STL Communications Inc.

Voice Networking Video Wireless

1-800-993-4STL(4785) // 314-205-7100
  • Voice
    • Total Voice Cloud/Managed Service
    • On-premise Voice Communications
    • Support Services
      • IP Office Support Plans
      • Avaya Aura Communication Manager
      • Legacy Solutions
      • User Guides
      • Remote Support
      • Service Ticket Entry
      • Total Voice Connection Test
    • SIP Trunking
  • Healthcare
    • Total Nursecall Managed Service
    • On-premise Nursecall
    • Virtual Care
    • RTLS (Real Time Location System)
    • Emergency Call Kit
    • Acute Workflow Solution
    • Wander Management System – ResidentGuard
    • Sentry Freedom Wireless
  • Data/IT
    • Networking
      • Aruba Networking
      • Aruba Networking Products
      • Aruba For Small & Mid-Sized Businesses
      • Extreme Networks
    • Backup/Disaster Recovery
    • Total Business Continuity
    • Total Network Monitoring
    • Total Firewall
    • Total Desktop Management
    • Cyber Security
    • Carrier Services
    • Video
      • WOW Video
      • Avaya Spaces
      • Avaya Collaboration Unit CU360 (Huddle)
  • About Us
    • Leadership
    • Mobile Learning Center
    • Giving Back
    • STLCOM.COM Core Values
    • Document Library
    • A Timeline of STL Communications
    • Testimonials
    • Career Opportunities
  • News and Information
    • Event Calendar
    • Blog
    • Videos
    • STLCOM.COM Race Car
  • Contact Us
Home // Communications // Cyber Security: Week 2 – Common Cyber threats

Cyber Security: Week 2 – Common Cyber threats

January 31, 2022 by Veeam

Here are some of the most common cyber threats you will encounter in your environment and some things to think about when trying to protect your corporate data.

Malware/Spyware

The first type of cyber attack, in this category, is malware/spyware. In this scenario, cyber criminals will attempt to install malware to gain access to a system or network. Let’s take a look at some more specific types of malware.

Trojans

A trojan is one of the most classic malware pieces out there and one of the easiest to use to access an environment. A trojan looks like a standard piece of software to the end-user, so when they think they are installing a new app, your network gets a special surprise.

Ransomware

Ransomware is currently one of the most active pieces of malware around. You are constantly seeing stories about ransomware in the news. A sophisticated form of ransomware will get into your computer networks and may do nothing for some time, making it difficult to detect.

When the ransomware activates, it begins to block access to your systems. At this point, your only hope is to recover your systems or pay the ransom.

Wiper attacks

A wiper attack is what it sounds like; a malicious attack that will delete data stored on your computer systems. These cyber-attacks cause havoc.

Drive-by downloads

A drive-by download is an unwanted download of malware that happens while your users are unaware. This cyber threats comes in a couple of different flavors. First of all, a user may end up downloading a piece of software by clicking a link or opening an email. Secondly, it can tie back in with a trojan when a user thinks they are downloading something legitimate, and it turns out to be malware.

Rogue security software

There’s nothing worse than a user that thinks they did something wrong. They may realize that something is wrong with their computer and try to fix it on their own. There are many imposter security software packages out there that seem like they will help out an end user but end up doing more harm than good.

Social engineering attacks

We’ve spent a lot of time talking about hackers getting into your network. Now, let’s talk about hackers getting into your user’s heads. These attacks are called social engineering. It can be as simple as someone posing that they work at your helpdesk and asking a user for a password, or it could be more sophisticated.

Phishing attacks

A phishing attack tricks an end user by stealing credentials via email, text message, etc. Phishing happens when an email link looks like it’s coming from a legitimate site and asks you to enter your login information.

Homograph attacks

Homograph attacks are interesting because they make users think they connect to more innocent systems, like a phishing attack. Homograph attacks use identical letters and numbers to make things look and feel legitimate — think of things like swapping a capital letter I for a lower-case letter l in many fonts.

Distributed denial of service (DDoS) attacks

A distributed denial of service attack, also known as a DDoS, denies service. The theory behind these attacks is they overwhelm the target system entirely, making it unusable and denying service.

Botnets

Botnets are devices used in DDoS attacks. These bot devices are connected to the internet and controlled by the attackers. In some cases, botnets have been created by exploiting devices on the internet.

TCP SYN flood attack

An SYN flood attack takes advantage of part of the TCP handshake protocol. When creating a TCP connection, the client first sends a synchronize or SYN message to the server, acknowledging the connection, aka ACKs. The client is then supposed to respond with an ACK of its own to complete the connection. In this case, the client never responds with its ACK but continues to send SYN messages instead, ultimately flooding the connection and rendering it useless.

Teardrop attack

A teardrop attack focuses on sending incomplete packets to a destination machine. The target can’t assemble the packets and is overwhelmed by the requests it can never complete.

Password attacks

Another attack vector is targeting passwords to a system. There are several different ways to accomplish this.

Brute-force password guessing

A brute force attack keeps generating passwords and attempting to access a system. It systematically keeps changing the password until the correct combination is found.

Dictionary attack

A dictionary attack is a little bit different. Instead of randomly trying to figure out the password, a dictionary attack uses a dictionary of commonly used passwords. Passwords are meant to be protected and kept private. If your password has been made public in a data breach, change it.

Zero-day exploits

A zero-day exploit is an exploit that becomes available before a vendor has a software patch ready to mitigate it. In most cases, attackers keep their exploits secret, and they are made available on “day zero” when they cannot be immediately fixed. In some cases, hackers or researchers may let a software vendor know that they have found a vulnerability before releasing it.

Man in the middle attack (MITM attack)

A man in the middle attack is when a malicious actor intercepts the communication between two entities.

Session hijacking

This method focuses on hijacking a communications session. They act as the sender or receiver and begin collecting and transmitting data as their presumed persona. If they seize a session after system access has been granted, they can gain access quickly.

Replay attack

A replay attack is when data is saved during a communication session then replayed later. If authentication happened during a dedicated session, this is another “easy” way into a system. ”

Stay tuned for our next blog about protecting yourself from Cyber Threats!

Learn how STL Communications can help you with backup and disaster recovery!
How long would it take someone to crack your password?

Filed Under: Communications Tagged With: cyber, cyber security, cyber threat, malware, phishing, veeam

Pages

  • Voice
  • Healthcare
  • Data/IT
  • About Us
  • News and Information
  • Contact Us
  • Career Opportunities

Call Today

1-800-993-4785

314-205-7100

This Site

  • Document Library
  • Privacy Policy
  • Sitemap

Social Networks

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

© 2023 · STL Communication INC. Design and Development by jWeb Media.