Published by Rajvi Khanjan Shroff,
Staying Safe By Understanding Common Cyber Threats
Author: Marie Ramirez
Do the daily news stories about cyber breaches happening make you nervous? Well, understanding these common cyber attacks may relieve your stress. There are many different ways a cyber attack can happen and in some cases, most people and companies don’t even realize they’ve been attacked until after it’s occurred and it's too late to recover. A cyber attack is performed by hackers in an attempt to damage a computer network or system, steal information, or for financial gain. Regardless of the reason, cyber attacks often result in financial loss, disruption of service, data loss, or identity theft. As the number of cyber attacks on companies and individuals increase almost on a daily basis, cybersecurity statistics reveal common types of attacks. Understanding the common attacks can help companies and individuals focus on these attacks to protect their systems and greatly reduce the likelihood of being a victim from these types of attacks.
In this article, we’ll focus on the six most common cyber attacks: password-based, phishing, unpatched software/operating system, social engineering, social media threats, and ransomware/malware. People all over the world get attacked everyday, whether it’s a video clickbaiting you, or a suspicious email that is trying to acquire your personal information from your account. In either situation, you should be very careful of what links you click because you never know where it may take you.
Common Cyber Attacks
A password attack is any method used to falsely authenticate using stolen passwords. This attack is a form of identity theft since the user of a stolen password is essentially pretending to be another person. There are three main methods of password attacks: brute force attack, dictionary attack, and hybrid attack. A brute force attack is where you try every combination of characters until the password is broken. A dictionary attack is where you try every word in the dictionary against an account. A hybrid attack looks similar to a dictionary attack but includes numbers and symbols. Some solutions to stop password attacks are to use strong and secure passwords and to configure the security policies on a computer to enforce strong password and lockout policies.
Phishing attacks are primarily performed through email, where the attacker sends a fraudulent message designed to trick a human into giving out their personal information or deploying malicious software into the victim’s infrastructure. It's highly likely that anyone that uses email has encountered a phishing email that asks to send money or click on a link to change their password. One of the best solutions to address these phishing attacks is user cyber awareness training. Most user cyber training includes topics in identifying phishing emails.
Social Engineering is the psychological manipulation of people into performing actions or divulging confidential information. There are three common methods: whaling, pretexting, and baiting. Whaling is phishing for the "big whales" which target high ranking individuals e.g. movie stars, politicians, wealthy people. Pretexting is pretending to be someone to get personal information. Baiting is tricking you to take the bait, for example: leaving an infected USB drive on the ground for you to pick it up and use it. Some easy solutions to prevent social engineering attacks is to be aware of your surroundings to avoid shoulder surfing, get social user training, and be cautious when you are entering private information in a public setting such as logging into a banking account. Always be suspicious of "friendly" strangers who are asking too many questions.
Social Media threats are often employees who disclose too much private and business information publicly. An example of a social media threat is any friend request from a stranger, or from a user with an empty profile. Also, be careful of any malicious links and any software/app downloads. Some solutions to help avoid a social media threat is to make sure to avoid friending strangers, don’t post any personal information, don’t talk about vacations when you’re on the vacation, and finally don’t install software from unknown sites.
Unpatched software/operating systems often accumulate bugs and vulnerabilities which make your computer an easy target for malware and hackers. Computer operating systems such as Windows, Linux, and Mac systems should be updated regularly to patch bugs and security holes in the system. One of the easiest solutions to prevent these types of attacks is to configure the computer so it can automatically update itself. Also, managing the software that is installed on your system, like deleting unused software and updating the software you use on a daily basis, such as browsers and software like Zoom.
Ransomware / Malware
Ransomware/Malware attacks is malicious software that locks up your data on your computer and asks for money to unlock it, otherwise it’ll remain locked forever usually through encrypting your data. Malware is usually installed through email attachments and links in unsolicited emails coming from an unknown person. To help prevent this attack, enable Firewalls and install Antivirus software, but most importantly never open email attachments from any unknown email addresses.
As you can see there are many ways someone could hack and take over your computer. The common attacks discussed here are only a small subset of different types of attacks that hackers have at their disposal. However, in most cases, it only takes a few steps and practices to reduce the risk of allowing these common attacks to affect your systems and networks. Also by being cautious of your surroundings and updating your software can also protect you. Make sure to check your computer for updates to help avoid these attacks. Be alert and stay safe.
- Cyber Attack - What Are Common Cyberthreats?
- What are the most common cyber attack?
- Top Cybersecurity Statistics, Facts, and Figures for 2021