Of the four main types of cyber attacks, some are more common than others, and each works in a different way, with different steps taken to protect from them.
Phishing Cyber Attacks
Phishing is when a seemingly innocuous email is actually a cyber attack. Some phishing emails purport to be from government bureaus, employers or other bodies of authority, and try to trick the unassuming receiver to reveal their personal information. Other phishing emails have a link or an attached file, which the receiver clicks on to activate the download of a malware programme.
Spear phishing is a type of phishing where the hacker has already researched the end target, and uses their knowledge to tailor the cyber attack.
Phishing attacks are easy to fall for, and the only way to protect against them is to have a habit of checking emails for legitimacy. Incorrect spelling or grammar and email headers can be giveaways to detect a phishing attack. Hover over a link to check the URL before clicking it, and when in doubt, don’t click links or files.
Malware Cyber Attacks
Malware is any software programme downloaded to your device, without your knowledge and for malicious intent. Another common type of cyber attack, malware steals, encrypts or tampers with data on the device.
Malware can be prevented with proper cyber security software, including a firewall and Trojan antivirus programme, and only download software from trusted sources. One type of malware, ransomware, blocks authorised users from accessing their own data until they pay a ransom. Ransomware can be protected from by frequently backing up system data on a separate device.
Brute Force Cyber Attacks
Rather than relying on sophistication, a brute force cyber attack uses a trial and error approach. Hackers will try to guess a password by putting together random combinations of letters, until the correct combination eventually comes up.
Though it is a brawn over brains approach, brute force cyber attacks are actually more reliable. Technically, this approach is infallible as it will eventually work, though it can be time-consuming to the point of exhausting resources for hackers.
Key ways to protect against brute force cyber attacks include using complex passwords with a combination of lower case, upper case, numbers and special characters, as well as using multi-factor authentication. It also helps to limit the number of login attempts and enable captchas that will prevent bots from guessing passwords.
Password Credential Stuffing
Hackers who have stolen credentials don’t need to rely on a brute force cyber attack and can simply use password credential stuffing to gain unauthorised access to an account.
Hackers have access to databases of stolen log-in data, taken from data breaches from platforms with inadequate cyber security. With automation, hackers can use credentials from the breached platform to gain access to accounts on other platforms.
As reused passwords only make a hacker’s job easier, one way to protect against password credential stuffing is to have a unique password for important accounts, as well as using multi-factor authentication.
Cyber Security Awareness Training
ITConnexion offers Cyber Security Awareness Training that is fully funded for eligible SMEs and NFPs. Register your interest in the programme, or contact us for more information.