Cyberattacks can come from a lot of different places and can take a lot of different forms. Some hackers painstakingly outline plans of attack, while others might release low profile bots to casually probe a company's defense systems. Hackers might quietly try for years to gain access to an organization's network with no success and then one day find an opening.
But make no mistake; these different approaches can be equally dangerous. Once in control of employee credentials or admin privileges, the method of entry begins to matter far less.
Before a hostile entity has fully breached your network, knowing which methods of attack you're most exposed to is extremely important. Some of these types of attack are extremely visible and are almost certainly vectors that you've heard about before, while others are much more sneaky and hard to anticipate.
In 2021, data compromises reached 1,862 — a 16-year high. — Statista1
The Usual Cyberattack Suspects
Three common types of cyberattacks are ransomware, phishing and Trojan horse. Even though they've been around for a long time, they still do plenty of damage.
Ransomware
Ransomware is quickly becoming one of the scariest types of cyber attacks that companies can face, largely due to the rise of ransomware-as-a-service (RaaS)2 organizations that license their nefarious software through subscriptions. RaaS has increased the volume and sophistication of ransomware attacks, as it has now become extremely inexpensive for low-level cybercriminals to buy the capability to launch highly complex attacks.
These attacks are almost always financially motivated, and their high success rate has encouraged more and more criminals to attempt them. Due to the high availability of this kind of software and the relative ease of remaining anonymous throughout the hack and ransom extraction process, ransomware is one of the biggest dangers to companies around the world today.
From 2020, right up through today, the challenges of the COVID-19 pandemic and increasing frequency and severity of ransomware attacks put pressure on the U.S. cyber liability market.
Phishing
Phishing is one of the oldest types of cyber attacks — getting its start in the mid-1990s3 — and relies on your people's naiveté to be effective. Instead of using any particular type of hacking software, phishing relies on tricking people who have access to credentials or a system to hand over access to hackers voluntarily.
Phishing often takes the form of faked emails or other forms of communication. It takes advantage of employees' trust in their own system and challenges even extremely secure organizations. Once phishing groups find a way to get hold of bulk company emails, they will often select employees to target and then start sending out emails pretending to be clients, business partners, IT professionals, or a host of other entities. They often encourage employees to give up credentials in novel and creative ways, hoping not to be noticed. If an employee does sense something sketchy, the discovery can easily make the hackers' job much more difficult. It's important to train all members of your organization to recognize phishing attempts, as even a single slip up can compromise an entire system.
While there's a lot you can do to train your team to be aware of phishing attempts, the problem is that hackers will always think up new ways to trick people into giving up essential information. As long as hackers can find and contact people who work at your organization, phishing will continue. The best solution is keep up with the most current styles of attempts and keep your employees updated.
Trojan Horse Attacks
Trojans are programs that hide in plain sight, pretending to be the real deal when they are actually copies of applications that you trust. Hackers spend time and energy replicating commonly used programs to convince employees or users that they're completing a normal task, such as logging into a company portal. Instead, the Trojan will send the login credentials straight to the hacker group, allowing them to then access your network whenever they choose.
A Trojan attack usually begins when an employee is tricked into downloading some kind of program onto their computer, thinking that it's a normal program. Hackers often send these through phishing emails or hide them elsewhere on the internet where they think that people will see them. Once on the computer, the program will try to trick you into entering useful information into it.
The New, Evolving Cyber Threats
Cyberattacks continue to evolve, both in their ingenuity and their impact. Denial of service (DOS) attacks, zero-day exploits and internet of things (IoT) attacks are three types of attacks we are seeing with increased frequency.
Denial of Service Attacks (DOS)
DOS attacks4 take advantage of the limited network resources that an organization has allocated to a particular website or service. These attacks usually send armies of bots to flood a portal or website, overloading the network capabilities of the system. Then the portal is slowed or overloaded to the point where it can't execute its original purpose of serving actual customers.
Banks and other companies that use the internet to regularly connect their customers to an essential service are often vulnerable to these kinds of attacks. After the bots have effectively disabled the website or portal, the hackers can demand a ransom or other kind of payment for the return of the service.
Zero-day Exploits
Zero-day exploits use a variety of different malware to compromise a newly launched system or program. As programs age, they often grow more robust by deflecting attacks and setting up new security measures. Brand new programs or portals are vulnerable to attacks that take advantage of their lack of security.
The Log4j attack of 20215 is a good example of a widespread zero-day exploit. This common program was widely used by websites around the world and was relatively secure for years. Then, an update to the script by the company that developed it revealed a backdoor to hackers. Without knowing it, websites everywhere were compromised overnight due to a simple update to a common program.
Internet of Things (IoT) Attacks
IoT attacks6 represent a new and growing threat to organizations everywhere. Instead of being a specific type of attack, this category encompasses all types of attacks routed through new devices or services that have been recently connected to the internet. As more and more types of devices become "smart" and are added to the global network, more vectors of attack are made available to hackers. Essentially any device connected to a building or system's network can potentially be hacked, including inconspicuous devices like smart doorbells or security systems.
The important thing to remember is that as our world becomes more interconnected and digitized, threats will continue to come from new places. As your organization grows and adds new systems to its network, remember that they're also potential future security threats.
Sources
1"Annual Number of Data Compromises and Individuals Impacted in the United States From 2005 to First Half 2022," Statista, accessed 24 Aug 2022.
2Microsoft 365 Defender Threat Intelligence Team. "Ransomware as a Service: Understanding the Cybercrime Gig Economy and How to Protect Yourself," Microsoft, 9 May 2022.
3"History of Phishing," Phishing.org, accessed 24 Aug 2022.
4"Security Tip (ST04-015): Understanding Denial-of-Service Attacks,"Cybersecurity & Infrastructure Security Agency (CISA), revised 20 Nov 2019.
5Weeks, Ryan. "Datto's Response to Log4Shell," Datto, 11 Dec 2021.
6Seals, Tara. "IoT Attacks Skyrocket, Doubling in 6 Months," Threatpost, 6 Sept 2021.
