As part of this month’s Continuing Privacy and Security Training (“CPST”), the Compliance Team wanted to describe “What is Cyber Attack?”
What is a Cyber Attack?
A cyber-attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Cyber-attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems.
How do cyber-attacks work?
Threat actors use various techniques to launch cyber-attacks, depending in large part on whether they’re attacking a targeted or an untargeted entity.
In an untargeted attack, where the bad actors are trying to break into as many devices or systems as possible, they generally look for vulnerabilities that will enable them to gain access without being detected or blocked. They might use, for example, a phishing attack, emailing large numbers of people with socially engineered messages crafted to entice recipients to click a link that will download malicious code.
In a targeted attack, the threat actors are going after a specific organization, and methods used vary depending on the attack’s objectives. Hackers use spear-phishing campaigns in a targeted attack, crafting emails to specific individuals who, if they click included links, would download malicious software designed to subvert the organization’s technology or the sensitive data it holds.
Cyber criminals often create the software tools to use in their attacks, and they frequently share those on the so-called dark web.
Cyber-attacks often happen in stages, starting with hackers surveying or scanning for vulnerabilities or access points, initiating the initial compromise and then executing the full attack — whether it’s stealing valuable data, disabling the computer systems or both.
What are the most common types of cyber-attacks?
Cyber-attacks most commonly involve the following:
Malware, in which malicious software is used to attack information systems. Ransomware, spyware and Trojans are examples of malware. Depending on the type of malicious code, malware could be used by hackers to steal or secretly copy sensitive data, block access to files, disrupt system operations or make systems inoperable.
Phishing, in which hackers socially engineer email messages to entice recipients to open them. The recipients are tricked into downloading the malware contained within the email by either opening an attached file or embedded link.
Man-in-the-middle, or MitM, where attackers secretly insert themselves between two parties, such as individual computer users and their financial institution. Depending on the details of the actual attack, this type of attack may be more specifically classified as a man-in-the-browser attack, monster-in-the-middle attack or machine-in-the-middle attack. It is also sometimes called an eavesdropping attack.
Credential-based attacks happen when hackers steal the credentials that IT workers use to access and manage systems and then use that information to illegally access computers to steal sensitive data or otherwise disrupt an organization and its operations.
Distributed Denial-of-Service, in which hackers bombard an organization’s servers with large volumes of simultaneous data requests, thereby making the servers unable to handle any legitimate requests.
Zero-day exploit, which happens when a newly identified vulnerability in IT infrastructure is first exploited by hackers.
Drive-by, or drive-by download, occurs when an individual visits a website that, in turn, infects the unsuspecting individual’s computer with malware.
SQL injection, where hackers insert malicious code into servers using the Structured Query Language programming language to get the server to reveal sensitive data.
Domain name system (DNS) tunneling, a sophisticated attack in which attackers establish and then use persistently available access — or a tunnel — into their targets’ systems.
How to Prevent Cyber Attacks?
1. Should change our passwords regularly and use strong alphanumeric passwords which are difficult to crack. Refrain from using too complicated passwords that you would tend to forget. Do not use the same password twice.
2. Avoid opening emails from unknown senders. Scrutinize the emails you receive for loopholes and significant errors.
3. Passwords should not be written down on sticky notes on the desktop or saved elsewhere on the PC. The best practise is to remember the password.
4. Use Two-Factor or Multi-Factor Authentication. With two-factor authentication, it requires users to provide two different authentication factors to verify themselves. When you are asked for over two additional authentication methods apart from your username and password, we term it as multi-factor authentication. This proves to be a vital step to secure your account.
5. By updating operating system and applications regularly. This is a primary prevention method for any cyber-attack. This will remove vulnerabilities that hackers tend to exploit.
6. By using a firewall and other network security tools such as Intrusion prevention systems, Access control, Application security, Antivirus etc.
7. Make use of a VPN. This makes sure that it encrypts the traffic between the VPN server and your device.
8. Secure your Wi-Fi networks and avoid using public Wi-Fi without using a VPN.