The damage that cyberattacks inflict on businesses is manifold: outright extortion, theft of technology and sensitive information, forced downtime, reduced quality of products and services that lead businesses to lose profits and lose trust with customers and partners.
This year, due to the pandemic, the situation was further complicated by the global transition of companies to remote work. Experts name five main types of cyber threats: ransomware, targeted cyberattacks, DDoS attacks, fishing, and internal threats related to insider activities and human error.
Ransomware
Ransomware viruses encrypt data on a user’s computer and demand a ransom for the ability to restore access to it. Usually, they ask for ransom in cryptocurrency. Having penetrated a corporate network, ransomware viruses are capable of blocking a large number of computers at once.
What to do?
Traditional antivirus programs are only effective against already known ransomware viruses. The antivirus is based on a card index of signatures, by which it identifies the enemy. Therefore, it can only identify “familiar offenders”. More modern security tools use elements of artificial intelligence and recognize ransomware viruses not by signatures, but by behavioral features.
But complete protection against ransomware requires not only modern software, but also systemic prevention, including risk assessment, installing firewalls, creating backups, developing response scenarios, and other measures.
Targeted cyberattacks
A targeted attack or APT (advanced persistent threat) is the aerobatics of cybercrime, a planned operation, usually in several stages.
First, attackers look for a way to infiltrate the corporate network: they collect information, look for company vulnerabilities (not only digital, but also physical), study the schedule, routes, weaknesses of the employees of interest, and so on.
Then the actual penetration is carried out: attackers can send a fishing email targeted to a specific employee, steal an employee’s phone to extract any corporate passwords, infiltrate the company’s trust under the guise of a contractor, or enter an office as a courier – there are many options. The goal at this stage is the hidden installation of software on corporate equipment.
When the foothold is ready, the attackers, acting already from within the company, get to the information they are interested in and steal it bypassing the means of protection. Then, as a rule, there is a “cleanup”: attackers cover their tracks so that the attack is not detected. Any other cybercriminal methods can be used in a targeted attack – fishing, extortion, and so on.
What to do?
Preventing targeted attacks is challenging. However, modern means of protection, when used correctly and comprehensively, make it possible to understand that some unauthorized activity is taking place in the company. For example, Network Access Control allows you to exclude the introduction of a third-party device into the network. Each user must first go through identification and authorization. Everybody gets strictly defined rights in the system.
Preventing targeted attacks requires a strict and clear distribution of access rights within the company and adherence to the principle of minimum sufficiency.
DDoS attacks
DDoS attacks pose a threat primarily to companies whose activities are directly related to the Internet (all e-commerce), as well as to telecom operators.
Recently, cybercriminals have been willingly “recruiting” Internet of Things (IoT) devices into their botnets, for example, household appliances with an Internet connection: printers, smart speakers, air conditioners, lighting systems in a smart home, and so on. The manufacturers of IoT devices, like the users of these devices, often pay little attention to their security, so it is relatively easy to infect an IoT device.
What to do?
To combat DDoS attacks, DDoS filters are used to selectively cut off “garbage” calls to the server coming from bots. Prevention of DDoS attacks includes the provision of redundant capacities, as well as reasonable minimization of contacts of the system with other devices: access to the system should be closed to ports, protocols and applications that are not intended to interact with.
Phishing
Like a fisherman, an attacker prepares a bait and a “hook”. Most often, the bait is a message or an email that can interest the recipient, and the hook is a malicious executable file embedded in this letter or a hyperlink to it.
When you open the link, you launch a malicious file.
What to do?
The danger of fishing is that the main element in it is not technical, but psychological. Attackers know that it is easier to deceive a person than a machine. Make sure that you use the best communication tool. Slack is one of the most-used apps for internal business communication, but make sure to explore alternatives to Slack that include more options. This way you are reducing the channels of danger.
Modern means of protection allow cutting out the executable content in all files that are transmitted via the Internet in automatic mode, leaving only text and images. They can also analyze links during the opening process and interrupt this process if they fix the launch of executable files. For more information about crypto or stocks prices visit Finscreener.
Conclusion
In recent years, attackers are increasingly using advanced technologies such as artificial intelligence and social engineering methods, they exploit the vulnerability of human psychology. These factors, among others, suggest that it is time to move the basic understanding of cyber threats from the professional field of IT specialists to the field of general knowledge. Each employee must have a certain understanding of modern threats, especially the leader who sets tasks for digital security specialists.
