The Hard Facts on Cyber Attacks

If you were asked to name 10 types of cyber attacks we could reasonably assume the top 2 might be Ransomware & Email Phishing. These are the types of attacks we most frequently hear about in the media. What about the next 8 though? Can you even name 8 more?  

Unless you’ve researched in detail the types of attacks that can affect your business and you’ve gone through an extensive Risk Management plan then it’s likely that answer is “no”. We want to discuss 10 common cyber attacks and provide some insight on why they’re important to consider. 

1. Malware Attacks 
2. Man-in-the-Middle (MITM) Attacks 
3. Phishing Attacks 
4. Drive-By Attacks 
5. Password Attacks 
6. SQL Injection Attacks 
7. Cross Site Scripting (XSS) Attacks 
8. Denial of Service (DoS or Distributed Denial of Service (DDoS) Attacks 
9. Zero-Day Attacks 
10. Physical Attacks 

Malware Attacks 

Malware, a combination of the words Malicious & Software, refers to any software that has malicious intent. Malware is often stealthily installed on computers or disguised as legitimate software so that the user gives consent, without knowing the true intent of the program. There are many different various of Malware, most of which you may have heard. 

• Ransomware: Ransomware is one we often hear about and is an advanced form of Malware. Ransomware attempts to encrypt all the files on your computer and will spread to other computers and servers that it can access. These encrypted files require you to pay a ransom, usually in BitCoin, to get the decryption key so you can access your files again. We HIGHLY recommend that you don’t pay the ransom which encourages these criminals to continue attacking others. Hopefully, you can restore from backup, otherwise look to an experienced IT company to assist. 
• Trojans: Or Trojan Horse is a malicious program you might download, that’s disguised to make itself look like a trustworthy, common application. These are often used to create a “backdoor” to your computer so that an attacker can access it remotely. 
• Viruses: There are many variations of Viruses as well, each serving a different purpose. These most often try to execute malicious code on a computer without the user being aware. 
• Polymorphic Viruses: With the invention of AntiVirus software, attackers have started to become cleverer in the way viruses are created. A polymorphic virus can disguise itself through various levels of encryption and decryption so that a traditional AntiVirus program never sees it. 

• Bootkit: These types of virus will infect the boot-record of a hard drive so that every time the computer is turned on it’s loaded in memory, even before the operating system is. It would then look to spread to other disks in the computer or other machines. Traditional AntiVirus software often didn’t pick up on these types of virus as well.  

Man in the Middle (MITM) Attacks 

A Man in the Middle attack is accomplished by an attacker that’s planted himself between a victim and the internet. There are other ways of performing this attack, but this is most common. This is why you’re often told not to join public or free Wi-Fi, like the Wi-Fi at Starbucks. If an attacker is able to act as a relay or middle man then they can watch the information being sent over the network.  

As an example say you’re at an Airport and you join “Airport Free Wi-Fi”. An attacker can often spoof this network by creating their own open Wi-Fi network and name it exactly the same thing. If you’re not careful you may join the attackers’ network. Then any information you send over an insecure connection can easily be read by the attacker.  

Phishing Attacks 

Phishing is a common term these days, but the attacks used are growing more complex. Often attackers aren’t spamming out phishing emails from a gmail account anymore. These days attackers are researching a company on LinkedIn or other sources and determining who the important contacts are. Armed with that information they’ll attempt to gain access to a user’s email and from there request bank transfers, confidential information or send other phishing emails to that users’ contacts. It’s likely that could even involve customers.  

This type of targeted attack is called “Spear phishing” and is becoming much more common lately. Another offshoot of this is “Whaling”. This is when attackers use spear phishing tactics to target high-profile targets, such as a CEO or Owner. These targets often have a goldmine of data in their accounts and attackers can use the targets position of authority to again request money transfers, confidential information, or other items. 

The best way to prevent these attacks is to make sure users are trained on security awareness. Some will pick up on it much faster, so it’s also a good idea to simulate phishing emails to your users on a regular basis. This will help keep employees trained and identify those users who are slow to understand and offer them further training.  

Drive-By Attacks

Drive-By attacks are another technique for delivering malware to a PC. Attackers often look for websites or applications with vulnerabilities where they can install their own malicious code. When unsuspecting victims visit these sites or apps the malicious code might install malware onto their device or could redirect their browser to a website the attacker controls.  

These types of attack tend to not require any action from a user. Just by visiting the vulnerable page or application you are unknowingly infecting yourself. This is why it’s always important to keep your applications, browsers and operating system up to date. When patches or updates are released it’s often to fix vulnerabilities that were discovered. 

 Password Attacks 

At this point in 2020, I hope most everyone in a business setting is aware of good password hygiene. The problem is even those who are aware, still don’t use that knowledge. Google did a study in 2019 where they discovered that 1.5% of more than 21 million logins were using breached, or publicly leaked, credentials. Even after warning these users of the breached credentials only 26% changed their password. You can read more on this study here: https://www.usenix.org/system/files/sec19-thomas.pdf 

This tells us that even when we know that our email and password have been leaked in a data breach, we don’t often follow through and update that information. Or maybe we do update it for a single website. What other websites though are that exact same email and password used on? 

