5 types of cyber-attack and how to combat them
Pretty much everyone has heard of cyber-crime, hacking, malware, spyware etc at some point in their interaction with the internet, but what can these things really mean to the individual or organisation?
Quite a lot.
Being the victim of cyber-crime can result in a whole heap of trouble, ranging from annoying but pretty harmless right through to having your banking login and passwords stolen and used, or being held to ransom and blackmailed.
Sounds over-dramatic? No. Even the NHS has suffered such cyber-crime attacks.
Read on to discover more about cyber-crime and what you can do to protect yourself against it.
Types of cyber-attack
You may have heard of malware. This is a contraction of malicious software and the term covers a lot of nasty intruders.
These are exactly what the name implies – bits of coding which enter your system and infect it with whatever nastiness the coder wants to inject. They can also spread from your computer to any others you interact with. There are different types of virus – you might have come across the names Worms and Trojans, which are the most common forms.
Viruses can be engineered to do almost anything, at any level from prank status – irritatingly stopping your keyboard working properly for example – to completely corrupting all of your data, so you do need to take them seriously.
This is a particularly unpleasant and potentially disastrous form of cyber-attack. It has the object of literally holding you to ransom and blackmailing you into paying substantial amounts of money to save your computer data.
If your data isn’t generally that important, it may not be such a big deal except to you personally and you could wipe your system and start again. However, imagine thousands of hospital patient records, school pupil records or business data being lost, and you start to see how dangerous this can be.
This is the type of attack that over 300,000 computer systems worldwide were subjected to in May 2017 – systems including the NHS, FedEx and government systems in Russia. Once a computer or network has been infected, the malware locks up the files and encrypts them in a way that you cannot access them anymore. It then demands payment in bitcoin, a digital currency, in order for you to regain access.
This rather whimsical-sounding attack is anything but funny. The spelling harks back to the earliest days of computer hacking, when some of the hackers were known as ‘phreaks’. The “ph” spelling was used to link phishing scams with these underground communities.
Phishing involves the scammer attempting to get hold of information from you, like your online financial login details for your bank, PayPal account etc. You’ll be sent an official-looking email telling you of some disaster which is about to befall your account – it’s going to be locked, limited, deleted or whatever. Thoughtfully, the email provides you with a link to go to the site in question so you can remedy the problem.
If you click the link, you’ll be taken to a perfectly correct-looking site; you type in your login details and are told that the problem has been averted. What you don’t know is that the login details you input have been collected by the scammer, who is now emptying your account or ordering masses of online goods using it. By the time you discover the deception, they are long gone with your money.
This is a common word that most people have heard of. It’s the act of getting access into closed computer networks, usually by breaking the passwords. It’s often been portrayed as being no more than a challenging activity for young computer nerds to indulge in and gain kudos from their compatriots for. In fact, it can be a lot more sinister than that and hacks into military, government and banking networks to name but a few, can be potentially disastrous.
Hacking can also have a useful side to it. There are now companies which will use these methods to test a system’s defences for companies and organisations.
This term is short for internet robots and defines certain pieces of cyber-crime software which includes such unpleasant-sounding things as ‘crawlers’ and ‘spiders’.
These are designed to enter a system and then send back information to the originator. The information gleaned can include passwords and logging the keystrokes you make on the keyboard which can give access to sensitive sites, like your bank.
Bots can also pass on infections to other networked computers and create ‘back doors’ in systems to allow unlimited and unseen access to the system.
How can you protect yourself against all these cyber-crime horrors? Actually, it’s not that difficult to do but does take diligence.
Most of the attack forms mentioned will be introduced to your computer system in similar ways. These include:
- Emails with links or attachments
- By visiting dubious websites
- Via downloads from the internet
It’s fairly obvious what you could do to avoid these situations:
- Not interacting with emails that you’re unsure about. Never open an attachment or click a link if you’re not 100% sure the email is genuine.
- Steering clear of websites which may be dangerous – sites which offer free software that should be paid for, for example.
- Don’t download anything from the internet that might be masking something other than you’re expecting. Some unofficial movie sites can do this, for example.
- Make sure you use good, strong passwords for everything. It’s not enough to use ordinary words, or even to add a number or two. Phrases or especially several unlinked words plus numbers and punctuation marks work well, as do random sequences. If you find these hard to remember, use a password manager, then you only have one password to remember.
However, sometimes it’s not quite that clear-cut, so you need extra help:
- A good anti-virus software is a standard defence. Avoid the free ones – they’re often loaded with exactly the sort of dangerous stuff you’re trying to avoid. Go for a reputable, paid version if you want peace of mind.
- Make sure your computer firewall is in place and set it up to block intruders from infiltrating your system.
- Stick to getting program updates etc directly from the original program developer. Often, malware will be invisibly piggybacked onto perfectly safe software by unscrupulous persons, then offered as a normal update on their own site. Hunting out the official site to download from is much safer.
Possibly the most important defence of all – update your operating system and anti-virus files regularly. These updates will include measures to combat the latest viruses, ransomware and the rest of the invaders. OS and anti-virus providers are constantly monitoring the situation and work to provide resources to protect computer systems, so don’t ignore requests to apply the updates as they appear.
Outdated systems are harder to protect from cyber-crime
For schools, colleges and business organisations, regularly updating the system software is crucial. However, this can be made impossible by outdated systems not being able to support the latest software. The NHS attack was the result of using an outdated operating system and not applying the appropriate ‘patch’ to protect it.
New IT equipment is an expensive purchase, but not updating can prove to be even more costly if your system is compromised. Instead of purchasing outright, consider leasing the latest computer equipment, along with suitable software. It can be a cost-effective solution which doesn’t eat capital, and which can be budgeted for easily. Even schools, which often have very limited budgets, can benefit greatly from IT leasing for schools.
To find out more about how we might be able to help your organisation, read more about our IT leasing service.