With the introduction of remote work due to the COVID-19 pandemic, many companies have adapted seamlessly to the transition. However, with this introduction, we have seen an astonishing rise in cyber-attacks from those trying to take advantage of a vastly larger digital setting.
But, what are the main types of cyber-attacks, and how does one know what to look for. Below are the 7 most common types of attacks you or your business may encounter.
1. Credential Re-Use
This scam focuses on taking advantage of those who use the same logins and passwords for everything. Although best practice is usually to utilise an array of logins and passwords for sites, attackers rely on the simple fact that many of us don’t!
Once the attacker has amassed a collection of usernames and passwords from what may be a site breach or through other more illegal ways, they simply will try this login and password on a separate site that they can see you use to access your accounts.
Keeping your logins and passwords out of the hands of these attackers is essential so it is recommended you have as many as possible to keep those looking to do harm at bay. For those who tend to be on the more forgetful side, a password manager can be very helpful to remember the various logins and passwords.
2. Denial-of-Service (DoS)
DoS attacks are flooding of a system, server, and/or network with traffic which then overloads it, making it unusable to others. This prevents those who wish to use your site access to it. These attacks can usually be attributed to the goal of causing a disruption as well as impeding the response time for service requests, which can harm business.
Additionally, there are what is known as Distributed Denial-of-Service (DDoS) attacks. This type of attack is very dangerous as it is performed by various machines at the same time, leading to a complete system failure and the site going offline. This enables another attack on the network, which can lead to further damage.
The term malware covers a wide range of attacks such as viruses, ransomware, spyware, trojans, and worms. Malware refers to the various forms that can be harmful to your computer system that is often deployed when a user clicks on a link or attachment which is used to plant malicious software within the system.
Once the malware has been deployed within a user’s computer system, it can cause a myriad of problems such as denying the user access to essential parts of the computer, obtaining personal information by collecting data from the hard drive, or even completely crashing the system, rendering the computer unusable.
We are often sent forms of malware whether that be an ‘antivirus’ pop-up or a request to open an email attachment or PDF that we don’t recognise. All of these are potentially harmful forms of malware that can lead to all sorts of issues for you, your computer, and your personal information.
4. Man-in-the-Middle (MitM) Attacks
This particular scam happens when the perpetrator is essentially ‘in the middle’ of a two-party transaction and intercepts it. Once the attacker has accessed this transaction, they can both steal and manipulate the data by interrupting the traffic.
Due to the unique session ID between your machine and the remote web server, an attacker can hijack the session by getting hold of the session ID and posing as your computer, and allowing them to gain access through a request and give them access to your data. Phishing or malware attacks can often lead to a MitM attack due to having access to your computer already.
Potentially the most common type of cyber attack, we all have likely encountered phishing in the past. Phishing attacks are when mass amounts of fraudulent emails are sent to various users but are disguised as coming from a reliable source (banks, phone providers, postal services, etc.) The attackers have purposely designed the email to look legitimate, but contain a malicious file that has been designed to either give the attackers control of your computer or to obtain personal information such as financial info.
These attacks are often disguised as an email from a provider in which there is a matter of urgency that you act now such as fraudulent activity on your account or undeliverable post. This can fluster some people who may want to resolve the issue quickly, which leads to the attacker taking advantage and gaining access. This type of attack is not limited to email however, there has also been a surge in phone phishing as well as social media phishing, as attackers will try anything to gain personal information.
To combat a successful phishing attempt, it is important to understand the importance of ensuring that the source is legitimate and to look out for anything that may seem suspicious such as enquiring about personal banking details, as real banks would never do as such.
6. SQL Injection Attack
This attack usually involves the attacker submitting malicious code into a website’s server when it is not protected. This then forces the server to deliver any personal information that it has on users. Problems arise when the website’s server does indeed store private customer information such as financial details, addresses, or personally identifiable information on the user which is all seen as lucrative information to an attacker.
This attack can be avoided through a website’s use of secure coding practices which is a very effective way of preventing SQL injections.
7. Cross-Site Scripting (XSS)
If an attacker wanted to go directly to a website’s users, they may use a cross-site scripting attack instead. Similar to a SQL injection attack, this attack also involves putting malicious code into a website, but instead of attacking the website and obtaining the personal users’ data, it goes after the user itself when they visit the attacked website.
This can be done by installing harmful code within a comment section on an item that the user clicks on, which will then obtain any information that the user has input to that site. The most dangerous aspect of XSS is down to the fact that all of this could happen without the website’s knowledge, as this attacks the user rather than the website itself.
Protecting ourselves from cybercriminals is essential, and knowing what to look out for is only half of the battle. At Fitzrovia IT, we can help protect your business, to find out more, download the full Financial Services’ Guide to Cyber Security.