Security threats - The 3 most common types

The most common cyber-attacks can put any business at risk. It’s often a misconception that if you run a small business, you aren’t at risk of an attack. Unfortunately, this isn’t the case. Hackers will target anyone that is holding personal data whether that be your customers, your employees, or your information.

Any information these criminals get hold of is a way to make money. They can do this by selling the data to a third party or demanding money from your business to have the encryption key.

Even if you have a strong, up-to-date anti-virus in place, you’re still at high risk of these common cyber-attacks. So, you should still consider extra barriers of protection around your data. Every business needs anti-virus as this is a necessary level of security for all systems. However, there should be additional controls in place.

You don’t need to be good at coding to hack someone. The most modern attacks come from criminals impersonating other people or companies. They also spy on their victim to find out everything they need to know. Having the latest software and being up to date is always great… but knowing to spot those who might be impersonating someone, is a bonus.

It can be hard to keep up with the security threats you should be protecting your company against. We have outlined the three most common cyber-attacks, what they are, and how to prevent them. Additionally, we’ve added in any services we offer that can help you prevent these attacks.

1. Social engineering:

Some people might believe that security is all about anti-viruses and software. However, knowing who to trust is a major factor in keeping your business safe. Social engineering doesn’t rely on coding or attacking software, it simply relies on how easily you trust someone.

So, what does social engineering look like?

Though it is one of the most common cyber-attacks, it can also be one of the most difficult to spot. This is because it can present itself as a text, call, or email from a friend, family member, or employee.

For example, you might receive an email from a colleague asking you to make an immediate payment, or you might receive an email from HR asking you to send your most up-to-date bank details. Other common examples are cybercriminals impersonating Office 365 and asking you to log in to check undelivered emails.

If you’re not used to receiving requests from these departments, you might be more inclined to ignore them. However, if you usually receive emails from your boss asking for financial information, it might be hard to ignore. Cybercriminals will usually know from doing their research, about the type of emails you receive.

The best way to avoid this scam is to never send your personal information over email or text. After all, even if that person is genuine, they can’t guarantee their emails won’t get hacked in the future. If a cybercriminal does hack their account, all your details will be there for the criminals to take. Always try to provide your details in person and NEVER send them over text or email.

What are common techniques for social engineering?

The most common denominator in social engineering is the skill to disguise.

Phishing – Criminals that are using this technique will send out numerous emails to numerous people and wait to see who falls for the bait. They might target a group such as the finance department. If they’ve gained access to someone’s email account, they might target everyone in their contacts.
Spear phishing – This is one of the scariest attacks because they target an individual as opposed to a group of people. This is the most common cyber-attacks after a successful phishing attack. Today’s lifestyle can make this easier for hackers because they can find out so much about you with just the click of a button. Many of us post our daily interactions as well as personal information on Facebook, Twitter, TikTok, or Instagram. This information can help them see what brands you interact with, or which bank you use. A hacker can then impersonate someone from these companies knowing you have trust in them already.

Social platforms are a treasure chest for criminals because some people don’t have privacy settings. It can also be common for a lot of business owners to make their business and personal profile the same. However, we advise businesses to create a separate account and completely disconnect the two.

What can you do to avoid this attack?

When it comes to avoiding social engineering attacks, you and your employees mostly need to rely on being vigilant.

However, we also provide cyber security training for businesses. Our security training can help to teach you and your team how to spot and report a fraudulent email, as well as prevent some of the other common cyber-attacks.

We also provide an email spam filter to provide an extra layer of security to your emails and protect company data.

2. Brute force attack:

Brute force attack was one of the most common cyber-attacks that was reported in 2021. This is one of the easiest and most reliable ways a hacker can get the information they need.

What is a brute force attack?

In short, a cybercriminal will keep using different hacking methods until they find the right one. They tend to be resilient, and don’t give up until they find a weakness in your business security.

What techniques are used in a brute force attack?

A brute force attack involves trying different combinations of passwords and usernames to access your company accounts. This can often be referred to as a dictionary attack because the hacker will use software and go through a dictionary of possible password combinations.

Because of how quickly they will attempt to gain access to this information, they often rely on a computer to enter the different combinations. Did you know that a criminal can try millions of different password combinations within minutes?

A brute force attack can also use common passwords from previous attacks. One of the most common passwords is ‘password123,’ and hackers will collect a list of possible usernames to see if any of them match.

