Understanding cyber attacks as the biggest threat to your business is crucial. With the costs of data breaches averaging $3.92 million as of 2019 (Security Intelligence), it’s better to play safe than sorry. Today we are breaking down cybersecurity, types of malware, and 8 of the most common cybersecurity attacks in 2020.
A background on cybersecurity, cyberattacks, and common malware:
Cybersecurity is the process of protecting software, hardware, and personal data from attack, theft, or damage. Cybersecurity is also known as information technology, computer security, or electronic information security.
Cybersecurity threats or attacks are malicious, intentional attacks on an individual or organization to breach informational systems and are completed by an individual or organization. The motive is typically compensation.
Cyberattacks are caused by malware, which is a term used to describe malicious software that’s specifically designed to harm computers, servers, and/or networks. Malware breaches a network through a weakness, most commonly when a user clicks an email attachment or dangerous link which installs dicey software. There are four common types of malware: ransomware, spyware, viruses, and worms.
Ransomware blocks access to data or threatens to publish it unless a ransom is paid.
Spyware accesses information about an organization, without their knowledge, by transmitting data from the hard drive.
Viruses alter and replicate code which can have a detrimental effect of corrupting the system or destroying data.
Worms access the network and spread malware to other computers within that network.
1 in 13 web requests lead to malware. (Symantec)
Now that we’ve reviewed all the terminology, we’ll jump into the 8 common cybersecurity attacks and how to protect your business from them.
8 common cybersecurity attacks we’ll be going over:
- Man-in-the-Middle (MitM) attack
- Denial-of-Service attack
- SQL injection
- Zero-day exploit
- DNS Tunneling
- Drive-by attack
- Password attack
is the practice of sending fake communication (most commonly emails) as a reputable entity in an attempt to obtain sensitive information such as credit card information and passwords.
Protection against phishing: The biggest protection method against phishing is critical thinking. Phishing can be avoided when people think critically about the type of communication they are receiving and if it seems valid or not. If the email seems strange because you reset your password last week and it only happens once a quarter then investigate the email further. You can investigate your emails further with the second method of protecting against phishing, which is hovering over links and email addresses. Hovering your mouse over links and email addresses shows you the long form of the URL or email address and you can use your critical thinking skills to determine if it looks accurate or not. For example, phishing emails may ask you to change a password and you can see if that email came from the actual company you expected it to like email@example.com compared to a phishing email address like firstname.lastname@example.org (or the example below). The same thing goes for links, you can hover your mouse over the link to see if a URL has suspicious, unnecessary characters (not to be confused with UTMs).
Editor’s note: Can you tell someone recently tried to hack into my Twitter? This was a notice at the bottom of my Twitter email which is also helpful although some employees may use sites that do not have their SSL certificate.
- Man-in-the-Middle (MitM) attack
also known as eavesdropping or hijacking attacks. This is when an attacker secretly positions themselves into a two-party transaction (typically between a user and an application) where they can intercept, send, and receive data without either party knowing. The two most common points of entry for MitM are insecure public WiFi and malware if your device has been compromised. On insecure public WiFi, the attacker positions themselves between a user’s device and the network. The user then unknowingly passes all information to the attacker instead of the network.
Protection against MitM: There is no one size fits all protection against MitM attacks. However, for the most part, encryption and digital certificates provide an effective safeguard against MitM attacks, ensuring both the confidentiality and integrity of communications.
- Denial-of-Service attack
or DOS attack occurs when attackers flood networks with traffic and/or send information that triggers a crash in an attempt to overwhelm the system, making it unavailable for its intended users.
Protection against DOS attacks: There are a few ways to protect against DOS attacks, however, they are specific to the type of DOS attack as there are a few ways to overwhelm the system. An “easy” protection method is using a firewall. A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. To learn more about the different types of DOS attacks and how to protect against this click here.
51% of businesses experienced denial of service attacks in 2018. (Cybint Solutions)
- SQL injection
(Structured Query Language injection) occurs when an attacker tries to interfere with the queries that an application makes to its database. Or put more simply, injects malicious code in SQL statements. This seemingly simplistic attack could destroy a database.
Protection against SQL injection: The code that is executed against the database must be strong enough to prevent injection attacks, so the first way to protect your business is to not use dynamic SQL which makes it easier for SQL injections to occur (J2EE and ASP.NET are less likely to have SQL injections). Other protection methods include applying least0privilege model of permissions in your databases and sticking with stored procedures and prepared statements.
- Zero-day exploit
is an attack that occurs on the same day a software or network vulnerability is discovered before a patch or solution is implemented.
Protection against zero-day exploit: To protect your business against a zero-day exploit, your business must have cybersecurity methods in place and be in constant awareness.
The average time to identify a breach in 2019 was 206 days, and the average lifecycle of a breach was 314 days (from breach to containment). (IBM)
DNS Tunneling (domain name system tunneling) is an attack through the DNS protocol to tunnel malware and other data through a client-server model.
Protection against DNS tunneling: A common protection method for DNS tunneling is utilizing tools that identify more complex data extraction techniques and attacks based on preconfigured toolkits. A few tools that prevent and detect DNS tunneling include TunnelGuard, Zscaler, and Splunk.
Drive-by attack occurs when hackers plant malicious HTTP or PHP code into a vulnerable website page. That malicious code can then do a couple of things: install malware directly onto the computer of a user who visits the site or redirects the user to a site controlled by the hackers. Drive-by downloads are different because they don’t require the user to click or do anything. It can be as simple as a user viewing an email or pop-up window or visiting a website.
Protection against drive-by attacks: To protect from drive-by attacks make sure your browsers and operating systems are up to date including websites and applications; avoid websites and popups that could have malware; and don’t keep too many unnecessary applications on your devices.
Password attack is what you guessed… hackers trying to get user passwords! Passwords are the most commonly used method for authenticating users to an information system. Hackers can access passwords through a variety of ways including “sniffing” or monitoring the network for unencrypted passwords which hackers can then steal, social engineering which is when hackers deceive users into revealing sensitive information (like passwords), through password databases, and the classic guessing game.
Protection against password attacks: There are a few ways to protect yourself against password attacks including implementing an account lockout policy where the account will lock after a certain number of invalid attempts, changing your password every 3 months, and making your passwords longer. Most systems require passwords to have a capital and lowercase character as well as a special character, however, longer passwords such as sentences are a lot more difficult to crack.
Last (but definitely not least) note on cybersecurity for businesses:
Businesses are most vulnerable due to their employees. Employees are the ones that need to be aware of phishing attacks, MitM attacks, drive-by attacks, and password attacks. One of the best ways to protect your business is through education to your employees on these cyber threats and how they can protect themselves professionally and personally, which ultimately protects the business.
53% of companies had over 1,000 sensitive files open to every employee. (Varonis)
34% of data breaches involved internal actors. (Verizon)
We’ve just gone over 8 of the most common cyber attacks and methods for protecting your business from these attacks. This list of 8 is by no means a comprehensive list of cyber attacks, as the attacks evolve as technology evolves. However, it should consistently be a top priority for businesses to protect themselves against cyber attacks, as a security breach will only be more damaging to the business financially and for its reputation.