Types of cyber attacks vary so greatly that it feels difficult to keep up with them. As the cost of cyber attacks hits the $450 billion mark, business strategies require incorporating cybersecurity management as a fundamental underpinning to financial success. Understanding the language of cybersecurity and the ways hackers try to access your systems is the first step to becoming cyber savvy and cyber safe.
What is a cyber attack?
At their most fundamental level, all types of cyber attacks involve hackers trying to damage, interrupt, or financially gain from a computer network or system. Hackers use malicious code to change the computer code, logic, or data in your systems. This then allows them to either gain access to your systems or hold your information hostage. Cyber attacks can lead to a data breach of your company and customer information, causing brand reputation damage, customer loss, litigation risk, costly technology fees, and opening your clients up to identity theft.
Cyber Crimes and Cyber Espionage
Cyber Crime occurs when an individual uses computers or other information and communication technology to commit a crime. “Cyber espionage,” however, is a type of cybercrime where the hacker wants to collect information for intelligence purposes, not necessarily identity theft. This might be more along the lines of trying to steal intellectual property or corporate secrets.
Cybersecurity Incident and Cyber Intrusion
The term “cybersecurity incident” describes activities that threaten your systems or information. This can be either a warning that something unusual is happening in your systems or come after an actual attack. The term cyber intrusion, also called hacking or unauthorized access, is when someone accesses a device or data without your permission.
What is a DDoS/DoS?
One of the most common types of cyber attacks, a Distributed Denial of Service (DDoS) attack is a type of Denial of Service (DoS) attack. In a DoS attack, useless traffic overwhelms your network preventing legitimate communications. When you’re trying to understand how a DoS works, think about being at a party in a small room. When uninvited guests arrive, the room fills up and no one can get food or even move. This is what a DoS attack does to your systems.
In a DDoS attack, the malicious actor not only brings a bunch of uninvited guests, they bring these guests from all over, entering through all the doors and windows making it difficult to stop them from coming in. With so many visitors coming from so many directions, you can’t tell who was invited and who is uninvited.
These types of attacks shut down your systems by overloading them and slowing them down.
What Are Phishing and Spear Phishing Attacks?
Phishing is the broad term used to describe attacks that try to get usernames, passwords, or credit card information by pretending to be a legitimate organization whether in email or on the internet. Phishing is basically like using a fake ID card to trick someone into thinking you’re older than you are.
More specifically, spear phishing is an attack that targets you specifically. For example, a malicious actor may research you on LinkedIn and send a realistic looking email pretending to be a trusted salesperson with malware disguised as an invoice. Just like kids dress up as famous characters at Halloween, malicious actors dress up as famous companies and send legitimate looking emails. In August 2017, hackers sent to Bank of America customers emails asking for personal information with links that looked real but really just collected customer data.
What Are Viruses & Malware?
A computer virus is very similar to a biological virus. In the same way that an infection multiplies in your body, a computer virus is code that copies itself and then destroys data or corrupts a system.
Malicious software, more commonly referred to as malware, is the overarching term used to describe computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other types of programs that steal data, delete documents or add software.
Why Is Ransomware Important?
Ransomware, one of the fastest growing cyber attacks, is the computer virus equivalent of a kidnapping ransom. Once your systems have been hacked, the malicious actor locks your information, encrypts the data, and refuses to give it back unless you pay money.
The most recent example of a ransomware attack is the WannaCry worm that shut down the National Healthcare System in the United Kingdom. The impact of these types of cyberattacks cannot be overstated as organizations of all types rely on technology to function.
What is Malvertising?
Malvertising is when a hacker hides code in a legitimate looking advertisement that then displayed on your device while browsing the internet. Once your computer displays the ad, the attack can install malware on your system or exploit vulnerabilities on your computer.
What Is Hijacking?
In the information security world, hijacking, one of the main types of cyber attacks, can occur in several ways. First, your computer can be hijacked. This means someone takes it over, forcing it to do something against your wishes. Sometimes this means something as seemingly innocuous as your computer freezing. Sometimes, it’s something annoying like having pop ups open up when you go to your web browser.
