Cybersecurity: You are under attack every day!

Cybersecurity: Types of Attacks

You may click on a malicious link that was disguised as safe, or you may be victim to cross-site request forgery (CSRF) attacks, in which an attacker impersonates you on various applications. The Internet is full of hidden and potentially malicious links, pages, and code.

Malware, short for malicious software, is a computer program designed to infiltrate and damage computers without the user's consent. It is used as a general term to cover all of the different types of threats to your computer's safety such as viruses, spyware, Trojans, etc.

A virus is a piece of code that can make copies of itself and corrupts the system or destroys data. A virus is a type of malware that is able to spread between computers, usually with the intention to cause operational issues or data leakage. It can spread via networks, physical drives, and email. If your computer is infected with a virus, it may run slowly, produce unwanted pop-ups, close computer programs spontaneously, send mass emails from your email account, or crash unexpectedly.

Spyware is software that "spies" on your computer and takes information. It can capture information like web browsing habits, email messages, usernames and passwords, and credit card information without the user's knowledge or consent.

Ransomware is a type of malicious software designed to block access to a user's computer system until a sum of money is paid. An attacker may steal your data and refuse to return access to it without a payment, for example             .

Phishing is a form of social engineering, in which attackers send fraudulent messages to manipulate users into giving up personal or sensitive information, such as usernames or passwords. It is most often accomplished via email. The email appears to come from a bank or other service provider. It usually says that because of some change in the system, the users need to re-enter their usernames/passwords to confirm them. The emails usually have a link to a page that looks almost like that of the real bank. However, the login is false, and will not give you access to your banking account. It will record the information from your login.

Spear Phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. The attacker fraudulently sends emails, ostensibly from a known or trusted sender, in order to induce targeted individuals to reveal confidential information.

A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate or harmless but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or inflict some other harmful action on your data or network.

A Denial of Service (DoS) attack can make a machine or network resource unavailable by temporarily or indefinitely disrupting services of a host connected to the Internet. DoS is usually accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

An insider threat is a threat that comes from within your organization. A disgruntled employee may delete or steal sensitive data or a member of your organization could unintentionally misuse their access to networks, systems, and data. Insider threats are particularly dangerous because of the attacker's detailed knowledge of the organization and its security practices.

Cybersecurity: Root Causes of Attacks

  • Negligent employee or contractor
  • Third party mistakes
  • Error in the system or operating process
  • External hacker attacks
  • Malicious insider
  • Rise of remote work during and after the pandemic; significant vulnerabilities have been revealed that only make it easier to carry out such attacks