Here are some of the most common cyber threats you will encounter in your environment and some things to think about when trying to protect your corporate data.
The first type of cyber attack, in this category, is malware/spyware. In this scenario, cyber criminals will attempt to install malware to gain access to a system or network. Let’s take a look at some more specific types of malware.
A trojan is one of the most classic malware pieces out there and one of the easiest to use to access an environment. A trojan looks like a standard piece of software to the end-user, so when they think they are installing a new app, your network gets a special surprise.
Ransomware is currently one of the most active pieces of malware around. You are constantly seeing stories about ransomware in the news. A sophisticated form of ransomware will get into your computer networks and may do nothing for some time, making it difficult to detect.
When the ransomware activates, it begins to block access to your systems. At this point, your only hope is to recover your systems or pay the ransom.
A wiper attack is what it sounds like; a malicious attack that will delete data stored on your computer systems. These cyber-attacks cause havoc.
A drive-by download is an unwanted download of malware that happens while your users are unaware. This cyber threats comes in a couple of different flavors. First of all, a user may end up downloading a piece of software by clicking a link or opening an email. Secondly, it can tie back in with a trojan when a user thinks they are downloading something legitimate, and it turns out to be malware.
Rogue security software
There’s nothing worse than a user that thinks they did something wrong. They may realize that something is wrong with their computer and try to fix it on their own. There are many imposter security software packages out there that seem like they will help out an end user but end up doing more harm than good.
Social engineering attacks
We’ve spent a lot of time talking about hackers getting into your network. Now, let’s talk about hackers getting into your user’s heads. These attacks are called social engineering. It can be as simple as someone posing that they work at your helpdesk and asking a user for a password, or it could be more sophisticated.
A phishing attack tricks an end user by stealing credentials via email, text message, etc. Phishing happens when an email link looks like it’s coming from a legitimate site and asks you to enter your login information.
Homograph attacks are interesting because they make users think they connect to more innocent systems, like a phishing attack. Homograph attacks use identical letters and numbers to make things look and feel legitimate — think of things like swapping a capital letter I for a lower-case letter l in many fonts.
Distributed denial of service (DDoS) attacks
A distributed denial of service attack, also known as a DDoS, denies service. The theory behind these attacks is they overwhelm the target system entirely, making it unusable and denying service.
Botnets are devices used in DDoS attacks. These bot devices are connected to the internet and controlled by the attackers. In some cases, botnets have been created by exploiting devices on the internet.
TCP SYN flood attack
An SYN flood attack takes advantage of part of the TCP handshake protocol. When creating a TCP connection, the client first sends a synchronize or SYN message to the server, acknowledging the connection, aka ACKs. The client is then supposed to respond with an ACK of its own to complete the connection. In this case, the client never responds with its ACK but continues to send SYN messages instead, ultimately flooding the connection and rendering it useless.
A teardrop attack focuses on sending incomplete packets to a destination machine. The target can’t assemble the packets and is overwhelmed by the requests it can never complete.
Another attack vector is targeting passwords to a system. There are several different ways to accomplish this.
Brute-force password guessing
A brute force attack keeps generating passwords and attempting to access a system. It systematically keeps changing the password until the correct combination is found.
A dictionary attack is a little bit different. Instead of randomly trying to figure out the password, a dictionary attack uses a dictionary of commonly used passwords. Passwords are meant to be protected and kept private. If your password has been made public in a data breach, change it.
A zero-day exploit is an exploit that becomes available before a vendor has a software patch ready to mitigate it. In most cases, attackers keep their exploits secret, and they are made available on “day zero” when they cannot be immediately fixed. In some cases, hackers or researchers may let a software vendor know that they have found a vulnerability before releasing it.
Man in the middle attack (MITM attack)
A man in the middle attack is when a malicious actor intercepts the communication between two entities.
This method focuses on hijacking a communications session. They act as the sender or receiver and begin collecting and transmitting data as their presumed persona. If they seize a session after system access has been granted, they can gain access quickly.
A replay attack is when data is saved during a communication session then replayed later. If authentication happened during a dedicated session, this is another “easy” way into a system. ”
Stay tuned for our next blog about protecting yourself from Cyber Threats!