The Looming Threat of a Cyber Attack
Glance at the headlines nearly any day of the week and you’re likely to read about a cyber attack:
- The Macy’s/Bloomingdale’s data breach of 2018
- The Equifax data breach of 2017
- The United States Office of Personnel Management breach of 2015
- Sony Playstation data breach of 2011
As people store more of their critical information online, attacks like these are becoming commonplace. We have all seen warnings about viruses or been told not to download files from emails or text messages we don’t recognize. But what exactly are cyber attacks and how likely is it that one will directly impact you? More importantly, what can you do to decrease the likelihood of being the victim of an attack?
What is a Cyber Attack?
A cyber attack is any instance in which a party attempts to gain unauthorized access to a computer or computer network to do harm. These attacks are generally carried out with the goal of obtaining sensitive data, exposing information, or destroying files. And while the attacks themselves can be quite sophisticated, usually they involve users inadvertantly downloading a file they should not have. These are just a few common ways people get infected:
- Downloading software from unreputable or unproven websites
- Using outdated versions of popular software
- Opening email attachments from unknown senders
- Using stolen software or downloading files from torrent sites
Modern technology has made the rapid exchange of information possible on a scale never before achieved. An unfortunate side effect of this is the vulnerabilities present in every single network. As networks grow and evolve, cyber threats do the same.
The Evolution of the Cyber Attack
As technology has grown, so too has the frequency and scope cyber attacks. What were once simple viruses are now often part of extravagant, well-orchestrated attacks by international crime syndicates or state actors.
Cyber attacks are often classified into five generations. The first three generations span the 1980s to the early 2000s. Cyber threats during these generations were often basic viruses or forms of network intrusion. These types of threats were curbed by firewalls and antivirus programs, a product of the cyber attacks.
In 2010 the world of cyberterror reached a turning point, with the deployment of the first polymorphic code-based attacks. These attacks allowed the targeting of specific businesses with a code that shifted during each deployment, making it harder to catch. Just like the first three generations, this code met its match with the creation of anti-bot software that could detect it.
The fifth generation of cyber attacks have been defined by ransomware, a type of attack that requires the victim pay a ransom to gain access to their own files.
Types and Methods of Cyber Attacks
Just as consumers have gotten more savvy about how they manage their digital lives, and get more comfortable with storing information online, or accessing critical services such as their banks online, so to have the criminals that exploit this trend to their benefit. While the goals of cyberterrorists can vary greatly, they often use one of several methods to attempt their attack:
- Data breach: This type of attack involves the stealing of sensitive information and is one of the more common types of attacks. Information acquired during a data breach is often sold on the “dark web”, an encrypted form of the internet that requires specific software to access. If you ever heard of the now-defunct website The Silk Road and its demise, it was an example of a more notorious site on the dark web.
- A data breach is often a form of a passive attack, during which the attacker doesn’t make their presence known and instead copies the files and information.
- Semantic Attack: In a semantic attack, incorrect information is displayed to the user without impacting the proper functionality of the system. For example, a semantic attack could involve tricking a user into giving the hacker money by convincing them they’re using a real financial site. Because of their nature, these attacks are difficult to detect and catch.
- Malware: Those shady popups and banner ads on your browser are usually a form of malware in disguise. If clicked, a user can potentially infect their system with a form of malware, leading to the theft of information. This can also lead to ransomware, which can cost a company tens of thousands of dollars.
- Distributed Denial of Service: A Distributed Denial of Service, or DDoS, is a type of attack in which an online service is rendered unusable by attacking its server from numerous services. DDoS attacks have become more common in recent years as online gaming grows. These attacks can make games unplayable for thousands of players at a time.
- Phishing: A phishing attack can be difficult for many users to detect as they rely on using what appears to be the email address of someone you know. In a phishing attack, the user will receive an email from a familiar name with an attachment to download or a link to click. If clicked, this will usually result in a form of malware.
This is not an exhaustive list of potential attacks or tactics used. The list grows by the month, with more and more threats cropping up as systems evolve and users store increasing amounts of information online.
Preventing a Cyber Attack
While cyber attacks are an unfortunate fact of life, the good news is that much of what is considered “security” involves using a handful of simple tools and making good choices. Here are a few things you can do to decrease the likelihood of becoming a victim of a cyber attack.
- Be aware of the information you make available online. Anytime you fill out an online form, remember that every piece of information you enter is stored in that company’s server. If you’re uncomfortable giving out a particular piece of information, don’t do it.
- Always look at the email address of anyone sending you an attachment. The “From” field may have the name of someone you know in it, but the actual email address will be something random and suspicious.
- Don’t overshare any information on social media. It’s not unheard of for social media to be targeted by cyber attacks, and any information you have on your profile will be fair game to a hacker. Also, be aware that many phishing attempts are made using spoofed social media accounts that look like someone you know.
- Use an ad blocker to lessen your chances of clicking anything invasive. Ad blockers will prevent malicious ads, or malvertising, from appearing on your browser at all. This makes it more difficult for you to get malware and prevents specific types of tracking. For more information on blocking ads, see our guide on how to block ads.
No method is guaranteed to prevent a cyber attack, especially in the case of a large-scale attack where millions of records are stolen. But, following the above steps can help reduce your chances and establish some great computer safety habits. You can’t put a price on safety, but you can put a price on the devastating fallout from a cyber attack.