As business technology evolves, so do cyber attackers and their methods. 2019 saw over $2 trillion in losses due to cybercrime, according to estimates from Juniper Research, and the number only grows with each year. These monetary losses don’t just represent the ransoms paid to hackers — losses also include fines, repairs, updates and the costs associated with a loss of reputation and clientele.
Unfortunately, it’s not just large companies that are experiencing these losses — small and medium-sized businesses are seeing an increase in cyberattacks, often because their cybersecurity measures are less sophisticated than those of larger enterprises. In fact, about half of all cyberattacks are targeted at small businesses, and attacks cost those businesses an average of $200,000, which can often put them out of business.
Fortunately, there are ways to protect yourself and your business. By arming your business with a quality security system and knowledge of the common cyberattacks facing small to medium-sized businesses today, your company can minimize IT vulnerabilities and cybersecurity threats.
Table of Contents
What Is a Cyberattack?
A cyberattack, in the most general terms, is a digital assault on a computer or network. Cybercriminals use a mix of codes, programs and hardware to attach themselves to the target and work from there. The end goal varies based on the party in question, but the hacker usually works for money, which they obtain either through ransoming or selling information.
There are two broad types of cyberattacks — passive attacks and active attacks. These two broad categories of attacks are defined as follows:
- Passive attack: A passive attack is a hacking attempt where data and hardware is monitored and tracked, but no alterations are made. Often, a program or human hacker gain access to a computer or network and monitor the activity of the user, tracking emails, internet usage, and even using the system’s microphone or camera to spy on the user.
- Active attack: An active attack is a hacking attempt where the attacker attempts to alter, add or control data or hardware. This is the type of attack most commonly associated with hacking and includes attack types like Denial of Service and Malware.
While these general types of cyberattacks remain largely the same, the specific types of cyberattacks are constantly changing with technology. Regardless of the kind of cyberattack, however, CYBERShark powered by BlackStratus can detect any attack and help with cyberattack prevention.
8 Types of Cyberattacks
There are many specific types of cyberattacks being used today, posing threats from a variety of sources. Below is a list of the kinds of cyberattacks most commonly faced by small to medium-sized businesses, what they are and some cybersecurity examples.
1. Advanced Persistent Threats (APT)
An advanced persistent threat, known by the acronym APT, is a type of passive cyberattack. In APTs, a hacker or program gains access to a computer or network over a long period with the intent to gather information. This monitoring process may be done with the intent to steal information or to collect information to be used in a more extensive attack later on.
One example of an APT is the Flame malware discovered by Iran’s National Computer Emergency Response Team in 2012. This malware had infected over a thousand computers in the Middle East and North Africa, collecting information from governing and educational bodies as well as private citizens in the region. It had been spread using network connections and USB sticks and tracked audio, screenshots, keyboard activity and internet usage, among other information.
The best ways to prevent APTs are to stay on top of software patches and monitor network activity at all points of entry. For government agencies, following compliance guidelines and best practices is also highly recommended. CYBERShark powered by BlackStratus can help boost these efforts against APTs by alerting admins to any suspicious activity, collecting details and providing remediation steps to help identify, document and eliminate the issue.
Phishing is a type of scam where criminals encourage targets, via email or other online communication methods, to perform a certain action. The action the target is encouraged to do may be anything from providing information about themselves to clicking on a link to download something. Once the target completes the action, the originator of the scam can gain access to private systems or information.
Possibly the most recognized version of the phishing scam is the often-spoofed Nigerian prince scam, where one person sends an email to as many people as possible, claiming to be a Nigerian prince in need of financial assistance to gain access to his vast riches. However, phishing scams have become significantly more sophisticated over time. Now instead of sending mass emails with a generalized plea, cybercriminals are sending emails to thoroughly researched targets, purporting to be trusted sources that the target may recognize. These types of targeted phishing scams are called spear-phishing scams and make up a significant portion of cyberattacks.
Phishing scams are most easily prevented by educating staff members on cyber safety. Employees should know not to click on links or respond to email addresses they don’t recognize. On top of this base-level security measure, make sure that your security is armed with a robust monitoring system like CYBERShark, which can identify any suspicious activity quickly before the entire system is affected.
3. Denial of Service (DoS)
A denial of service or DoS attack is possibly one of the oldest and most common cyberattack methodologies. This type of cyber extortion works by denying service to a legitimate user through two methods:
- Specially Crafted Data: This method involves sending specialized data to a system that causes an error within the system, preventing the system from functioning.
- Flooding: This method involves overloading a system to slow it down so that the system is unable to function.
DoS attacks can use one or both of these methods to hold a system hostage, forcing the user to pay a fee to return the system to working order. Another distinction to make is the difference between a DoS attack and a DDoS attack — while a DoS attack uses a single computer to carry out the attack, a DDoS attack, or distributed DoS attack, uses multiple computers to do so.
A common example of DoS attacks is often found in casinos. These businesses deal with large amounts of money, which are tracked using a server during their business hours. A DoS attack may slow or stop these servers during those hours or threaten to do so if the hacker’s demands are not met.
CYBERShark helps to prevent DoS attacks by working with multiple open-source and commercial threat intelligence groups. These groups help detect known botnet sites and address where such attacks come from. If one of these known sites reaches out to a network onboarded with CYBERShark, we can pick up on this activity and provide the network administrators with attack details and remediation steps to prevent the attack from being successful.
