2018 Cyber Security Threats – Types of Attack
Posted: Lee @Intrasource
Over the past 12 months, we’ve seen the rise of ransomware, with WannaCry, Soft Targeting, Petya, NotPetya and Goldeneye, whilst cyber criminals have exposed voter records, hacked presidential campaigns, and compromised data in businesses across the UK including Wonga, Three, Debenhams and Lloyds. There are plenty of reasons to be worried about cyber security.
Knowing about the latest threats and staying up to date with what’s happening in the world of cyber-security is one of the best ways to protect your business. In this post, we breakdown some of the top cybersecurity threats facing UK businesses right now, and over the year ahead – and look at how you can avoid them.
Phishing & Spear Phishing
Phishing attacks - where the goal is to trick you into hand out personal or confidential information, like account passwords, sensitive data and security credentials, have never been more prevalent.
These are nothing new and whilst many are easy to spot, phishing attacks are becoming more and more sophisticated and difficult to detect. In spear phishing attacks, emails are sent – apparently from a trustworthy source, such as a bank or business, asking the recipient to click a link, which then leads to a bogus site aimed at stealing valuable data or infecting systems with malware/ransomware.
Whilst spam filters and email security programmes are effective at stopping some phishing attacks, more sophisticated efforts may find a way through. Employee education and cyber-security training can help to ensure that your business doesn’t become a victim. Enabling 2 factor authentication on key accounts will also help to protect your organisation should passwords become compromised.
In a Distributed Denial of Service (DDoS) attack, high volumes of traffic are directed towards a website, in an attempt to knock it offline. Attackers build up large networks of infected computers and connected devices (known as botnets) through spreading malware, before using them to flood the website with more traffic than it can handle.
With the number of unprotected internet connected devices and the rise of the internet of things – it’s now relatively easy for cyber-criminals to create large botnets, sometimes millions of machines strong, and this will continue over the year ahead.
It’s hard to prevent DDoS attacks from happening, but the right DDoS mitigation appliances and servers will help to withstand attacks and minimise the impact, reducing costly downtime of online services.
The past few years have seen a real increase in the prevalence of Ransomware – a type of malware that blocks access to systems or encrypts files, locking them away until a ransom is paid to the attackers.
Ransomware isn’t going anywhere! The rise of hard to track cryptocurrencies, such as Bitcoin and the emergence of truly untraceable currencies such as Monero make Ransomware attacks and inviting prospect for cyber-criminals in 2018.
Protecting against ransomware requires a multi-layered approach – including effective antivirus and anti-spam solution, alongside a secure back-up and disaster recovery system. Having an automated back-up system will ensure that should important data be lost or destroyed by ransomware, you’ll still have a safe, unaffected copy elsewhere.
Out of date and unpatched software can create unwanted and inviting backdoors in any cyber-security system – and the vast majority of organisations are lax when it comes to patching.
Whether it’s an out of date browser plug-in or an old copy of Adobe Reader that hasn’t been updated – these create chinks in the cyber-security armour that can easily be exploited.
It’s an old problem, and one that isn’t going away any time soon – but the solution here is simple. Become one of the few organisations that keeps everything up to date!
Advanced Persistent Threats
In APT attacks, cyber criminals gain access to a network, then stay there undetected for an extended period of time, with the aim of stealing data.
The core aspect of an APT attack is maintaining access to systems without discovery. APT attacks can be very complex, and may involve a range of social engineering or spear phishing attacks to gain a high level of privileged access.
Protecting against APTs comes down to having a comprehensive security system in place – constant network monitoring, intrusion detection, incident reporting, network segregation, data encryption, software patching and application white listing can all help to mitigate APTs.
Comprehensive Security and Protection from Intrasource
It’s a dangerous world out there, and this list is by no means comprehensive – in 2018, you’ll also need to stay vigilant for a range of established and emerging cyber threats, including:
- SQL injections
- Cross-site scripting
- Password guessing
- Brute force cracking
- Social media threats
At Intrasource, we are IT security specialists – working with businesses of all sizes, and in every industry across the UK to provide best in class protection.
Providing a comprehensive, truly bespoke service, we will work closely to understand you existing systems, infrastructure, working practices and requirements, before implementing an effective multi-layered system to protect your business.
Find more information and IT security news here.