You know the devastation that cyber-attacks can cause to your business, but do you know what to look for?
Here are our top ten types of cyber-attack
Everyone talks about the importance of cybersecurity in your business – and rightly so because the consequences of a cyber-attack can be disastrous. However, would you know if you were experiencing a cyber-attack?
In this article, we’ll look at ten common types of cyber-attack. And remember, even if your organisation is cyber-secure, hackers can still infiltrate your systems through other companies in your supply chain. Be on your guard.
1 – Phishing (and spear-phishing)
Phishing is when the attacker tries to trick you into handing over valuable information, including passwords and financial details. Phishing often happens over email, with emails that look like they’re from a legitimate sender, such as your bank, but actually come from a cybercriminal. You’d be surprised how effective it can be.
Spear-phishing is when the attacker spends time researching you personally to target you with a phishing email that is more believable.
2 – Malware (and ransomware)
Malware is malicious software installed in your system without your knowledge or consent. Malware is controlled by the attacker, so once it’s in your system, cybercriminals can use it to perform a range of tasks, including spying on you, obtaining valuable data, or disrupting your setup. Malware can also reproduce itself so that it can infect other networks very quickly.
Ransomware is a type of malware where the attacker shuts down your system until you pay a fee.
3 – Brute force
A brute force attack is where an attacker will try to break into your system by trying combinations of computer-generated usernames and passwords until it eventually gets in. It’s like trying to open a door using every key on your keyring until you find one that works.
Once the attacker is in, they can access personal data, spread malware or perform any other kind of malicious activity.
4 – Man-in-the-middle attack
A man-in-the-middle (MITM) attack happens when the attacker intercepts communication between two parties (typically email) and steals valuable information.
Thankfully, MITMs are less common than they used to be, as most email and chat systems operate end-to-end encryption that protects data from third parties.
5 – Distributed denial of service
Imagine the damage it could cause to your business if your website went down for an extended period of time.
Distributed denial of service (DDoS) attacks happen when an attacker bombards your web server with traffic, so it either slows or breaks down, causing maximum disruption. Unfortunately, your server can only take a finite number of requests before it starts to slow. DDoS attacks play on this weakness.
6 – Business email compromise
Business email compromise (BEC) happens when a cybercriminal targets someone in your company who has the ability to authorise financial transactions – and tricks them into transferring money into their account.
Like spear phishing, BEC attacks typically involve a lot of planning and research to come across as believable.
7 – IoT attacks
Internet of Things (or IoT) refers to connected devices that collect and share data. We have it in our homes and on our phones (e.g. Alexa, Siri), but IoT is now increasingly used in business, including retail and manufacturing. Unfortunately, IoT devices often have cybersecurity vulnerabilities, which attackers can exploit.
For example, a US retailer had millions of customer records stolen by a hacker who accessed their system through its IoT-enabled air conditioning system.
8 – Zero-day exploits
A zero-day exploit is when an attacker finds out about a vulnerability that has been discovered in a piece of software or an operating system. Then, they target organisations that use that software, exploiting the vulnerability. Eventually, the software publisher will put out a fix, but until then, it’s all up for grabs.
Don’t think it can happen to you? Even Microsoft Exchange was subject to a zero-day exploit. Make sure your software is always up-to-date with the latest security patches.
9 – Code injection
Code injection is a very technical type of attack, where the attacker infiltrates a system (usually via malware) and injects malicious code into an application on the system. Once the code is introduced, it can disrupt essential features of the app.
10 – Clickjacking
Finally, we have clickjacking, sometimes known as UI redressing. This is when the attacker tricks you into clicking something malicious without realising it. Often, they will alter a website in a way that is invisible to the user, so you have no realisation that you’re clicking on something other than what you think you are.
Would you like to know more about how to protect your business? Download our eBook!