4. Insider Attacks
Insider attacks are attacks that are initiated due to the action of a trusted internal user of a system. These users may be employees, contractors or any other internal user. Many of these insider attacks are unintentional mistakes where an employee fails to practice good cyber safety by clicking on a malicious link. However, rogue or disgruntled current and former employees may also attack the system on purpose for personal gain or revenge. Either way, internal attacks can result in stolen, lost or compromised data.
Insider attacks are becoming of increasing concern. One former engineer for Amazon Web Services hacked into a Capital One server hosted by her former employer. Her attack allowed her to gain access to 140,000 Social Security numbers, 80,000 bank account numbers and a vast amount of private information.
CYBERShark can help avoid insider attacks by tracking specific user activity and access across a network, providing you with exact logs of when they were on or off the network, the paths they accessed, and if any special privileges were applied to this specific user. Additionally, our Compliance Reporting allows us to provide several reports on user activity, including industry-specific compliance reports. Finally, our system is set up with rules to monitor internal user login activity.
Malware quite literally means malicious software. These programs are specifically designed to be downloaded to a computer without the user’s knowledge, where the software can cause serious damage or data breaches. There are many types of malware that act in different ways, including viruses, worms, spyware and keyloggers.
Malware is often used on corporate and private devices, but it is also commonly used at a government level as a form of international espionage. For example, India’s largest nuclear power plant was recently attacked by North Korean malware. This malware allowed attackers to gain control access to the plant. Fortunately, the issue was discovered and resolved quickly.
Here at CYBERShark, our systems are designed to identify malware quickly. Our systems pick up on that network traffic by monitoring the firewall, switches and anti-virus that it may have detected and passed through. Also, if that malware comes from any globally known intruder groups, our threat intelligence will pick up on that traffic and will provide you with an incident ticket with remediation steps to follow.
6. Password Attacks
Password attacks, also known as brute force attacks, are attacks in which a hacker inputs various password combinations in an attempt to access a network. This is often accomplished using automated systems such as a dictionary attack list or rainbow tables.
Because of their simplicity, password attacks are on the rise. In one case, hackers had intermittent access to software company Citrix over the course of six months in mid-2019. During that time, they removed files and information, downloaded documents and accessed sensitive customer information. Citrix only became aware of the breach when the FBI alerted them to the activity, and the extent of the breach is still unknown.
The best way to prevent this type of attack from succeeding is to implement password complexity standards and regular credential changes. The CYBERShark platform can help with detecting password attacks. We can tell you what username was used and the device or network path they tried to gain entry to. If they are successful in gaining network access, we can show you how they moved laterally across a network and where other successful logins may have occurred during the incident.
Ransomware is a specific type of malware that gathers and encrypts data and devices on a network, preventing user access. User access is only restored if the hacker’s demands are met, which most often relate to paying some type of ransom. Unfortunately, payment does not always result in access. Even if companies pay the ransom, the hacker may refuse to unlock the devices, amplifying the company’s losses.
Ransomware attacks are the kind that is most likely to keep security engineers, administrators, CSOs and other IT personnel awake at night. Ransom payments have increased 13 percent between the summer and fall of 2019, rising to an average of $41,00 per incident. Attacks are also becoming more frequent and their effects more widespread — 13 managed service providers have been attacked throughout 2019, affecting their companies as well as the clients using their systems.
CYBERShark powered by BlackStatus can help prevent ransomware attacks from harming your company. Through CYBERShark behavior correlation, IP patterning and threat intelligence groups, we can detect activity from certain known ransomware sites, as well as activity that may indicate a possible ransomware attack is imminent.
8. Man-in-the-Middle (MITM)
A man-in-the-middle attack is when a third party intercepts communication between two parties. This third party gains access to the communication then listens in or monitors activity, gaining access to any information shared over that connection, including login credentials, personal information and more.
MITM attacks are the oldest type of cyberattack and began with eavesdropping on phone lines, radio lines and other communications channels. The methods have become significantly more advanced over time, however. For example, one type of MITM attack is an Evil Twin attack, which occurs when a user accesses the internet through a deceptive Wi-Fi access point. The access point’s owner can then monitor this connection.
The best way to prevent MITM attacks from affecting your workplace is by not accessing unknown or unfamiliar Wi-Fi access points and by educating your employees on proper cybersecurity practices. CYBERShark can also assist by monitoring for unusual network behavior.
Protecting Your Business’s Network
While many small to medium-sized businesses fail to address their IT vulnerabilities until the worst happens, industry groups and regulatory bodies are ramping up their mandates to help combat the rising threat of cyberattacks against businesses and consumers. If you need to improve your security, CYBERShark provides a comprehensive solution.
CYBERShark is specifically designed for MSPs and their customers. This cloud-based managed security and compliance system can handle all types of vulnerabilities in network security and provides 24/7 managed security for businesses of all sizes. For small to mid-size businesses, our solutions provide enterprise-level security, log management and compliance capabilities, all within a price that fits SMB budgets.
BlackStratus, which powers CYBERShark, has proven to be reliable since our founding in 1999, and we continue to dedicate our business to providing quality, reliable services. Learn more about us and our CYBERShark system by contacting us today.
- 5 Impacts a Data Breach Has on Your Business
- Importance of Cybersecurity Awareness Training for Your Employees
- Guide to Detecting and Preventing Ransomware
- What is the Cost of a Data Breach?