It’s October and the Halloween season is in full effect! Witches, zombies, ghost, and cyber threats? That’s right, cyber threats. October is National Cyber Security Awareness Month, and I’m going to list some of the common cyber threats that plague the cyber world today.
Phishing– One of the most common cyberattacks today is phishing. The goal of this attack is to gain important information from an unsuspecting user. For example, you may receive an email from your bank asking you for your PIN, account number, or password.
Phishing emails are designed to look legitimate, but it isn’t really from your bank. A lot of times, the text in these phony emails instills a sense of urgency to release this information. Attackers will use words like “urgent”, “immediately”, and “important”, along with phony due dates. This is to induce the illusion of time constraints. Phishing emails will have threats of repercussions if the desired information is not submitted. This is another way an attacker can further manipulate the victim into giving away private information.
Attackers will include false links to malicious websites designed to steal your information. The imposter websites themselves are often designed to mimic a known legitimate website. Ways to avoid falling prey is to contact your bank directly to verify the validity of the email, ignore/report the phishing email, and inspect the email as often phishing emails contain typos or inconsistencies.
Password Attack– Another type of attack is the password attack. Two types of variations of this attack are the brute force attack and the dictionary attack. The brute force attack uses every possible combination of letters, characters, and numbers to try and crack the password. Imagine a human trying to do that? 1111, 1112, 1113, it’s not happening! Dictionary attacks use an existing compilation of passwords to try and gain entry to a system or sensitive data. Usually, the passwords being used in a dictionary attack have been stolen from previous attacks.
A good way to thwart a password attack is to have a long and complex password, use CAPTCHA, avoid common passwords, and limit the number of password attempts that can be made. Also, use common sense when it comes to your password. Don’t write it down and leave it in the open, under your keyboard, or share it with others.
Denial of Service– A Denial of Service attack or DoS happens when an attacker overloads a target system or resources with bogus web traffic. Sometimes this forces the system to shut down and prevents legitimate web traffic from coming in. There are different variations of the DoS attack. There are Distributed Denial of Service (DDoS) attacks. A DDoS attack achieves the same goal as a DoS attack, but it uses more than one machine while performing an attack. Occasionally DoS attacks are not used maliciously but as a form of protest.
Social Engineering– Imagine that you work in a big corporate building with hundreds of employees. The building requires keycard access. You walk up to the door and swipe your card and, following behind you is a man on crutches. Your first instinct is to hold the door open for him. He has what looks like a card in his hand. He smiles and says thank you as he enters the building. Later in the day, you learn there has been a security breach in your building. Sensitive data has been copied. Now security is questioning you while showing you surveillance video of yourself letting the suspect into the building. You have been a victim of social engineering. Social engineering has been one of the more successful techniques for obtaining sensitive data as it relies on manipulation rather than technical skill. Instead of targeting a machine, it takes advantage of the human element. Social engineering comes in many different forms. Phishing is an example of social engineering.
For more information about Cyber Security Awareness Month, please visit: https://www.cisa.gov/national-cyber-security-awareness-month
Disclaimer: This blog is in no way an authority on cyberattacks and should not be used or interpreted as one. It is simply an informative blog listing different types of known cyberattacks used today. For more information on cyberattacks, please check peer-reviewed resources at the Mary and Jeff Bell Library or on the internet. Thanks.
