Common Cyberattacks & How to Defend Against Them
With cyberattacks constantly mentioned on the news these days, the importance of proper cybersecurity has never been higher. To help keep our clients aware of possible threats they may face, we’ve compiled a list of common cyberattacks to watch out for.
Types of Common Cyberattacks
Crypto-Jacking
Attackers gain unauthorized access to users' personal devices to mine for cryptocurrency.
Distributed Denial-of-Service Attack
Attackers flood a server with internet traffic to prevent users from accessing the website. This past June, a group called Storm-1359 disrupted Microsoft Teams service with a denial-of-service attack.
Drive-By Attack
Software is silently downloaded and installed on your device after interacting with a suspicious website or link. Drive-by attacks can be very devious and get triggered from a variety of places.
Pop-Up Advertisements: In advertisements infected with a drive-by attack, clicking the X button to close the ad can actually start the malicious download.
Website Links: Links can look legitimate at first glance but may commence a malicious download when clicked.
Email Attachments: Documents or links in the attachments of emails can initiate a download.
Malware
Malware comes from files or programs downloaded from the web and takes many forms.
Common Types:
Ransomware – This software installs itself on a device and begins to encrypt all data on the device. The attacker then demands money for return of the data or it is lost forever.
Scareware/Browser Hijack – This attack is typically from infected websites or domains that are designed to resemble popular websites. It prompts you with a page that cannot be closed and wants you to call a number. The attacker then gets access to your device and demands money to resolve the problem.
Spyware – Software is installed on a user’s device to capture the user data and send it back to the threat actor.
Worms – This malware infection has the ability to make copies of itself without user interaction.
Man in the Middle
An attacker is positioned between two communicating parties to intercept or alter data traveling between them.
Password Attack
Many cyberattacks focus on capturing password information for exploitation.
Brute Force Attack: Attackers use scripts to attempt to log in. This is a continuous process that can be set and left running on a system until access is achieved.
Dictionary Attack: An attacker implements a prepared list of terms commonly seen in passwords. The list changes the combinations of upper and lower case letters, numbers, and symbols.
Keylogging – Malevolent software or hardware installed on a device can track the keys typed while the system is in use.
Phishing: Attackers impersonate a legitimate person or entity hoping the recipients will communicate password information.
Zero-Day Attack
Attackers discover a vulnerability before the vendor and security experts.
In 2020, hackers accessed a vulnerability in Zoom and were able to access users’ PCs remotely if they ran an older version of Windows. The hackers also could completely take over the device and access all of the files if they targeted an administrator with this vulnerability. That same year, Apple experienced two different operating system vulnerabilities, one of which allowed attackers to compromise iPhones remotely.
Preventing and Defending Against Cyberattacks
Fortunately, there are many actions you can complete to help prevent and limit damage from common cyberattacks.
Actions to Take
Encrypt all mobile devices like laptops and phones.
Install a respected antivirus program on all your devices and perform regular scans.
Invest in backups to prevent data loss.
Keep all software and operating systems up to date.
Lock your devices when you are not using them. Also, incorporate a lockout policy for all accounts. This helps counter brute force attacks.
Stick to only installing software that’s essential for your device.
Utilize strong passwords.
Actions to Avoid
Do not click on random pop-up links. Instead, close the web browser and avoid clicking on those advertisements.
Do not open suspicious emails or attachments. If there are any questions regarding an email’s authenticity, reach out to your IT team and the sender (if you commonly receive emails from this individual).
Need Cybersecurity Help?
If you need assistance tackling cybersecurity efforts for your organization, contact the Abstract team. We can offer help with Microsoft 365 security along with general cybersecurity guidance.
Also, stay tuned to the Abstract Technology Group blog this month for advice on a wide variety of cybersecurity topics.