A criminal will also look for any vulnerabilities in your IT infrastructure. They do this by running security vulnerability tools as well as trying to find weaknesses in your systems that are managed by your firewall. Network access can be gained through a simple vulnerability such as a CCTV system, web server, printers, or unpatched software.

What can you do to avoid this type of threat?

Though it can be hard to prevent someone from implementing a brute force attack on your company, there are things you can do to prevent them from succeeding. Once a criminal knows you have the resources in place to stop them, they’ll usually put their time and resources elsewhere and leave your company alone.

We also offer a pentest (penetration testing) service. Our specialist engineers will look for any weaknesses or possible ways a criminal can access your company data. We offer this service to all businesses at a competitive price!

3. Malware attack:

Malware (short for malicious software) is a term used to describe the different types of attacks that are designed to harm your computer programs and gain access to sensitive information. A malware attack is anything that can damage your computer, server, or computer network.

What techniques are used in a malware attack?

A breakdown of some of the most common types of malware include:

A virus – This is probably the most known type of malware attack. A virus is a malicious code that alters the way a computer operates. Much like the flu, it will spread quickly. A virus will often lie dormant until someone clicks the file containing it and can disguise itself in an internet file download, social media link, app download, text, and email attachment.

Once clicked, the virus will begin to spread to other devices using the same network. It’s important to avoid opening files that may contain a virus. Once it’s opened and begins to spread, it’ll take everything such as passwords and data. It can also corrupt any of your files, as well as spam your email contacts in the hope they will also fall victim to a malware attack. The devastating impact can cause a loss of customer and employee data, financial information, and damage to a business’s reputation.

Adware – Adware presents itself as an advertisement or a pop-up. For example, ‘Cheap laptops for sale. Adware mostly appears when you open a browser, and you can usually tell you’re at risk of a malware attack when you’re getting constant pop-ups.

If you do open adware, it can’t cause damage to your device. However, the author might be able to track the location of the sites you are visiting. They will then sell this information to third parties who will then replicate those sites or emails and trick you into handing over sensitive information such as bank details.

Ransomware – This attack can disguise itself in a similar way to other malware. It can even be used in a phishing email. Some types of ransomware don’t rely on someone to click or activate it. They will just look for any weaknesses in your security. It might not look different to other types of attacks, but the way the criminals get their money is what makes it different. Cybercriminals using this method demand the money from the business themselves, holding their data ransom.

Once the ransomware takes over your computer, it will encrypt the user’s files and the user won’t be able to decrypt them. Usually, the victim is then sent a message from the criminal detailing how much they are demanding. If the victim pays the ransom, the criminal will send them an inscription code to gain access to the files again. Demands can range from thousands to even millions of pounds. If the business refuses to pay the demand the criminal may sell the data to a third party.

What can I do to avoid these common cyber-attacks?

Malware can be difficult to avoid. Ensuring you have the latest anti-virus can help to filter a lot of these attacks. Being cautious of what you’re clicking or downloading can help to keep your business safe. Implementing a strong business continuity plan will enable a business to continue operating in the event of a ransomware attack.

To sum up…

Cyber-attacks can come in many forms. We’ve covered the three most common cyber-attacks that we encounter, but there are many more ways a hacker can attempt to steal your data.

There are things we can all do to stay vigilant. This includes implementing a password policy in your workplace and providing all your staff with the latest cyber security training, which we offer at CapNet

For the most part, you need to be vigilant when receiving suspicious emails, and never send sensitive data over email or text. If you or your staff do receive a suspicious email, don’t ignore it. Report it. Once a hacker realises you are reporting them, they are less likely to target your company in the future.

Be careful when clicking links or opening documents in emails, texts, websites, and social media. It only takes one member of staff to click a fraudulent link or document for a hacker to gain access to the data they need.

Always use a VPN whenever possible. Using a VPN can give you that added security when you’re working from home or completing your office work at your local coffee shop. Without a VPN, you’re making a hacker’s job ten times easier.

Finally, keep your anti-virus software up to date. You might not be 100% protected from cyber threats, but it will alert you whenever it suspects one, as well as keep the simplest of threats at bay.

At CapNet, we also offer many services that are all designed to help you and your business. We can offer cyber security training to you and everyone in your business. We also offer business laptops that have all the latest software and anti-virus included. If you want to find out more about what we offer, you can give our security team a call today.