The Most Dangerous Cyber Attack Techniques and How to Confront Them
Numbers on global trends in cyber attacks are pretty clear: hackers are making it big.
Over the past year, the rates of many forms of cyber attacks increased dramatically, in some cases doubling or even tripling in size, leading to widespread penetration of enterprise networks.
The unique challenge of securing the cyber-sphere is the tight interconnectedness of networks around the world. For long it has been a staple of the IT industry that the only way to ensure safety of the digital arena is to achieve broad-based best practices on the part of users.
And of course an educated user stands a better chance of being a safe user.
While cyber attacks come in many forms--some being exceedingly sophisticated, some embarrassingly simple--the lion’s share of hacks fall under just a few attack types.
Phishing related attacks have been a favorite of the hackers tool kit for years. And these kinds of attacks are becoming more common and more sophisticated over time.
In its most basic definition, phishing is an attempt to compromise a users private accounts disguising a communication as coming from a trustworthy entity. Phishing comes in many different varieties, the most common being the “spray and pray” version in which an email containing a fraudulent message or malicious code is sent to millions of addresses with the hopes of getting a few good hits. More sophisticated versions exist as well such as "Spear Phishing" which is a targeted attack in which messages are tailored to the potential victim to convince him or her the communication is legit, meaning that in all likelihood hackers have collected at least some information on their target.
Users can protect themselves from phishing campaigns with some simple vigilance. Emails and other communications containing offers or requesting information should always be approached with caution and in most cases simply deleted. If messages contain hyperlinks, a recipient can always hover over them to check it’s true destination.
Scams on social media are nothing new. But the techniques employed by the scammers are constantly evolving.
Social media cons go way beyond offering too-good-to-be-true winnings or selling dubious services. Social media by its very nature offers cyber-criminals a platform on which they can disguise themselves very well. Hackers can often easily present themselves as a business or other entities social media presence. One particularly devious scam involves imitating a firm’s social media account. Fraudsters often grab unclaimed firm and act as the owner, fooling users to divulge personal information or expose themselves to malicious payloads.
Similar to phishing, vigilance is key to staying secure on social media platforms. Remember: a legitimate business should not be seeking credentials via their official social media account. Links and files posted to social media account in particular should always be viewed with caution.
One point to highlight is that the advent of social logins, a method by which an account can be accessed via a social media account, has added an additional layer of risk. If an account in compromised by social engineering, it can give the attacker access to a wide spectrum of the user’s accounts. For those dealing with highly sensitive data, deactivating social media logins may be the safest option.