There are many different types of cyber threats that a hacker can take advantage of to gain what they want. Some include phishing, malware, SQL injections, Denial-of-Service, or brute-force. All these terms and phrases can get confusing at times.
In this article, we break down for you the top 3 most common cyber attacks that target small businesses. After reading this, you should be more familiar with potential threats to your online assets.
Phishing
Phishing is a method used by hackers to gain private information from you. Typically, an attacker will send an email to a target person, asking for things such as credit card info, social security, addresses, or passwords. They might include a link to a convincing website, prompting more actions. One example of this could be a link leading to a login screen for google, faking a page that might ask you to re-login to google, but instead when you enter your credentials, you’re directly sending the username and password to the hacker.
A common technique used for phishing is when the attacker pretends to be someone they’re not. For example, an employee might get an email from who appears to be their boss, telling them to download something to their computer, or download some sort of update. In reality, they are just downloading some malware that the hacker will use to carry out more attacks.
Phishing is not only limited to emails, but can come in various other forms such as texts, voice messages, or advertisements. Attackers will do what it takes to make the message sound or look as convincing as possible. The goal is still the same, being to prompt a target to do something and fish for information.
So how do I avoid being the victim of a phishing attack? The most important thing is to be more careful and mindful about them.
- Don’t click on random links from random emails.
- Make sure to double check with a contact if you receive a friend or connection request with no context.
- Ensure that the website you are on is secure and is the real website before entering personal information such as passwords or credit card numbers.
Malware
Malware, short for malicious software, makes number 2 on our list. When this software infects your computer, bad things happen. Malware can be installed through phishing techniques previously mentioned. There are many types of malware, and many types of methods they use to find their way in. Some examples are worms, viruses, and trojan horses.
Worms: a worm is a piece of malware that can spread from computer to computer, without any human interaction. When they reach another computer, they will replicate itself to try and continue the spread. Worms can install backdoors, slow down the network, and act as a foothold to carry out more attacks.
Viruses: a virus is similar to a worm, in that it tries to replicate and spread itself to as many computers as possible. The difference between a virus and a worm is that a virus attaches itself to another computer program or document. Viruses can manipulate file content, redirect users, and change their appearance.
Trojan horses: Just like in ancient times, a trojan horse pretends to be something harmless to enter your system and carry out malicious attacks. Such attacks can include stealing data, encrypting files, and allowing a hacker to access the whole system remotely.
Anti-virus software is the most popular product to fight against malware.
Ransomware
Ransomware is a type of malware that encrypts all of your data and asks you to pay a ransom to get it back. This specific malware makes its way to number 3 on our list because recently there has been a rise of these attacks to small businesses. This is because businesses of this size can’t afford to not have access to their data for an extended period of time, and often lack the knowledge of what to do in these situations. They think that the best way to go about a ransomware attack is to just pay the ransom upfront and get their data back as fast as possible. The problem is that the more likely a target group will pay the ransom, the more likely the amount of attacks against them will increase.
With ransomware, a hacker can either encrypt all of the business’ data, or lock the admins out of their own system, again prohibiting access to their data. Afterwards, the attacker will ask for money in the form of crypto currency, because it is harder to track. Sometimes, even after the ransom is paid, the data still won’t be decrypted as promised.
Methods to deal with ransomware include getting a powerful decryption tool to decrypt the data again, or prepare secure backups of the data in advance to an attack.
To learn more, visit www.safehouse.dev, where we want to use honeypots to solve many of these problems.
