Explanation of common security threats
Your parents have always said that it’s a dangerous world out there. Well, it is a dangerous virtual world as well. You were also told not to talk to strangers, but can you be sure the website you’re logging into is that of your bank and not a forgery created by a cybercriminal?
Did you know that in 2018, about 70 percent of ransomware attacks in 2018 targeted small businesses, with an average ransom demand of $116,000, according to a recent report from Beazley Breach Response Services. According to the 2018 Verizon Data Breach Investigations Report, 58% of cyberattack victims were small businesses (organizations with fewer than 250 employees). “The threat environment is active and intense,” says Cyrus Walker, Managing Principal at Data Defenders, a cybersecurity advisory, response and managed services provider. “A cybercriminal has a much greater opportunity for success in attacking a small business because small businesses are very weak in their security countermeasures.”
Cybercriminals use many different methods to lure you into parting with your confidential information. As a small company doing business on the web, you need to be aware of these methods so you can be extra vigilant when online.
Here’s a quick explanation of some of the common security threats you may come across:
Adware and spyware: By “adware” we consider any software that is designed to track data of your browsing habits and, based on that, show you advertisements and pop-ups. Adware collects data with your consent — and is even a legitimate source of income for companies that allow users to try their software for free, but with advertisements showing while using the software. The adware clause is often hidden in related User Agreement docs, but it can be checked by carefully reading anything you accept while installing software. The presence of adware on your computer is noticeable only in those pop-ups, and sometimes it can slow down your computer’s processor and internet connection speed.
When adware is downloaded without consent, it is considered malicious.
Spyware works similarly to adware, but is installed on your computer without your knowledge. It can contain keyloggers that record personal information including email addresses, passwords, even credit card numbers, making it dangerous because of the high risk of identity theft.
Malware: Malware is short for “malicious software.” Wikipedia describes malware as a term used to mean a “variety of forms of hostile, intrusive, or annoying software or program code.” Malware could be computer viruses, worms, Trojan horses, dishonest spyware, and malicious rootkits—all of which are defined below.
Ransomware: is a subset of malware in which the data on a victim's computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access is returned to the victim. The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack. Ransomware malware can be spread through malicious email attachments, infected software apps, infected external storage devices and compromised websites. Attacks have also used remote desktop protocol and other approaches that do not rely on any form of user interaction.
Virus: A computer virus is a small piece of software that can spread from one infected computer to another. The virus could corrupt, steal, or delete data on your computer—even erasing everything on your hard drive. A virus could also use other programs like your email program to spread itself to other computers.
Trojan horse: Users can infect their computers with Trojan horse software simply by downloading an application they thought was legitimate but was in fact malicious. Once inside your computer, a Trojan horse can do anything from record your passwords by logging keystrokes (known as a keystroke logger) to hijacking your webcam to watch and record your every move.
Malicious spyware: Malicious spyware is used to describe the Trojan application that was created by cybercriminals to spy on their victims. An example would be keylogger software that records a victim’s every keystroke on his or her keyboard. The recorded information is periodically sent back to the originating cybercriminal over the Internet. Keylogging software is widely available and is marketed to parents or businesses that want to monitor their kids’ or employees’ Internet usage.
Worm: A computer worm is a software program that can copy itself from one computer to another, without human interaction. Worms can replicate in great volume and with great speed. For example, a worm can send copies of itself to every contact in your email address book and then send itself to all the contacts in your contacts’ address books. Because of their speed of infection, worms often gain notoriety overnight infecting computers across the globe as quickly as victims around the world switch them on and open their email.
Phishing: Phishing scams are fraudulent attempts by cybercriminals to obtain private information. Phishing scams often appear in the guise of email messages designed to appear as though they are from legitimate sources. For example, an email message would try to lure you into giving your personal information by pretending that your bank or email service provider is updating its website and that you must click on the link in the email to verify your account information and password details.
Rootkit: According to TechTarget, a rootkit is a collection of tools that are used to obtain administrator-level access to a computer or a network of computers. A rootkit could be installed on your computer by a cybercriminal exploiting a vulnerability or security hole in a legitimate application on your PC and may contain spyware that monitors and records keystrokes.
Rootkits gained notoriety when, in 2005, a security blogger discovered that a copy-protection tool inside music CDs from Sony BMG Music Entertainment was secretly installing a rootkit when users copied the CD onto their computers.
DoS and DDoS attack: A DoS, or Denial of Service attack is performed by one machine and its internet connection, by flooding a website with packets and making it impossible for legitimate users to access the content of flooded website. Fortunately, you can’t really overload a server with a single other server or a PC anymore. In the past years it hasn’t been that common if anything, then by flaws in the protocol.
A DDoS attack, or Distributed Denial of Service attack, is similar to DoS, but is more forceful. It’s harder to overcome a DDoS attack. It’s launched from several computers, and the number of computers involved can range from just a couple of them to thousands or even more.
Since it’s likely that not all of those machines belong to the attacker, they are compromised and added to the attacker’s network by malware. These computers can be distributed around the entire globe, and that network of compromised computers is called botnet.
Botnet: A botnet is a group of computers connected to the Internet that have been compromised by a hacker using a computer virus or Trojan horse. An individual computer in the group is known as a “zombie” computer. The botnet is under the command of a “bot master,” usually to perform malicious activities. This could include distributing spam to the email contact addresses on each zombie computer, or to perform a DDoS attack.
There are several hardware and software appliances that are available to assist your company in the fight against cyber threats, and 24ITintegrator can help you find the best tools to for your business. However, these measures cannot be effective without employee training. The employees need to be able to identify malicious emails and web sites, and know when it is safe to enter their credentials. We are also available for employee training.