This blog has been updated to reflect industry updates. Originally published 1 December 2017.
A lot of organisations have experienced cyber attacks, but how are they actually hit? There are many types of cyber attack, and the one the criminal hacker chooses depends on what they are trying to do. Some want data, whereas others want a ransom to be paid.
The most common types of cyber attack are malware and vectors. Malware is designed to disrupt and gain unauthorised access to a computer system. There are the main forms:
Ransomware one of the fastest-growing forms of cyber attacks and has been behind a number of high-profile breaches, including the massive NHS data breach in 2017. It is a type of malicious software that encrypts a victim’s files and demands a payment to release them. However, paying the ransom does not guarantee the recovery of all encrypted data. Staff awareness is the best strategy to manage ransomware threats.
DDoS (distributed denial-of-service) attack
A DDoS attack is a malicious attempt to disrupt normal web traffic and take a site offline. This is done by flooding a system, server or network with more access requests than it can handle. DDoS attacks are often launched from numerous compromised devices, and are usually distributed globally through botnets.
Social engineering deceives and manipulates individuals into divulging sensitive information by convincing them to click malicious links or grant access to a computer, building or system. Two examples of social engineering are:
- Phishing– this is an attempt to access sensitive information such as passwords and bank information by posing as a trusted individual. This is done via electronic communication, most commonly by email, and can inflict enormous damage on organisations.
- Pharming– this is an attack that redirects a website’s traffic to a fake website, where users’ information is then compromised.
A virus is a piece of malicious code that is loaded onto a computer without the user’s knowledge. It can replicate itself and spread to other computers by attaching itself to another computer file.
Worms are similar to viruses in that they are self-replicating, but they do not need to attach themselves to a program. They continually look for vulnerabilities and report back any weaknesses that are found to the worm author.
Spyware/adware can be installed on your computer without your knowledge when you open attachments, click links or download infected software. It then monitors your computer activity and collects personal information.
A Trojan is a type of malware that disguises itself as legitimate software, such as virus removal programs, but performs malicious activity when executed.
Attack vectors are used to gain access to a computer or network in order to infect them with malware or harvest stolen data. Vectors have four main forms:
A drive-by cyber attack targets a user through their Internet browser, installing malware on their computer as soon as they visit an infected website. It can also happen when a user visits a legitimate website that has been compromised by criminal hackers, either infecting them directly or redirecting them to a malicious site.
MITM (man in the middle)
An MITM attack is where an attacker alters the communication between two users, impersonating both victims in order to manipulate them and gain access to their data. The users are not aware that they are actually communicating with an attacker rather than each other.
The use of outdated (unpatched) software (e.g. Microsoft XP) opens up opportunities for criminal hackers to take advantage of known vulnerabilities that can bring entire systems down. A zero-day exploit can occur when a vulnerability is made public before a patch or solution has been rolled out by the developer. Patch management is one of the five basic cyber security controls proposed by the UK government’s Cyber Essentials scheme.
An SQL (Structured Query Language) injection occurs when an attacker inserts malicious code into a server that uses SQL. SQL injections are only successful when a security vulnerability exists in an application’s software. Successful SQL attacks force a server to provide access to or modify data.
How to protect against cyber security attacks
Any one of these cyber attacks can be easily implemented if your organisation does not have the proper cyber security in place. It is vital to assess your organisation’s level of cyber security in order to see where your weaknesses are, and how you can ensure that you are fully protected.
The most effective strategy to mitigate and minimise the effects of a cyber attack is to build a solid foundation upon which to grow your cyber security technology stack.
Solution providers often tell their clients that their applications are 100% compatible and will operate seamlessly with the current IT infrastructure, which, for the most part, is true. The problem arises when organisations add IT security solutions from different manufacturers regardless of the granularity of their configuration settings, and technology gaps are exposed.
Technology gaps appear for one simple reason: developers always keep certain portions of their code proprietary to retain their competitive advantage, meaning applications from different developers are never completely compatible. It is through the resulting gaps that attacks usually occur.
Robust cyber security will help you identify these gaps and mitigate the risk of an attack.
Start your journey to being cyber secure today
IT Governance has a wealth of experience in the cyber security and risk management fields. We’ve worked with hundreds of organisations in a range of industries for more than 15 years, and all of our consultants are qualified, experienced practitioners.
Our services can be tailored for organisations of all sizes in any industry and location. Browse our wide range of solutions below to kick-start your cyber security project.