Detailing Cyber Incidents: Part 1

As is the case with most criminals, cyber attackers have a variety of methods at their disposal. There are nearly endless ways to intrude an IT environment to eventually penetrate internal systems. In an ideal world, all organizations would have the security protections to guard them against every type of attack, but that’s just not realistic yet.

It is well established that when cybercriminals are able to penetrate an organization, the result can be catastrophic for the victim. Data theft/loss and financial extortion can be crippling, sometimes wiping companies (such as FlexMagic Consulting) out of business.

Once a hacker has penetrated or circumvented whatever security is in place, the assailant has many options available to extract data, disrupt business activities, hold the victim ransom, and/or more. Any of these can be achieved through several different types of cyber attacks, but there are some such as the ones below, that are particularly prevalent:

Phishing

Phishing is the most common hacking method used by cybercriminals because of its ease of use and success rate. Phishing is a form of social engineering that involves the attacker tricking the victim into clicking on a malicious — but authentic-looking — link. Often, attackers launch phishing campaigns through email, but a major misconception is that this is the only attack vector for “phishermen.” There are numerous outlets for browser-based phishing threats, such as schemes launched through malicious apps and extensions, social media, instant messenger, browser-pops, rogue browser plug-ins. These lead the victim to give away sensitive information (such as a password) or enabling ransomware or some other form of malware. Organizations of all sizes can be painfully vulnerable to phishing attacks because criminal hackers target the weakest links in most companies — their employees.

Denial-of-Service (DoS) attacks

This is another frequently used attack method for cybercriminals. The most common DoS attacks involve flooding the victim’s systems with traffic. Once saturated, the victim’s systems crash and cannot carry out business activities. This can disable an organization, preventing their users’ access to and use of IT resources (i.e. email).

One specific sort of DoS attacks are DDoS attacks — Distributed Denial of Service. These are launched as cybercriminals use multiple weaponry sources to launch several synchronized attacks that bombard various points of the victims’ systems. This allows the attacker to hit several components of the victim all at once and remain difficult to detect because of the numerous attack points, both of which make incident response even more difficult.

Man-in-the-Middle (MitM) attacks

Cyber infiltration from a third party results in what is referred to as a Man-in-the-Middle attack. This involves an outside entity intercepting and altering the communication between two parties who believe they are only communicating with each other.

By impersonating them both, the attacker manipulates both victims in an effort to gain access to data. The users are naively unaware that they are both communicating with an attacker. Some examples of this include session hijacking, email hijacking and Wi-Fi eavesdropping.

Drive-by attacks

As you would expect, this type of attack gets its name in reference to the quick-hit, hard-to-detect nature of non-digital drive-by attacks. Assailants swoop in, attack, and quickly leave with little trace but can succeed with significant damage. Drive-by cyber attacks are common methods of spreading malware. Criminal hackers seek out insecure websites and plant malicious scripts into code on one of the pages. These scripts can then install malware onto the computer of someone who visits the site or re-direct the victim to a different site controlled by the malicious actors.

One of the aspects that makes these attacks so dangerous is that this attack strategy does not rely on the unsuspecting user to take much of any action in order to fall victim. Simply by visiting one of the compromised sites, victims can unknowingly be infected with malware. To make matters worse, malware can be slipped inside and remain concealed enough to go undetected if the user and his or her organization don’t have proper security protections in place.

Password attacks

Naturally, password attacks are when cybercriminals specifically target potential victims’ passwords. These sorts of attacks are aimed specifically at obtaining a user or an account’s credentials in order to gain the user or account access. A successful password attack can enable the cybercriminal to obtain access to major internal systems, critical data, and really anything the user or account’s identity can access.

Criminal hackers use a variety of techniques for getting their virtual hands on passwords, such as password-cracking programs, dictionary attacks and password “sniffers,” — or even just by guessing the right words (letters, numbers, special characters, etc.). This last option usually requires at least some personal knowledge of the individual victim (such as the user’s birthday or dog’s name), but cybercriminals are certainly capable of deciphering unchanged default passwords, guessing the simplest of codes which often include “123” or even the credentials of those who use the word “password” to safeguard their accounts. This is why having strong passwords is so important and why all those inconvenient (but necessary) timely password reset requirements should be taken seriously.

Responding to these incidents

Once you know what attacks to be wary of, the next step is preparing for them to target your organization. Since it continues to become a widely accepted theory that “it’s not if you’ll be attacked, but when,” it’s critical that every organization has a plan in place for if they are hit with a cyber attack — an incident response plan.

In part two, I will discuss what to do in order to safeguard your organization from these attacks.

Stay tuned…


Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Terry Booth
20 Things You Didn’t Know About Terry Booth
Fred Wilson
20 Things You Didn’t Know About Fred Wilson
joel greenblatt
20 Things You Didn’t Know about Joel Greenblatt
Katie Nixon
20 Things You Didn’t Know About Northern Trust’s Katie Nixon
Identity Theft
10 Identity Theft Techniques to Watch Out for in 2020
Bank of America
Choosing The Right Bank Account for Your Child: 5 Suggestions
Debt
The Document That Protects You Against Debt Collectors
10 Ways Millionaires Manage Their Money that You Don’t
The 20 Best Places to Live in South Dakota
The 20 Best Places to Live in Ireland
Jacksonville Beach
The 20 Best Places to Live in Jacksonville
The 20 Best Places to Live in Dallas
The 20 Best Things to Do in Salt Lake City for First Timers
The 20 Best Hotels in Austin, TX in 2019
The 10 Best Hotels in Maui, Hawaii
The 10 Best Seafood Restaurants in Pensacola, FL
Best Large Hybrid SUVs
20 Best Large Hybrid SUVs for 2020
Best Cadillac CTS Models
The 10 Best Cadillac CTS Models of All-Time
2020 Chrysler Pacifica Hybrid
The 20 Best Affordable Plug-In Hybrid Cars for 2020
2020 Toyota Tundra
The 20 Best Pickup Trucks Heading into 2020
The 20 Best Bulova Watches of All-Time
The 20 Best Ball Watches of All-Time
The 20 Best Victorinox Watches of All-Time
Samsung Galaxy Watch Active
The 20 Best Samsung Watches of All-Time