Part Two: Our Guide to Cyber Attacks and how to Tackle Them
Welcome to part two of our guide to cyber-attacks, where we list the common types to be aware of, alongside real-life examples and advice on tackling them. You can jump to part one here.
Once upon a time not so very long ago, people wrote to one another. It was an era of Basildon Bond and billets-doux, before emails and texts.
Now imagine the postman intercepts a letter from Harry to Millie, declaring his love. The postman, because he’s not very nice, rewrites the letter and calls the whole thing off. Heartbroken Harry can’t understand why Millie never replied, and Millie went on to marry the postman.
A Man-in-the-Middle attack is when an attacker intercepts a two-way communication. Sometimes it’s to gather information. Sometimes, in the case of our star-crossed lovers, they’ll interfere with the communication and take it over.
After selling his home, a London man emailed his bank details to his solicitor, oblivious to fraudsters monitoring his account. Seizing the opportunity, the hackers sent another email instructing the solicitor to transfer the funds to an account owned by them instead.
The transfer went through, although thankfully most of the money was recovered.
Many business Man-in-the-Middle attacks happen over Wi-Fi. Good cyber hygiene will help you; a penetration test is a sound starting point for checking your defences and Wi-Fi protocols.
Check out our blog: Five Reasons Why Your Business Needs a Pen Test.
Drive-by attacks are a way of spreading malware. They’re known as drive-by because all the victim must do to is ‘drive-by’ an infected website; nothing else.
Cybercriminals look for insecure websites and plant a malicious script or code on one of the pages. Malicious software snares innocent visitors, infecting their computers. Sometimes visitors are redirected to a copycat site controlled by the criminals.
For obvious reasons, many organisations try to keep these types of attacks under wraps. We found this story relating to NBC, the American TV and radio broadcaster: NBC hack infects visitors in ‘drive by’ attack. For a short time, visitors to NBC.com caught a nasty strain of malware used for stealing bank account information.
A pen tester can check the security of your website. If code has been planted, please don’t assume it will be evident to your web team; it takes trained eyes to detect it.
Sadly, the first time most companies learn their website is compromised is when their customers are venting their frustration on social media. If you’re new to pen testing, check out our blog: Booking a Penetration Test? Read this First.
SQL Injection Attack
An SQL injection attack is when malicious code is injected into a data-driven application. It enables attackers to bypass normal security measures and get their hands on the database behind the app. As well as plundering your data, attackers can use these attacks as a springboard to other nefarious acts, such as taking over your operating system.
The telecoms giant Bell Canada is a high-profile example of an SQL injection attack. In 2014, its subscriber database was hacked, exposing the details of nearly 2 million email addresses and 1,700 customer names and numbers: Bell Canada apologises to customers.
If you’re worried about your cybersecurity, you’re not alone. Allow us to clear the smoke and mirrors with a free cybersecurity assessment, which will help you focus on what you need to.
Physical Social Engineering Attacks
As the name suggests, physical social engineering attacks are up close and personal. A classic example is the ‘photocopier engineer’ who tricks their way inside your premises as a precursor to a cyber-attack.
The risk to businesses is often overlooked or underestimated; we encounter companies spending colossal sums on cybersecurity while neglecting their bricks and mortar defences.
In 2018, our specialist talked his way into the very heart of one of the UK’s biggest financial institutions. Just hop over to our blog: A Day in the Life of a Physical Security Specialist. (You may have noticed we’re an IT Lab company – their clients keep us very busy too!).
If you’d like us to test your physical defences, check out our social engineering services; we love a friendly challenge!
We hope you enjoyed this two-part blog series on cyber-attacks. You can jump to part one here.
We trust this blog has got you thinking about the value of a penetration test, and how it will reduce any stress you may be experiencing around your security posture.
If you’re still navigating your cybersecurity landscape and would appreciate some help before investing in a penetration test, then why not take advantage of our free cybersecurity assessment?
What we’ll do: give you tailored advice to improve your cybersecurity. What we won’t do: bombard you with calls and try to sell you stuff you don’t need. What do you have to lose? Thanks for reading and be safe.