For as long as businesses have existed, they have fallen under the greedy gaze of criminals. Due to its rapid and largely uncontrolled growth, cyberspace has emerged as a 21st century reincarnation of the Wild West, where cybercriminals are frequently one step ahead of the law. Most of the criminal strategies fall under the heading of malware: “software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system”. Here are a few examples.
Carrying the dubious reputation as “the fastest growing form of computer virus”, ransomware is the gun-slinging Highwayman of the digital motorway. There are two main attack strategies:
- Making files inaccessible until a ransom is paid
- Blackmail threats
Blackmail tactics usually involve contacting every name on a corporate mailing list with ‘evidence’ that you have been viewing illegal or risqué material.
In nine cases out of ten, ransom attacks are not just smoke and mirrors but represent genuine attacks. Furthermore, according to ransomware specialists, in at least 10% of cases the files have been so scrambled that even after the fee has been paid, the data is irretrievable.
- Update software regularly
- Undertake a security awareness programme
- Install monitoring and risk assessment software
- Always give hardware a deep cleanse before assigning it to a new employee
As firewalls and other security devices become increasingly resilient, cybercriminals have to think outside the box when infiltrating a system. Social engineering – where users are tricked into believing that an attachment or link is from a trusted source – is responsible for at least 1 in 4 data breaches. It can be used to instigate a ransomware attack, steal confidential information, or turn the device into a ‘zombie’ that can be controlled to carry out other attacks.
This type of attack embeds itself very deeply inside a system and can be very challenging to remove. If this has happened to you please seek professional hardware and software cleansing as soon as possible.
Distributed Denial Of Service (DDoS)
Distributed Denial of Service (DDos) is the digital equivalent of the Gatwick Airport drone fiasco. DDoS does not offer monetary gains for the attacker. Instead, the glow of success is fuelled entirely by the disruption of your service. It is used to tarnish reputation, irritate customers and stakeholders, or take a system offline so that another type of attack can be launched.
DDoS attacks can be prepared for. Always:
- Use a firewall that prevents SYN packets
- Use a firewall that checks incoming IP packet size
- Update patches to protect against Teardrop attacks
- Use black hole filtering
- Recycle or cleanse hardware
You may already know about phishing, which is a combination of social engineering and technical wizardry that dupes the user into installing malware. Spear phishing is more serious, because it is a targeted and well-researched attack. Attackers gather genuine information from a variety of sources, including old hardware that has not been properly recycled, and use it to mimic real people. Little scraps of data can quickly add up to a serious data breach. This type of attack mimics genuine contacts to dupe you into downloading malware, and may trick you into entering personal information.
Spear phishing is personal and targeted. Any business is vulnerable, and all it takes is one employee’s error to bring an entire network down. To avoid spear phishing promote critical thinking – encourage employees to think carefully before they click on a link, and completely erase data when you recycle old equipment – prevent the attackers from getting a data foothold.
Attacks exploit vulnerabilities, and most vulnerabilities have their basis in data leaks. Computers store vast amounts of sensitive data, and they need to be properly recycled and digitally cleansed. If you are concerned about vulnerabilities, Absolute IT can help. For your free IT asset disposal inquiry, get in touch today.