Cyber Attacks 101
Cyber attacks can take different forms, aiming to obtain sensitive information for malicious purposes. Therefore, understanding the dangers associated with cyber attacks is the first step a company can take to mitigate the risks and threats related to the various cyber-attacks.
Cybercriminals are looking for ways to steal information and have gotten very good at it. Fortune 500 companies to small businesses have all been targets and victims of cyber attacks. Hackers have improved their methods to deceive their targets, and companies must understand the perils of these attacks, the potential for financial losses, and the reputational risks.
Understanding the various types of cyber attacks is the first step to helping prevent them. In addition, some technologies and tools help prevent different types of cyber attacks.
Types of Cyber Attacks
As noted above, the critical step and preventing cyber attacks is understanding them. Cyber attacks have become sophisticated and continue evolving, but their main motive is stealing and harming. As new methods and attacks spring up, a few core and common cyber attacks account for most hacks.
This attack involves malicious software carrying out unauthorized actions on the victims’ computers. Malicious software, more commonly known as a computer virus, encompasses many specific attacks such as ransomware, spyware, command and control, and more. The main objective of malware is to take control of the victim’s computer without their knowledge and carry out various criminal activities.
Some examples of malware attacks include the infamous trojan horse and worm attacks. A trojan horse malware attack is a program that misleads victims into believing it is one thing, such as a game or app, but in reality, it’s a delivery method for the malware. A worm malware attack propagates itself into other systems. Malware is used to carry out ransomware attacks (which we will discuss later); according to a study, ransomware attacks cost $20 billion globally.
According to the US Director of National Intelligence, a “phishing attack is an attempt to acquire sensitive information or access a computer system by sending counterfeit messages that appear legitimate.” These attacks are sophisticated as they are disguised to confuse, manipulate, and defraud their intended targets.
Phishing attacks may take various forms, including fake websites, impersonation, and smishing. To learn more about these attacks, read our spear phishing deep dive. According to IBM, phishing ranks as the second most expensive cause of data breaches to companies, costing them an average of $4.65 million per breach.
One of the most well-known successful spear phishing attacks was in November 2014 against Sony Pictures Entertainment. The attack cost Sony $35M in IT repairs. However, the consequences of the attack were not limited to financial losses. As a result of the phishing attack, Sony found itself in the middle of a political storm. Hackers threatened Sony with “physical acts of terrorism” if it did not meet their demands to cancel the release of Sony-produced film. The attack was perpetuated when Sony officials were duped into providing password credentials to a spoofed website.
Denial-of-Service (DoS) Attacks
Denial of service or DoS attacks render services inaccessible. Usually, a website will be targeted, which may result in it being unable to display content, retrieve sensor data, or control critical processes.
Overwhelming internet servers carry out DoS attacks with a barrage of commands that results in crippling the site’s infrastructure. They typically involve a small number of attacking systems to overwhelm the target. On the other hand, a Distributed Denial of Service attack is when an attacker coordinates many, up to thousands, requests that, added together, may overwhelm a system.
Google reported in 2020 that thousands of their IP addresses were attacked in an attempt to crush their servers. According to the tech giant, the attack “remains the largest bandwidth attack” they’re aware of against their systems. A single DoS attack can cost a company $400,000, but it is common for the costs to go up into the millions.
These attacks utilize malware to take control of the victim’s computer and potentially spread itself amongst other computers within the victim’s ecosystem. Ransomware attacks are usually carried out through phishing (as detailed above). Once the victim is tricked into downloading, installing, or providing sensitive information, the attacker gains complete control over the victim’s computer. Additionally, criminals typically demand monetary compensation from their victims to regain computer control.
A ransomware attack occurred in 2021 when Acer, a Taiwanese multinational electronics corporation, had its systems breached. Hackers stole 60GB of customer and corporate business data and financial information files. The hackers demanded a $50 million ransom, and Acer offered to pay the group $10 million. In addition, hackers published financial statements and documents.
Advanced Persistent Threat (APT) Attacks
This attack is when cyber-criminals establish an illicit, long-term presence on a network to scoop sensitive data and information. They may enter the victim’s system through some of the other attacks we covered. APT attacks are sophisticated as they follow classified information or sensitive intellectual property, so their intended targets are typically large enterprises or government agencies.
The 2014 Sony Entertainment Pictures hack is a prominent APT attack. As noted above, phishing is how hackers tricked Sony executives into providing passwords and user names that allowed hackers to enter the Sony network. Another example is the infamous 2016 hack of the DNC. Again, through spear phishing, hackers got a hold of emails and sensitive information, which many believed influenced the outcome of the US presidential election.
Mitigating Cyber Attacks
We have learned that cyber criminals have various attacks designed to harm, steal, and blackmail their victims. Most of these attacks involve a password being inadvertently
shared or downloading/installing malicious software. However, there are various steps companies can take to avoid falling victim to cyber-attacks.
Beyond instituting digital hygiene best practices for employees, companies have various tools and technologies that help prevent cyber attacks. Passwordless authentication is one of those technologies.
Passwordless authentication avoids the mishaps of password-based systems by removing the main flaw—passwords—from the equation and increasing security while being more convenient and easier to use. In addition, eliminating passwords among users can improve their experience and leave virtually no room for error, which can be costly for businesses. For example, passwordless authentication could have prevented the Sony Entertainment and DNC spear phishing attacks, as noted above.
Multi-Pass is a passwordless authentication method that’s secure, fast, and easy to use. Its digital wallet runs on a highly secure biometric card. You can learn more about Multi-Pass and address challenges and vulnerabilities associated with password-centered authentication.
Hackers work diligently to exploit every vulnerability and use various methods to attack companies and governments. As detailed throughout this post, there are multiple types of cyber attacks. From malicious software attacks to sophisticated DoS and APT attacks, cyber attacks can cost companies billions of dollars and bring about reputational and business losses.
Google and big enterprises have been the target of cyber attacks, raising the stakes for companies of all shapes and sizes.
Why wait for your company to be the next victim of a cyber attack? If you want to discuss further how Kelvin Zero can help protect your business and sensitive information from cyber attacks, contact us here.