Interest in cyber coverage is at an all-time high, and those who previously thought it a luxury — or not a necessity — are taking a much closer look at their exposures.
1. Brute force attack
A very sophisticated software or algorithm which is written to do whatever it can to attack your system — by searching for vulnerabilities — and in many cases, attacks a password-protection mechanism.
The brute force attack will use a specially designed software to go through hundreds of thousands of different words, combinations of words and numbers to try to crack your password, They will even go through every word in the dictionary to see if they can access something like a password.
2. Social engineering/cyber fraud
If you’re in the treasury department, and I send you an e-mail that looks like it’s coming from the CEO or CFO requesting that you ‘wire funds on the merger acquisition that we have pending, I would like that money wired today — this is your authorization to get it done,’ whoever is working in that accounting or treasury department will wire the money.
They’re not attacking your system, they’re attacking individuals, and the company’s wire-transfer policies and procedures: We’re seeing a prevalence of that today, and that’s significant because the losses tend to be in seven figures. This type of attack doesn’t target data, it targets the money and once it’s transferred it’s unlikely that you’re able to retrieve that money.
3. Distributed Denial of Service attack (DDoS)
This happens when a server is overloaded with connections, with a goal of ultimately shutting down the target’s website or network system. This is just where [hackers] are overloading your system, hoping it will shut down your network and you will not be able to operate your business.
4. Phishing attacks
Phishing is perhaps the most commonly reported form of cyber attack and keeping up with the methods of some phishing attacks is proving to be very difficult.
There are various types of phishing attacks and the type that is used usually depends on the industry. Hackers send out hundreds of thousands of emails [with an attachment or link] hoping that someone will click on them, that’s the hacker’s means to access your system. Once you open it, you’re giving them access to your computer system and the information on it.
Once they’re in, then they’re able to really attack the software’s vulnerabilities, whether it’s personal passwords, firewall or lack thereof, or unpatched status security software.
5. Malware, spyware, ransomware
Each of these types of attack has its own objectives. Any one of those is an attack on your software, your systems, your theft prevention software — getting access through any one of the malware type of attacks.
It’s basically a malicious software with the intent to gain unauthorized access and that could include viruses, spyware and more recently, we’ve see ransomware where they’ll lock down your system and essentially say ‘we have your data, if you want it back you’re going to pay a ransom and we’ll let you gain access back to your information.’ There are also Trojan horses and key loggers that track keystrokes to gain access to passwords or gain access to your system.
If the malware is introduced into your system, it will cause the intended damage, and that intended damage could be erasing all the information contained on your hardware.
Other types of malware target individuals who probably aren’t with the IT department and may not have the same level of sophistication or even paying attention, he noted. You’re busy, you get an email, you don’t pay much attention to who it’s from or if it’s an accurate email address, you click and allow them access to your system. It’s as simple as that. Whether it’s a link or an attachment, you basically provide that malware into your system, which will then accomplish whatever the objective is.
As for spyware, hackers introduce a software into your system that looks for the simplest form to track keystrokes to get passwords or electronically spy on your network, whether to gain access to confidential information or spying in order to gain access to unidentifiable information.
A “worm” is similar to a virus but it spreads differently. In order to affect your files, a worm eats into your system and runs on its own. If a worm is introduced into your system, it could replicate by resending itself from your system to everyone in your contacts list; so one person lets it in and then it just compounds itself; depending on how it’s written, it could get back to every contact on your list.