A lot of organisations have experienced cyber attacks this year, but how were these companies actually hit? There are a number of different ways a criminal hacker can implement a cyber attack, and they all depend on what the criminal hacker is trying to gain. Some criminal hackers want data, whereas others want a ransom fee to be paid.
The most common types of cyber attack are malware and vectors. Malware is designed to disrupt and gain unauthorised access to a computer system. There are five main forms:
Ransomware is a type of malicious software that demands a ransom fee be paid after the software is installed on a computer system. This type of malware is very common and was the cause of the NHS data breach earlier this year.
A virus is a piece of malicious code that is loaded onto a computer without the user’s knowledge. It can replicate itself and spread to other computers by attaching itself to another computer file.
Worms are similar to viruses in that they are self-replicating, but they do not require a program to attach themselves to. They continually look for vulnerabilities and report back any weaknesses that are found to the worm author.
Spyware/adware can be installed on your computer without your knowledge when you open attachments, click links or download infected software. This malware then monitors your computer activity and collects personal information.
A Trojan virus is a program that appears to be for a certain function, but is actually performing malicious activity when executed. Trojans are often disguised as virus removal programs.
Attack vectors are used to gain access to a computer or network in order to infect computers with malware or harvest stolen data. These vectors come in three main forms:
Social engineering is used to deceive and manipulate individuals in order to gain computer access. This is done by making individuals click malicious links or by physically gaining access to a computer through deception. Two examples of social engineering are:
Phishing – This is an attempt to access sensitive information such as passwords and bank information by disguising as a trusted individual. This is done via electronic communication, most commonly by email.
Pharming – This is an attack that redirects a website’s traffic to a fake website, where users’ information is then compromised.
A drive-by cyber attack targets a user through their Internet browser, installing malware on their computer as soon as they visit an infected website. It can also happen when a user visits a legitimate website that has been compromised by hackers. They are then infected directly from that site or redirected to a malicious site.
Man in the middle (MITM)
An MITM attack is where an attacker alters the communication between two users, impersonating them both to manipulate both victims and gain access to their data. The users are not aware that they are not talking to each other, but are actually communicating with an attacker.
Any one of these cyber attacks can be easily implemented if your organisation does not have the proper cyber security in place. It is vital to assess your organisation’s level of cyber security in order to see where your weaknesses are, and how you can ensure that you are fully protected.
If you are embarking on a cyber security improvement programme, our Cyber Health Check will help you identify your weakest security areas and take appropriate measures to mitigate your risks.
Speak to one of our experts today and find out how your organisation can improve its cyber security and ensure it is not vulnerable to a cyber attack.