The most common cyber-attacks and how to prevent them

What is a Cyber-Attack, and how does it happen?

A cyber-attack is an attempt by cybercriminals to use one or more computers against single or multiple computers or networks. A cyber-attack can maliciously disable computers, steal data, or use a breached computer as a base point for other attacks.

In a cyber-attack, action is taken by cybercriminals with an outcome to benefit them. Cybercriminals launch attacks using one or more computers to strike other computers, networks or information systems. A variety of methods can be used to launch a cyber-attack, but the goal is commonly to: Steal data.

Here we look at the most common cyber-attacks and how businesses can protect themselves against cybercriminals.

1. Malware – or malicious software is any program or code created with intent to harm to a computer, network or server. Malware is the most common type of cyberattack.
2. Denial-of-Service (DoS) Attacks – a Denial-of-Service (DoS) attack is a malicious, targeted attack that floods a network with false requests to disrupt business operations.
3. Phishing – Phishing is a type of cyberattack that uses email, SMS, phone, social media, and social engineering techniques to prompt someone to share sensitive information, such as passwords or account numbers. Commonly emails are sent to download a malicious file that will install viruses on their computer or phone.
4. Spoofing – is a technique through which a cybercriminal disguises themselves as a known or trusted source. In doing so, they are can engage with the target and access systems or devices with the overall goal of stealing information, extorting money or installing malware or other harmful software on the device.
5. Identity-Based Attacks – this is when a valid user’s credentials have been compromised, and a cybercriminal is imitating the user. It is often very difficult to differentiate between the user’s typical behaviour and the hacker when using traditional security measures and tools.
6. Code Injection Attacks – consists of an attacker injecting malicious code into a vulnerable computer or network to change its course of action. 
7. Supply Chain Attacks –  a type of cyberattack that targets a trusted third-party vendor who offers services or software vital to the company.
8. Insider Threats – internal actors that pose a threat tend to be malicious. Some motivators include financial gains in exchange for selling confidential information on the dark web and/or emotional coercion using social engineering tactics.
9. DNS Tunnelling – a type of cyberattack that leverages domain name system (DNS) queries and responses to bypass traditional security measures and transmit data and code within the network.
10. IoT-Based Attacks – any cyberattack that targets an Internet of Things (IoT), device or network. Once compromised, the hacker can assume control of the device, steal data, or join a group of other compromised devices to create a botnet to launch DoS or DDoS attacks.

9 Ways to Prevent a Cyber Attack

Fortunately, there are effective and affordable ways to reduce your organisation’s exposure to the more common types of cyber-attack on systems exposed to the Internet. The following controls are outlined in Cyber Essentials, together with more information about how to implement them:

1. Boundary firewalls and internet gateways — establish network perimeter defences, particularly web proxy, web filtering, content checking, and firewall policies.
2. Use Malware protection to establish and maintain defences.
3. Patch management to identify vulnerabilities with the latest version of the software to prevent attacks which exploit software bugs.
4. Secure configuration by restricting the functionality of all devices within the workplace.
5. Put together a password policy to ensure that appropriate passwords are created, used and followed by all staff members of all levels.
6. Limit users’ accessibility to important documents and admin controls.
7. Monitor your security regularly to identify any unexpected or suspicious activity.
8. Train your staff on the risks and what to be aware of.
9. Manage an attack by putting processes in place to deal with an attack, an effective response will reduce the impact it has on your business.