What are the basics of cyber security that everyone should be aware of? What are the various forms of cyber-attacks? Read further to know more.
The accelerating pace of globalization and digitization fuelled a record-breaking cybercrime with ransomware attacks rising 151% in 2021
The World Economic Form’s Global Cybersecurity Outlook 2022 released during its Davos Agenda Summit stated each cyber breach cost the organization $3.6 million past year.
A cyberattack is an attempt to gain illegal access to a computer system to cause damage. It can occur on any modern digital device.
The vital government and health services can even be blocked and extorted for ransom.
Its impact can range from an inconvenience for an individual to global economic and social disruption.
An attacker uses people, computers, phones, applications, messages, and system processes to carry out an attack. Individuals, organizations, institutions, and governments can be victims of an attack.
Modes of Cyber Attack
- Lock data and processes, and demand a ransom.
- Remove vital information to cause serious harm.
- Steal information.
- Publicly expose private information.
- Halter vital business processes and systems from running, to cause disruption and malfunction.
Cybersecurity refers to technologies, processes, and training that protect systems, networks, programs, and data from cyberattacks, damage, and unauthorized access.
Cyber Threat Landscape
The digital landscape is usually the entry point for a cyberattack. These can include:
- Social media
- Mobile devices
- The organization’s technology infrastructure
- Cloud services
An attack vector is an entry point or route for an attacker to gain access to a system.
Security breaches come in different forms:
Social engineering attacks
Attackers use social engineering to exploit or manipulate users into granting them unauthorized access to a system.
In social engineering, impersonation attacks happen when an unauthorized user (the attacker), aims to gain the trust of an authorized user by posing as a person of authority to access a system.
For example, a cybercriminal pretending to be a support engineer tricks a user into revealing their password to access an organization’s systems.
Security vulnerabilities in a browser can have a significant impact because of their pervasiveness.
For example, if a user is working on an important project with a looming deadline. They want to figure out how to solve a particular problem for their project and find a website that they believe will provide a solution.
The website asks the user to make some changes to their browser settings so they can install an add-on. The user follows the instructions on the website thus making the browser compromised. The attacker can now use the browser to steal information, monitor user behavior, or compromise a device.
A password attack is when someone attempts to use authentication for a password-protected account to gain unauthorized access to a device or system. Attackers often use software to speed up the process of cracking and guessing passwords.
The brute force attack and is one of many ways in which a cybercriminal can use password attacks.
A data breach is when an attacker successfully gains access or control of data similar to that person getting access to, or stealing, vital documents and information inside the building:
Here, the victim’s data could be abused in many ways. For example, it can be held as ransom or used to cause financial or reputational harm.
Malware comes from the combination of the words malicious and software. It’s a piece of software used by cybercriminals to infect systems and carry out actions that will cause harm. This could include stealing data or disrupting normal usage and processes.
Malware has two main components:
- Propagation mechanism
What is a propagation mechanism?
Propagation is about how the malware spreads itself across one or more systems.
few examples of common propagation techniques:
In biology, a virus enters the human body, and once inside, can spread and cause harm.
Technology-based viruses depend on some means of entry, specifically a user action, to get into a system. Say, a user might download a file or plug in a USB device that contains the virus, and contaminates the system. You now have a security breach.
In contrast to a virus, a worm doesn’t need any user action to spread itself across systems. Instead, a worm causes damage by finding vulnerable systems it can exploit. Once inside, the worm can spread to other connected systems.
For example, a worm might infect a device by exploiting a vulnerability in an application that runs on it. The worm can then spread across other devices in the same network and other connected networks.
A trojan horse attack gets its name from classical history, where soldiers hid inside a wooden horse that was gifted to the Trojans. When the Trojans brought the wooden horse into their city, the soldiers emerged from the wooden horse and attacked.
In the context of cybersecurity, a trojan is a type of malware that pretends to be genuine software. When a user installs the program, it can pretend to be working as mentioned, but the program also secretly performs malicious actions such as stealing information.
The payload is the action that malware performs on an infected device or system.
Some common types of payload:
- It’s a payload that locks systems or data until the victim has paid a ransom.
- A cybercriminal can exploit this to access and then encrypt all files across this network.
- The attacker demands a ransom in return for decrypting the files.
- They threaten to remove all the files if the ransom hasn’t been paid by a set deadline.
- It spies on a device or system.
- The malware may install keyboard scanning software on a user’s device, collect password details, and transmit them back to the attacker, without the user’s knowledge.
- A backdoor is a payload that enables a cybercriminal to exploit a system or device to bypass existing security measures and cause harm.
- It’s a backdoor that the cybercriminal could use to hack into the application, the device in which it’s running on, and even the organization’s and customers’ networks and systems.
- A botnet joins a computer, server, or another device to a network of similarly infected devices that can be controlled remotely to carry out some nefarious action.
- A common application of botnet malware is crypto-mining. In this case, the malware connects a device to a botnet that consumes the device’s computing power to mine or generates cryptocurrencies.
- A user might notice their computer is running slower than normal and getting worse with time.
To defend against cyberattacks, technological and organizational policies and processes can be designed and implemented.
Many different mitigation strategies are available to an organization:
Conventionally, if someone’s password or username is compromised, this allows a cybercriminal to gain control of the account. But multifactor authentication was introduced to combat this.
Multifactor authentication works by requiring a user to provide multiple forms of identification to verify that they are who they claim to be.
The most common form of identification used to verify or authenticate a user is a password which represents something the user knows.
Two other authentication methods provide something to the user such as a fingerprint or retinal scan (a biometric form of authentication), or provide something the user has, such as a phone, hardware key, or other trusted device. Multifactor authentication employs two or more of these forms of proof to verify a valid user.
For example, a bank might require a user to provide security codes sent to their mobile device, in addition to their username and password, to access their online account.
We all rely on browsers to access the internet to work and carry out our daily tasks. As the attackers can even compromise poorly secured browsers. Organizations can protect against these types of attacks by implementing security policies that:
- Prevent the installation of unauthorized browser extensions or add-ons.
- Allow only permitted browsers to be installed on devices.
- Block sites using web content filters.
- Keep updating browsers
Social engineering attacks rely on the vulnerabilities of humans to cause harm.
Organizations can defend against social engineering attacks by educating their staff.
Users should learn how to recognize malicious content they receive or encounter, and know what to do when they spot something suspicious. For example, organizations can teach users to:
- Identify suspicious elements in a message.
- Avoid responding to external requests for personal information.
- Lock devices when they’re not in use.
- Store, share, and remove data according to the organization’s policies.
The threat landscape can be vast.
Organizations need to take as many measures as possible to monitor, prevent, defend against attacks, and even identify possible vulnerabilities before cybercriminals use them to carry out attacks.
Hence, the users need to use threat intelligence.
- Threat intelligence enables an organization to collect systems information, details about vulnerabilities and information on attacks
- The organization can then implement policies for security, devices, user access, and more, to defend against cyberattacks.
- The collection of information to gain insights, and respond to cyberattacks, is known as threat intelligence.
- Organizations can use technological solutions to implement threat intelligence across their systems.
- The threat intelligent solutions automatically collect information, and even hunt and respond to attacks and vulnerabilities.
These are just some of the mitigation strategies that organizations can take to protect against cyberattacks.
Mitigation strategies enable an organization to take a robust approach to cybersecurity. This will ultimately protect the confidentiality, integrity, and availability of information
Article written by : Sulochana Anu