5 Common Cyber Attacks You Should Know About
A new breed of criminals is on the rise these days – cybercriminals. These evil geniuses make use of various tactics to compromise systems and steal valuable information. Most of these attacks exploit vulnerabilities in software, systems, network, technologies, or the human factor. Some are more sophisticated, frequent and damaging than others, but all aim to do the same thing: disrupt the targets to seek benefits.
Here we break down some of the most commonly employed methods to achieving this illicit goal. While this list is not exhaustive, it covers the 5 most commonly faced threats users face today.
Malicious software – known as malware for short – refers to software that’s designed to compromise a system or computer network. Malware is typically bundled together with legitimate software, which users are then tricked into downloading, either as an email attachment or download link. Viruses, trojans, spyware, worms and ransomware (covered below as well) are some examples of malware.
Targets of malware range from individual Internet users to large organizations such as schools, businesses, government agencies and healthcare institutions. The impact varies by the victim profile, although most victims will experience data loss and IT service outage.
Basic protection against malware begins with the ability to identify malicious attempts in the form of unsolicited email attachments, illegitimate websites or spear phishing (more on this below). Antivirus and malware removal tools can be used to mitigate the damages, although users are advised to follow security best practices in their Internet use and data protection. These best practices can help protect you against malware threats:
- Do not click on hyperlinks, attachments provided in emails messages from suspicious or unknown sources.
- Avoid accessing unknown and unsecured websites.
- Install and maintain the latest anti-virus software on your mobile devices / computer.
- Secure your mobile device with a password, pin or a relevant mechanism to prevent unauthorised use.
- Do not reveal your online login password, One-Time-Password (OTP) or hardware token details to anyone.
- Keep us updated with your current mobile number and email address so you are alerted to transactions or account activity.
Phishing is the fraudulent practice of sending emails that look very close to legitimate communications from established companies or organizations, enticing targets to reveal personal information like their login credentials or credit card details. Often, the attacker will encourage the target to provide this info by offering them a reward (e.g. “Simply log-in to receive 10% OFF!”) or threatening them with a penalty if the information is not provided (e.g. “Verify your account to avoid losing your points.”). The victim, if he falls for this ruse, will have voluntarily transferred sensitive personal information to the cybercriminal impersonating as a legitimate financial institution, business or an organization representative.
Some attackers take it a level higher with what’s known as spear phishing. This involves customized email communications, where the attackers include details to make the email more relevant and believable to the target. In these cases, they may include things related to their social or professional network, their past login credentials that may have been compromised earlier or their browsing habits or a software they used in recent past.
To protect yourself against phishing, be sure to:
- Do not click on any suspicious link or open any attachment as this is the first clue of a phishing attempt. Instead, always enter the full URL for Income web site into your browser address bar.
- Avoid downloading applications from unofficial third-party application stores.
- Always ensure that you’re using a secure website when submitting personal or other sensitive information via your web browser.
- Ensure your devices are updated with the latest anti-virus software, software security patches and have a personal firewall installed and activated.
- Do not reveal your online login password, One-Time-Password (OTP) or hardware token details to anyone. (Note: we will never ask you for your password for whatever reasons.)
For more on the signs of phishing, check out this website.
Simply put, ransomware is a type of malware that prevents victims from accessing their systems or data until a ransom is paid. Ransomware is typically distributed via emails, social media or malicious websites emulating legitimate businesses. Once downloaded, the ransomware encrypts the target machine or perpetually locks access to the system. A ransom payment is then demanded with a promise to open up access or provide decryption keys - no guarantees, of course!
You can prevent this situation by spotting and avoiding attempts that encourage you to click on suspicious links or to download attachments. Here’s how to avoid ransomware attacks and what to do if you’ve become a victim:
- Keep regular backups of your valuable data. When your data is encrypted by a ransomware attack, you can simply recover backup files instead of approaching cybercriminals and having ot pay the ransom.
- Avoid unsolicited email communications and illegitimate websites that ask to click on links or download attachments.
- Avoid sharing personal information online when answering to emails that pose as legitimate sources.
- Do not download apps, pirated software and data from illegitimate sources and marketplaces.
If you have downloaded ransomware by mistake, ransomware protection solutions can help prevent unauthorized encryption and recover damaged files. Here’s a list of some of the best ransomware protection solutions available.
4. Social Media Fraud
Social media has become a part of our lives, so much so that cybercriminals now commonly use it to run their illicit activities. Typically, these attacks are either meant to harm specific individuals (possibly due to personal reasons) or to trick random users into fraudulent transactions.
Because of how easy it is to reach others on social media, these interactions usually take place directly between attacker and victim. To avoid falling prey to these attacks, it’s important to know who you are talking to on your social accounts and to assess the legitimacy of their communications across the network. Regulate your privacy settings to hide your personal activities from people you don’t know online. Never share your sensitive personally identifiable or financial information. Seek assistance from appropriate authorities in event of cyberbullying incidents and report suspicious activities from accounts impersonating your friends online.
Here’s what to look out for:
- Sharing too much information about your life online can hit back. Watch out for the online accounts following your online activities.
- Report or share online harassment information with the appropriate authorities for immediate help against potential harm.
- Avoid sharing sensitive personal or financial information online that could be used to harm you.
- Beware of suspicious attempts by strangers asking for special favours. Perform adequate due diligence before approaching them with any assistance.
5. Man in the Middle Attacks
Consider Man in the Middle (MITM) attack as eavesdropping in the cyberworld. The process involves an additional unauthorized entity, the MITM, relaying communication between two or more parties. The MITM intercepts the communication and relays information between the victims.
Consider a communication scenario between a bank and their customer. A bank requires the customer to submit their login credentials to perform an intended financial transaction and asks the customer to provide this information via an online portal. The MITM intercepts this communication and routes the customer to an illegitimate website that looks just like the original banking portal. The unaware customer submits the necessary login information and receives a confirmation for transaction from the fake website.
The MITM attacker is able to monitor, modify and control the communication between two entities to gain the intended information from the victim. Threatening as it sounds, here are a few quick ways to reduce the risk from MITM attacks:
- Avoid websites that don’t have secure SSL certificates – the HTTPS title and the green padlock alongside the browser URL bar.
- Avoid sharing sensitive financial information and login credentials when browsing from public WiFi networks.
- Use VPN connections on public hotspots.
- Avoid downloading attachments or clicking links on suspicious websites.
- Be wary of phishing attempts via social communications and email.
Knowledge of the common cybersecurity threats is the first step toward mitigating the risks. By understanding how they work, you can identify and anticipate potential attempts to compromise your online accounts, systems and identity.
For even more protection, learn more about basic security mechanisms available to beef up your security online, including the use of HTTPS-enabled websites, secure browsers such as TOR, antivirus solutions and technologies to help combat existing threats.