon.com?
- Did a friend or colleague send you an unexpected email with an odd attachment? Don’t open the attachment until you have confirmed with them verbally that they actually sent it. They could have been hacked.
- Is there a deadline included? Phishing emails often include short deadlines, thereby creating a sense of urgency.
- Are the links actually legitimate? Hover your mouse over the link - but don’t open it! - and watch as the real web address is uncovered.
- Is it full of spelling mistakes? It’s a running joke in the industry that scammers are somehow incapable of spelling. Take our word on this: if the email contains spelling mistakes, it’s most likely not from your bank.
Man in the Middle Attacks
Yet another common type of cyber attack. Here, the hacker plant himself between your device and an unsecured WiFi.
This is a very simple concept: as a hacker, you simply intercept the traffic from one device going to the recipient, and then access and read their details without them ever noticing. The hacker can also use a malware attack, where they install a specific type of software on your device in order to harvest your data.
This quick diversion will let the attacker insert their own cryptocurrency wallet to steal your funds, or passively steal your data which can later be used in cyber crimes. One of the most famous examples of a Man in the Middle attack dates back to 2015, when Europol arrested an astonishing 49 hackers involved in parallel Man in the middle attacks.
The key to combating this is prevention. We recommend that you use a robust firewall in the office, and that you use a virtual private network (VPN) to encrypt confidential data when you’re using an unsecured WiFi. We also recommend that you consider implementing network-connected device security.
SQL Injection Attacks
These attacks exploit SQL (Structured Query Language), which is a programming language often used in database systems. This works by having the hacker insert malicious code into your server and force it to reveal important data. LinkedIn recently lost 6.5 million password in a targeted SQLi attack.
Luckily, there are plenty of things you can do in order to prevent SQL injection attacks. While you can never become 100% safe from attacks, there are still plenty of obstacles that can make the hacker turn around at the door. Here are a few quick tips on how to prevent SQL attacks:
- Patch security flaws: Hackers tend to exploit known vulnerabilities in applications, it’s therefore imperative that you apply updates and patches as soon as they’re available.
- Filter malicious data with a Firewall: This should be an obvious weapon in your cyber security toolbox. By filtering your traffic, firewalls can offer you some really robust data protection.
- Reduce your attack surface: We highly recommend that you get rid of any functionality in your databases that you don’t really need. It’s also highly important to revoke access privileges for user accounts that are no longer in active use.
- Monitor SQL statements: By closely monitoring your database, you can quickly identify rogue and malicious SQL statements.
Denial of Distributed Service (DDoS)
This is a targeted attack that sabotages an online system by directing unusually high traffic towards a single server. The traffic often comes from a wide variety of malicious servers, and they’re usually carrying a trojan horse.
Your IT team can protect against this type of attack by distributing your servers geographically, using good firewalls and implement DDoS-specific security software. We have a complete guide on how to protect your business from DDoS-attacks here.
Brute Password Attacks
Weak passwords is a threat to most organisation. And, often, the malicious user only need to crack one password in order to gain access to your entire database.
Unfortunately, most passwords are not up to the industry standard. This means they can easily be obtained by
- Looking around a person’s desk
- Using social engineering
- Outright guessing
When it comes to this, we tend to separate between two different types. Brute-force means that the attacker systematically tries different passwords - related to the business, the name of the employee, known birthdays or name of a pet - and hopes to succeed. On the other hand, you have dictionary attacks. This is when you use a database of common passwords and use these to gain access to a database.
The risks of password attacks can be dramatically mitigated by using industry best practices to develop strong and robust passwords. These includes choosing a random mix of numbers, letters and symbols, never repurpose the password for personal use, and change it every few months. Does this sound too complicated to actually remember? Then we recommend getting a online password manager which can both generate and store strong and secure password combinations.
Do you want to learn more about staying cyber safe? Check out our Buyer’s guide to security software here.
Stay Secure with SAS
Cyber security shouldn't be complicated. That's why we offer free and unbiased IT buying advice for all UK business.
Get in touch by filling out the form to your right.
What Is ERP Software?
This guide to ERP systems will help you understand this software in more detail.
Introduction to CRM
In this introductory guide to CRM software, we explore the main features and benefits of CRMs,...
Top CRM Systems of 2021
CRMs can help your sales, marketing, customer service, and other teams improve how they intera...
AZURE VS. AWS
AWS has long been the leader in cloud computing, but Azure is gaining market share. This guide...
Cloud ERP or On-Premises ERP?
Both cloud and on-premise ERPs have their own sets of pros and cons. Cloud ERPs tend to offer ...
Upgrading your ERP System from Microsoft
If you use Microsoft Dynamics NAV or AX, you may want to consider upgrading to a more modern E...
How to improve cyber security
Remote work can introduce new cyber risks, e.g., using personal devices to access sensitive da...
Six Questions with SAS: Ani Alexander
Ani Alexander Talk-o-nomics Host, Blockchain Marketer, International Speaker, Startup Mentor,...