Companies and people are aware that cyber attacks can happen anywhere, anytime and can endanger their data and privacy. But do you know what kind of cyber hacks is most likely to harm your organisation? Since it’s always better to know an enemy than to defend against an anonymous threat, here’s a list of the most important and recurring cyber attacks to watch out for and learn about before they affect you.
1) Malware: The oldest and the worst
“Malware”, as opposed to the common “software”, is a program or file that can infect your computer and then alter your files, steal your data or even take control of your device without your authorization. This wide category encompasses viruses, worms, Trojan horses, spyware, adware and ransomware. Malware attacks can have a terrible aftermath: think of the SWIFT hacks in February and May 2016, when a piece of malware helped criminals steal $81 million in a cyber heist at the central bank of Bangladesh, then attempted to do the same from a commercial bank in Vietnam. The malware was a “Trojan PDF reader” which manipulated PDF reports to hide hackers’ tracks.
2) Ransomware: When encryption becomes harmful
Ransomware is malware sent to computers on encrypted files which block users’ access to the files unless the victims pay a ransom. This type of attack has quickly expanded since 2015 when it began to target new devices and systems such as smartphones, all kinds of computers and other systems, and even smart watches. The victims of ransomware increased 30% during the first quarter of 2016 compared with the previous year. It’s quickly become the most common threat, with notable cases like the attacks this past March on the BBC and New York Times’ websites, among others. Even if they only targeted U.S. users that time, the traffic included billions of visitors affected.
3) Phishing: Don’t get hooked!
Another ongoing threat is phishing. Phishing belongs in the social engineering category and happens when you confidently divulge private information to someone pretending to be someone else on digital communications like email, mobile phones, social media or any website. Phishing consists of creating fake emails, websites or text messages to look like they come from real and trusted companies. Once the counterfeit message is opened by the victim, criminals can access his or her personal data and steal whatever they want. According to an Anti-Phishing Working Group (APWG) report from May, there was an exponential rise in phishing activities between October 2015 and March 2016, resulting in 250% more incidents due to this kind of cyber attack.
4) Distributed denial of service attack: Be careful of flooding
Distributed denial of service (DDOS) refers to a cyber attack where multiple systems focus on a single victim by flooding the computer with incoming messages, forcing the system to shut down due to overwhelming traffic. Hence, service is denied and is inaccessible to the intended user. Like other types of attacks, DDOS attacks have not decreased, but are growing and becoming more sophisticated, causing companies an ever-increasing struggle to prevent them. The largest DDOS was fast, estimated to be 500 gbps (billions of bits per second), representing the entire internet connectivity in Kenya for 2014. Originally, the idea underlying this kind of attack was to show the target the hackers’ capabilities. Nowadays, they often ask victims to pay a ransom fee. Some recent famous victims were the Irish National Lottery in January 2016 (leaving its websites and machines inoperative for nearly two hours), the BBC’s website and Donald Trump’s campaign website.
5) Man-in-the-middle (MITM): Somebody is watching you
This type of attack occurs when two parties communicate on a digital channel and an attacker secretly interferes to intercept and modify messages without the two participants being aware of the intrusion. The communication is controlled anonymously by the attacker: he can read victims’ emails, see their browsing history, or steal data, passwords and more. There are several kinds of attacks related to man-in-the middle, including man-in-the-browser, man-in-the-app and man-in-the-cloud. These attacks are likely to be conducted on cloud-based services where businesses store their information, which is why services like the well-known and easy-to-use Dropbox are ideal victims. One bit of protection could be to encrypt data before it goes into the cloud. This kind of attack is not new and has quickly evolved and is constantly being reinvented, thanks to inexpensive tools easily available on internet.
Unfortunately, having one of your devices hacked is likely to only be a matter of time. Before any of these attacks happen to you, prepare yourself and protect your sensitive data with innovative and highly secure solutions to minimise the harmful impacts of a breach of your privacy.
Digital Security Perfected – APrivacy Ltd. is an award-winning company which combines military-grade data security with a seamless user experience on any platform, any device, anywhere. APrivacy Ltd.’s enabling technology now allows the financial services industry to confidently communicate with clients using their favourite channels leading to increased revenues and reduced costs while meeting the strictest regulatory requirements.