Cybercriminals use a number of different methods to gain access to systems, networks, and personal and business information. Each day, countless numbers of people fall victim to these attacks. In order to protect yourself, it’s important to have a broad understanding of attack methods these cybercriminals use.
The more you understand about cyber threats and how they work the better you will be able to protect you and your business. Remember the best defense will always begin with you:
- Don’t click links from unfamiliar emails or text messages
- Do not share personal and financial information with unknown sources or sources claiming to be from your bank, the IRS, etc.
- Trust your gut – whenever you are in doubt, always verify the request (in-person, on the phone through a customer support line, etc.)
Malware is any software intended to damage, disable or give someone unauthorized access to your computer or other internet-connected device.
Most cybercrime begins with some sort of malware. You, your family and your personal information is almost certainly at risk if malware finds its way onto your computer or devices.
Examples of malware include: ransomware, adware, botnets, rootkits, spyware, viruses and worms.
Ransomware is malware designed to make data or hardware inaccessible to the victim until a ransom is paid. Ransomware is often downloaded as malicious email links that damage both financial stability and reputation. With a ransomware attack there are no guarantees that you will get your data back, even if you pay.
Phishing is using fake messages from a seemingly trusted or reputable source designed to convince you to:
- Reveal information
- Give unauthorized access to a system
- Click on a link
- Commit to a financial transaction
Phishing attacks are extremely common. But while this is a simple attack, it can also have the most severe consequences. These attacks can come in the form of emails, text messages, phone calls, social media messages/posts and suspicious hyperlinks.
Physical cyber attacks use hardware, external storage devices or other physical attack vectors to infect, damage or otherwise compromise digital systems. This can include USB storage devices, CD/DVD and internet of things (IoT). These types of attacks can be easy to overlook, are difficult to identify and detect, may be difficult to remove and can do anything from installing ransomware to sending copies of or modifying information systems to dismantling networks.
Social engineering is a method cybercriminals use to take advantage of you by using information commonly available through social media platforms, location sharing and even in-person conversations. Your privacy isn’t just a luxury – it’s a security measure. Social engineering attacks can be successful with little to no programming knowledge or ability.
Examples of social engineering attacks: phishing, pretexting, baiting, quid pro quo, tailgating, inside job and swatting.
Swatting is an attack centered around location sharing in which cybercriminals call the police claiming the victim has committed a crime, such as a bomb threat, armed intruder and violent incidents. Sometimes this type of cyber attack is intended merely as a prank, but it can end in arrest or even serious injury can result. Reduce your risk by sharing your location only with trusted individuals and share vacation photos only after you’ve returned safely home.
Your location is embedded as metadata in every picture you take with your phone. Turn location services off when you aren’t using them to make it more difficult for cybercriminals to view this information.
Other avenues of attack
Internet of things, any device connected to your network, information collection, remote access, Bluetooth, open ports
Your network can be used to attack someone else; any device that stores information or is connected to the internet can be a vulnerability; assume that you are vulnerable, and take measures to understand and mitigate risk; don’t be the ‘low-hanging fruit’
Examples: smart devices, mobile phone, thermostat, vehicles, gaming consoles, printers, medical equipment, industrial systems
CyberFin is a cybersecurity Next-Gen MSSP. CyberFin actively manages the systems and data to keep out cyber criminals and provide guidance and tools for staying compliant. We have our own hand-picked tools, proprietary technology and in-house experts managing all of it for our customers. We are a holistic approach to keeping the cyber criminals and fines out of your office. Contact us today to learn more.