5 Common Cyber Attacks and How to Prevent Them
By Eva Schiller
August 31, 2022
Cyber attacks, once just a frightening feature of sci-fi movies, are now a terrifying reality of the Internet Age. ‘Cyber attack’ is a broad term for the purposeful exploitation of a device or network, often to change, access, or steal private data. These attacks became incredibly widespread, with a 2018 study indicating that cybercrime has affected a quarter of American adults. Those who lack the knowledge and technology needed to protect against these attacks, including users, startups, and small to medium-sized businesses, are often the primary targets. Therefore, proactively keeping your users and company safe from cyber criminals is a crucial priority for all businesses. The first step is addressing a variety of potential attacks and putting prevention measures in place for each.
5 Common Cyber Attacks
Phishing is a form of cybercrime that exploits users and fools them into dispensing personal data. Victims commonly will receive a text or email that impersonates their workplace, a friend, or a known company. For example, a victim may receive an email impersonating Paypal, requesting that they visit a link in the email and sign in to re-confirm their account. By entering their data into the provided website, they inadvertently grant the attacker access to their account and finances.
Not all private information on the web must be obtained through hacking and data breaches. Some data is simply hard to obtain without brute force – for example, pricing patterns on online stores, email addresses of users on a social media platform, or the standard username format at a company. Web scraping is a cybercrime where attackers gather improperly protected information from the affected website. Scrapers exploit a variety of security weaknesses, including log-in pages whose error message reveals whether an email is registered to a certain platform. For example, the message might read “email or username doesn’t exist” or “wrong password”. One scraping attack from 2019 left 533 million Facebook users’ data, including phone numbers, locations, names, and birthdates, released publicly on a cybercrime forum. Data obtained via scraping is often used maliciously for targeted phishing attacks or brute-force password attempts.
Malware is a general term for malicious software that infects the affected computer system upon download. It can be used to steal private information, access finances, use the device as a ‘zombie’ in a larger network, or damage programming and data stored on the device. Often, individuals are tricked into downloading malware via deceptive emails and websites or removable media such as flash drives.
Distributed Denial of Service (DDoS) Attacks
All websites limit the amount of internet traffic they can handle at a given time. Once that amount is exceeded, a website may slow down or become unavailable to users. In a Distributed Denial of Service (DDoS) attack, the attacker takes over a large network of devices using malware, creating a botnet, or a collective of bots. The bots can be used to overwhelm a server with simultaneous requests, causing it to go offline. Because the attack is not localized on a single device, it is difficult to differentiate legitimate users from malicious bots participating in the attack.
Ransomware is a potential use of malware that often targets companies. Once the software infects a computer system, it encrypts documents stored on the device. Then, the attackers demand a ransom from the affected company to decrypt their files. In 2021, computer giant Acer succumbed to a ransomware attack by hacking group REvil, losing $50 million. The FBI reports that these attacks are rising in popularity, perhaps due to their high efficacy– the only way to protect against them is via prevention measures.
4 Ways to Prevent Cyber Attacks
- Introducing strong company guidelines is an important first barrier against potential cyber-attacks. Avoiding removable media and scanning all emailed files helps prevent malware and ransomware before it enters the computer network. Furthermore, since attackers often only have the privileges of the account they infected, limit access to administrative accounts and adopt the least-privilege model wherever possible.
2. Ensure secure log-ins for both employees and users. Moving away from a standard username-and-password log-in prevents phishers from hacking user accounts or gaining access to company credentials. Safer alternatives, including multi-factor authentication and passwordless/phone-centric log-in, are much harder to access remotely. For example, humanID is an identity provider that authenticates users one time using their phone number, and converts it into a non-reversible hash. Then, they immediately delete it. This leaves hackers with no way of obtaining credentials or remotely accessing accounts used on the device.
Furthermore, the requirement of a unique phone number prevents bots from making accounts on your site, creating an additional barrier against DDoS attacks and scraping attempts.
- Employees at all levels can be targets of phishing and malware attacks. New hires, who may not know the company culture well enough to differentiate abnormal emails and requests, are especially at risk. Therefore, educating employees on how to stop phishing and spot suspicious emails is crucial.
- Many cyber threats can be combatted with prevention technology. In particular, DDoS attacks can be prevented using load balancers, firewalls, and VPNs. For more robust protection, companies like Cloudflare and Fastlyspecialize in handling this threat. Malware detection can also be aided by technology, with anti-virus software capable of scanning files for danger before they are downloaded.
In the modern age, no business, regardless of size, is completely safe from cyber attacks. Therefore, it is up to companies to take measures to protect their users, employees, and business from threats like phishing, malware, and DDoS. Preventing these cyber attacks requires policy and technology updates, employee education, and secure authentication methods like humanID.