Cyberattacks: Different Types of Security Attacks

Technology is evolving faster than ever, allowing us to be far more productive at work. We now have a huge range of services on demand, and can look up pretty much anything you could dream of on our phones, fuelled by machine learning algorithms that are capable of almost anything. You know what else that means? Cyberattacks are evolving, too – becoming more clever, sinister, and targeted. 

Today we take a look at the main types of cyberattacks that can target both businesses as well as individuals to examine the lay of the land. This is part one in our ongoing cyberattacks series.

Malware Cyberattacks

Often delivered via email in the form of phishing or spearphishing (whaling) attacks, where malicious actors pretend to be a person or company they are not (and you may already associate with), malware was the number one cyberattack in 2018, according to Malwarebytes 2019 State of Malware report.

Once it gets into your systems, malware can do pretty much anything:

• Funnel out sensitive IP, customer or employee details
• Take control of laptop cameras to see what’s going on (hello, sextortion and Black Mirror references)
• Freeze systems
• Delete data
• Send emails from company accounts
• The list goes on!

Setting up advanced spam filtering or purchasing an enterprise-grade mail protection solution can help guard against malware attacks disguised in email.

Mobile Malware Cyberattacks

Think malware is only for desktops and laptops? Think again. Cybercriminals are stepping up their game in the mobile space, as more and more web users adopt mobile-first technology usage.

Check Point Research’s 2019 Security Report highlights some important mobile malware variants, such as AdultSwine for Android which targeted 60 different children’s mobile apps and delivered inappropriate adware, infecting up to 7 million devices. And if you though iOS systems were immune, think again. Pegasus Spyware was just one variant of malware that appeared on the systems, harvesting crypto wallet funds and credentials.

Ransomware Cyberattacks

Ransomware is a particular type of malware that freezes users (or company) data and only releases it on payment of a ransom – if at all. Some ransomware has actually removed the data for good, and it is not recoverable, even upon payment, which is usually in the form of cryptocurrency or gift certificates.

Cryptominers

Yet another breed of malware, although this one isn’t such a threat to users or companies as it is a big nuisance. Cryptominers run code that allows them to mine various cryptocurrencies using your CPUs. These generate cryptocurrency for the people behind the attack, and when spread across a large number of machines, can generate a lot of coin. 

On your side, it can chew up precious resources that would be better utilized, plus add to your electricity bill.

Botnets for DDOS Cyberattacks

Botnets are also malware, pieces of code that run across a huge number of machines, to target a particular individual or company for a DDOS attack. DDOS attacks are when the machines coordinate to send requests at the same time to a target website. Under the heavy traffic load, if a company is unprepared, the website will crash. A sustained attack without a backup system to roll over to can be very damaging to a company’s reputation.

Botnets can be used for other purposes, too, such as testing a huge number of credit card information to see if any stick. Check out CSO’s feature article for more info.

IoT devices are now large targets of botnet malware injections, due to their increasing proliferation and oftentimes lax security measures on the device.

Attacks through 3rd party providers (Supply chain attacks)

Use any 3rd parties for any of your tech needs? Of course you do, we all do! 

That means you’re at risk of a supply chain attack – and they’re up 78%, according to Symantec’s Internet Security Threat Report Volume 24, February 2019.

The report highlights “the high-profile breach of Ticketmaster, for example, (when) Magecart compromised a third-party chatbot, which loaded malicious code into the web browsers of visitors to Ticketmaster’s website, with the aim of harvesting customers’ payment data.”

Formjacking

Do you have forms on your website, then you are susceptible to cyberattacks? Do you know if they are secure? Formjacking is when malicious JavaScript code is injected into insecure website forms to steal the input data. A lot of the time, forms on websites will be for contacting a company, so an individual may enter their name, email, telephone, address, and even more revealing details.

This type of attack can damage your company’s reputation. Ensure that all webforms are fortified against JavaScript code injections to keep your site visitors’ data private – before it even hits your secure servers.

Data breach

Data breaches occur when your data ends up in the hands of someone it shouldn’t have. This could be sensitive company data, customer data, etc. If you have data, chances are that someone out there wants it!

Data breaches can occur due to hacking, social attacks, malware, errors in data security configuration, malicious insiders, or even physical attacks (such as card skimmers).

What’s next?

These are just the basics of the cyber threat landscape as it stands. Next week in our series we’ll cover Who is a Target and Why? Hint: it’s not who you think!

If you are concerned about vulnerabilities to cyberattacks in your business, then reach out. We provide a range of IT security solutions for small and mid size businesses, to help keep your business out of cyber-trouble.

Julia Sinclair-Jones

Tech writer and ex-software developer with a penchant for travel, techno, and data. Spreading the word of secure, manageable, optimised IT solutions for everyone.