This is a common attack not only causes embarrassment, but can compromise individuals in your address book. All of a sudden, your friends are emailing you because your account sent out some weird spammy email. Using two factor authentication can help protect your email better.
A hijacked account occurs when someone steals login information, such as email and password, and uses it to access websites or services, for example, your cloud storage. If your company is storing information on a shared Google drive, then that data can be at risk. If malicious actors get into your data, they can steal it, but they can also manipulate it and erase it. Currently, this is the third highest cloud security risk.
Every time you log into a website, your computer connects to the website and is given a unique identifier. Session hijacking is similar to when you go out to a bar and start talking to someone you’re interested in. After a few minutes of conversation, someone else comes up and starts talking to the person. As the other person turns their interest away from you, your conversation has been hijacked by this new person. A session hijacking does the same thing. The hacker uses the identifier on your browser to impersonate you while communicating with the website.
Web Browser Hijacking
If you’ve ever clicked on a website only to have a random pop-up browser blizzard, you’ve come at risk of having your browser infected with malware. Some malware may hijack your browser, causing slow page loads, a changed homepage, or redirecting you to other sites which may be malicious.
What is a Man in the Middle attack?
A Man in the Middle Attack (MITM) occurs when two systems try to talk to one another and that communication is intercepted by an outside entity. In 2016, hackers broke into a Tesla Model S, taking control of the car from twelve miles away. The hackers got between the driver and the car’s systems.
What is Spoofing?
To spoof means to trick. In IT, a malicious attacker fakes their identity to trick a computer system into thinking they belong. While anything can be spoofed, including GPS, this cyber attack is traditionally used by hackers to create a fake IP addresses used to flood a network during a DDoS attack.
What is Wi-Fi Eavesdropping?
Wi-Fi eavesdropping is the electronic version of standing over someone’s shoulder reading their email. If you’ve ever connected to the public Wi-Fi at the airport, you’ve put yourself at risk for an eavesdropping attack. Hackers log in to the Wi-Fi and monitor traffic to obtain copies of login credentials and other sensitive information.
How You Think You’re Protecting Your Organization
Although you think you can protect your systems from cyber attacks using anti-virus software, you’re really putting your company at risk if that’s your sole defense. While anti-virus software is easy to download, the upkeep is difficult and hackers are continually one-step ahead of the alleged protective code.
Anti-virus software should be one of multiple layers of protection for your company. In addition, you need to make sure that your software is receiving and installing updates regularly. You have to be in control and make sure to scan your files regularly.
While you think that your anti-virus is protecting your individual computers, you’re also relying on firewalls to keep your internet connections safe. You’ve installed a trusted firewall to try to stop malicious attackers from sneaking their way into your systems.
Unfortunately, traditional firewalls are failing to block intruders because they can’t analyze web traffic leaving a path for a variety of cyber attacks and crime. As with anti-virus software, firewall maintenance is expensive and time consuming. Moreover, firewalls are increasingly becoming more of an entryway risk than a protection point.
How Todyl Helps
Unfortunately, almost all true cybersecurity activities require ongoing monitoring and multiple layers of sophisticated protection. Unfortunately today's solutions require information security experts and a lot of man hours.
When your organization has limited staff, you have to conserve your resources. You don’t have the time or budget for a dedicated IT department, but you also need to have staff who can help you stay on top of your safety measures.
Todyl helps you outsource these functions to keep your information and your customer’s information safe. Todyl offers the benefits of an easy to install software combined with the necessary staff to keep you up to date. We not only have software and hardware that help you keep your information safe, we have a team of experts who monitor your systems in the cloud.
With Todyl’s cloud based teams, you have the protection you need but also the staff to help you ensure ongoing perforce.
With new types of cyberattacks being invented regularly, you need a team to continuously block and respond to new threats. Todyl’s dedicated team of experts makes this possible while staying within your budgetary restrictions.