If you’re interested in seeing what credentials have been leaked from your company head over to https://biztechnologysolutions.com/dark-web-scan. We’ll run a Dark Web Scan for you and setup a meeting to go over the details, so you understand the risk it presents to your company. 

SQL Injection Attacks 

SQL stands for Structured Query Language and is a programming language commonly used to communicate with databases. When I say common, I mean most websites and applications you use probably have an underlying database where information, sometimes sensitive, is stored. A successful SQL injection attack occurs when an attacker can inject malicious SQL code to expose sensitive information.  

For example, say you want to sign–in to a website and you’re presented with the common username input box. Generally, we would simply enter our username. 

Username: BizTech

The website then takes this input and sends it to the SQL database to verify this user exists, which looks something like the following: 

SELECT * FROM Users WHERE Username = “BizTech” 

This is telling the database to select all records from the list of Users and find the Username that matches BizTech. If that User exists, then they get signed in. The problem is if the user input is not validated or “sanitized” then it can be easily attacked. Let’s say an attacker tries the following: 

Username: “or” “=”

The SQL query to the database then looks like this: 

SELECT * FROM Users WHERE Username = “” or “”=”” 

This query can only return 2 values, TRUE or FALSE. Since “=” will always be TRUE this query would satisfy the Username requirement and potentially show a list of all usernames in the database. This is why it’s important to always be careful what information you’re sharing online with various websites. Also, its recommended to use different passwords for all the sites you have accounts on, in case one of those sites is vulnerable and your credentials are leaked. 

Cross Site Scripting (XSS) Attacks 

XSS attacks are found on vulnerable web sites and web applications. Similar to a SQL injection attack, an attacker can inject malicious code (most frequently JavaScript) into a vulnerable site. If a visitor to that site loads this malicious code, then an attacker can perform many different tasks. One common example is using the attack to steal the victim’s “cookie” to that site, allowing the attacker to impersonate the victim and access their account. This is called session hijacking. Other common examples are logging keyboard strokes, capturing screenshots and even webcams.

Denial of Service (DoS) or Distributed Denial of Service (DDoS) Attacks 

A DoS attack is different from most other attacks in that it’s not trying to gain access to information or systems but prevent them. As the name states, this attack is meant to deny a service and prevent it from being used. This is commonly done by overwhelming the server or infrastructure that is supporting that service. 

As a simple example, let’s say you take orders on your website and that website is capable of handling 50 concurrent visitors at any time. If an attacker, or maybe even a competitor, wants to prevent you from taking orders they could launch a DDoS attack which uses 100 different computers that they control to flood your website with requests. These requests obliterate your website’s internet bandwidth and processing power to the point that it’s unusable. If this is carried out over an extended period, how much business are you losing in unprocessed orders?  

A large DDoS attack could even shutdown complete countries. This happened to Estonia back in 2007 when the Estonian parliament, banks, and more were attacked. You can read more on the attack here: https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia 

 Zero-Day Attacks 

A zero-day, also seen as 0-day, is a vulnerability that is unknown or unpatched. Until those vulnerabilities are fixed, attackers can exploit them while the victims remain unaware or are waiting for them to be patched. A good example is the EternalBlue exploit, which was a zero-day developed by the U.S. National Security Agency (NSA).  

EternalBlue was a zero-day vulnerability found in many versions of the Microsoft Windows operating system. The exploit was used in the WannaCry ransomware attack that took place in 2017 and shutdown many large companies worldwide. It’s unknown how long the NSA was aware of the vulnerability but they have come under much criticism for their failure to report it to Microsoft sooner. 

Microsoft, after becoming aware of the vulnerability, has since patched it for all affected versions of Windows. This is why it’s important to keep all patches and security updates up-to-date to avoid any potential attacks. The city of Baltimore being a prime example. 

In May of 2019, the city of Baltimore was hit with a cyber attack by attackers using the EternalBlue exploit. This being more than 2 years since the release of the patch for EternalBlue. The attack on Baltimore damaged many of the cities computer systems and disrupted real estate, water bills and other services for over a month. 

 Physical Attacks 

Last but not least is physical attacks. This type of attack is when an attacker is physically at your location and is able to compromise your systems unknowingly. One example could be an attacker dressed as a delivery truck driver or maybe even a policeman. Attackers will try to look the part of someone trustworthy or authoritative. If they are able to walk around the building without being questioned, they might walk into the server room or datacenter and attempt to access your systems. 

They may use techniques like shoulder surfing, where they watch as someone types their credentials on a keyboard, or piggybacking, where an employee holds a locked door open for them to be polite. As humans we generally want to be helpful and impress others with our moral character. These are things that an attacker may try to exploit in a physical attack. This is why its important to have good security procedures in place at your organization and even monitor who goes in and out of the office or server room using surveillance.  

 If you find yourself overwhelmed with the idea of trying to secure your infrastructure then reach out to us to see how we can help, because with the everchanging world of technology it’s hard to know everything. And why should you? As an Owner or Manager of a business you have a lot on your plate already so should keeping up with the most recent cyber threats, which are continually changing, be one of them? 

At Biz Technology Solutions we offer a comprehensive range of security and IT solutions to meet the needs of any business. If you’re struggling to keep your business systems protected, or if you’ve discovered that you have bad security practices that need attention, contact us today!