Digital Dangers in Cyber Security; Threats and Attacks.
Nowadays, we all need to be on our guard against cyber threats.
Everyone who interacts with the internet – even in tiny ways – should know about the digital dangers that are lurking and how to stay safe. Cyber-vigilance is frankly a must for everyone, not just those in IT.
Yet, as with most things tech-related, there is a lot of complex jargon within the field of cyber security. So, let’s break down some of the more common terms into plain English…
A botnet is an online network of infected devices which are controlled by a cybercriminal to collectively orchestrate malicious attacks. This activity usually takes place without the device owner/user’s knowledge, but gives the criminal extra, decentralised computing power to carry out things like mass spam campaigns or Distributed Denial of Service attacks.
A breach is any incident where digital data or systems are accessed, infiltrated, or tampered with in ways that their controller/owner hasn’t authorised. Breaches can occur through hacking, phishing attacks, extortion, or even theft of physical storage drives.
A brute-force attack is a very basic kind of cyber attack where a criminal fires numerous, random usernames, passwords, and other values at a login page (or some other kind of authentication step). They do this in the hope of successfully gaining access to the system or otherwise gaining some insight as to how to do so. Criminals usually rely on automated, AI tools to carry out password spraying – doing so manually would be a lot of effort!
Code injection is a kind of cyber attack where the perpetrator introduces their own nefarious code into a piece of software or a webpage by using a legitimate text box or input method. Using this code, they attempt to “escape” the safe boundaries of the input functionality in order to maliciously affect the site or software in question. SQL injection and cross-site scripting (XSS) are two examples of code injection methods.
Distributed Denial of Service (DDoS)
A Denial of Service attack is where cybercriminals flood an online or networked resource (e.g., a server or a website) with requests, causing that resource to slow down or stop working. DoS refers to the concept as a whole, and to attacks where the requests ae coming from a single source. DDos refers to attacks where the requests are coming from numerous sources, usually devices that have been recruited into a botnet.
An exploit is a software program or command which is designed to take advantage of a specific flaw or bug in another piece of software, usually for nefarious purposes. What the exploit actually does depends heavily on the nature of the exploit (and indeed the nature of the software and the bug being exploited), but exploits can try to take control of a device, recruit devices into botnets, steal data, spy on the user, and countless other foul deeds.
Fileless malware is a kind of malware that doesn’t rely on traditional computer files to enact its harmful effects (“execute its payload”). Instead of being stored and run from an infected file on a drive, fileless malware is stored and executed from a computer’s RAM (its operating memory). This makes fileless malware much harder to detect and quash, but RAM generally does “empty” when a device powers down. One time when “turning it off and on again” is a lifesaver!
Short for “malicious software”, malware refers to any kind of software, code, or exploit that’s designed to cause harm, or with some kind of nefarious intent in mind. Some common examples of malware include:
- Ransomware – Malware that’s designed to render systems inaccessible, unusable, or unsalvageable until a payment is made, effectively holding that system to ransom.
- Trojan– Malware that’s made to look like a legitimate or harmless file, but secretly contains dangerous code.
- Virus – Malware that can infect system, deploy payloads, they replicate themselves across devices, yet it’s dependent on human interaction to become active.
- Worm– Malware that can infect a computer and spread totally independently, without any kind of human interaction.
Man-in-the-Middle Attack (MITM)
A Man-in-the-Middle (or Person-in-the-Middle, PITM) attack is where a criminal intercepts traffic flowing between two points with the aim of “listening in” on communications or altering them in some way. Understandably this can have numerous dastardly uses, but can include passively listening in on traffic from other devices; eavesdropping on online payment portals for financial details; or actively tampering with a conversation between two or more parties.
Penetration testing or “pentesting” is the act of hacking an organisation’s system, ethically and with their explicit authorisation in order to discover their potential cyber weak spots. Pentesters use the same kinds of tricks as criminals do to circumvent security measures and compromise business-critical systems. However, they don’t do the organisation any harm, simply reporting on the security failings they find so the organisation can take action.
Phishing emails or messages are fraudulent communications which aim to get the recipients to divulge sensitive details or provide unauthorised access to a system. These messages commonly use social engineering psychology to convince the recipient to carry out their request. Phishing generally refers to attacks sent over email and online messaging platforms, but the same concept can be applied to other methods of communication:
- Smishing – refers to phishing-style social engineering attacks over SMS text message.
- Spear phishing– refers to targeted phishing attacks that disguise themselves as coming from a close trusted source, e.g., a colleague or manager.
- Whaling – refers to specific spear phishing attacks that target high-profile or high-ranking victims within an organisation.
- Vishing – refers to phishing-style social engineering attacks carried out verbally over the phone.
Sandboxing is an automated security practice whereby unknown, potentially malicious files are opened and run in a completely separate digital environment to see if they act in an unexpected way or deploy any kind of malicious payload. If a file is deemed safe, then the network’s users will be able to access it. If the file does do something unforeseen or potentially damaging, users will be blocked from downloading or accessing it. For more about sandboxing, check out our article, “What is Sandboxing?”.
Shadow IT refers to any kind of IT hardware or software that has been installed without authorisation from the IT department. This can refer to IT that has been innocently installed by non-IT team members, but it can also refer to IT that has been introduced in order to cause harm. Any kind of unvetted IT can expose security and functionality issues, even when purchased from reliable vendors, so always discuss your needs with your IT team directly.
Zero-day attacks, exploits, or vulnerabilities are security flaws that are not yet known to cyber security service providers but are still “out in the wild”, possibly being used by cybercriminals for nefarious purposes.
Worried that you may not be able to fend off some of the threats discussed here? Don’t worry, just book a free cyber health check with us. All you’ll need is about an hour of your time, a moderate knowledge of your network, and an open mind! There’s no obligation to buy, and we try to suggest changes to your existing set up wherever possible. Book your health check today – just drop us a line or call 0808 1644414