The public views cybercrime as a serious threat, but there’s a stunning knowledge gap when it comes to the most common cyberattacks.
In a poll of internet users, Pew Research Center found that just 16 percent knew that a botnet is a group of computers networked together and used by hackers to steal data. Fewer than half (48 percent) could define the term “ransomware,” and 46 percent said they think that all email is encrypted by default (which is false).
Fighting back starts with understanding the facts. To that end, here’s a rundown of the most common cyberattacks:
- Malware is the workhorse of cybercrime. The term refers broadly to any type of software that is used to inflict harm on a system. The most common cyberattacks may include viruses that disable networks or mine for data. This also includes such sub-genres as ransomware, which attackers use to lock up a target computer and demand a fee for the release of captured data. Malware often is inserted into a system via malicious email attachments or bogus “alerts” that pop up in the course of internet browsing.
- Phishing scams exploit the “human error” factor, manipulating unsuspecting users into divulging sensitive or personal information, or enticing them to click on links that enable hackers to infiltrate systems unseen. Attackers may pretend to be someone the user knows or they may preface an email with an urgent security notification or dire financial warning that seems to require an immediate response. The message looks legitimate and it spurs curiosity, but following the links leads the user into a trap, exposing information and even entire enterprise systems. Phishing scams will also aim to steal credentials, which hackers can then use to spy or steal at will.
- Denial of Service (DoS) attacks became hot news late last year, when hackers deployed the Internet of Things to cause massive internet outages on the East Coast. A DoS attack aims to grind web traffic to a halt by flooding a website with very high levels of traffic, overloading servers and shutting down access. Unlike phishing scams and other ruses meant to mine valuable data, a DoS typically aims not to steal but simply to destroy: a kind of cyber vandalism on a potentially global scale. As almost all businesses today rely on the internet, the specter of a DoS attack poses a serious threat.
- Session Hijacking and Man in the Middle attack strategies take advantage of the unique session ID that’s assigned each time websites exchange information. The “man in the middle attack” allows the hijacker to assume a fake identity in order to gain access to unauthorized information.
- Credential reuse refers to hackers’ ability to collect up and deploy usernames and passwords, based on users’ stubborn refusal to change their credentials periodically or use different passwords for different sites. Often a hacker only needs to steal a password once in order to gain ready access to multiple sites and services.
- The SQL Injection attack looks to exploit the SQL programming language, which manages critical data across websites and digital services. Attackers use malicious code to insinuate themselves into the target server in order to gain access to a range of critical data points. These might include passwords and usernames, credit card information, financial data and other high-value targets. Hackers are well-versed in the known vulnerabilities of SQL servers and can turn these to their advantage.
Cybersecurity requires a thoughtful and methodical approach that includes smart password management, an updated anti-virus/anti-malware scanner, and ongoing personal education to help ensure cybersecurity among your connected devices.
Be Safe – Backup Your Data Regularly!
And don’t forget to take advantage of our FREE subscription to the TechViews.org Newsletter. A must-read if you are interested in Internet Security.