Cyber Attacks: What they are, why they happen, and how do we handle them
By: Jennifer Yeagley
As someone newer to IT security, I wanted to learn all about security risks and types of attacks that are going on. The news is constantly bringing up different attacks that may or may not be supported by other countries, and it all seems a little scary. So, delve into the deep end (or the shallow part where we must stand on tiptoes!) to understand more about cyber-attacks, why they are happening, and what we can do about them.
What are the different types of cyber-attacks and why does it matter?
First, to answer this question, there are too many types and nuances to the types to really go full in depth here (tiptoe depth, remember?). So, here are some of the main types and why they are a problem.
1. AI powered attacks – This is the newest form of cyber attack that has been released with the widespread growth of Artificial Intelligence (AI). This type can take on many different forms that are only related by the fact that they are powered by AI. You can have AI that is generally trying to work through the system and trick it into malfunctioning or opening you up to vulnerabilities that you didn’t know were there. You can have chat bots or virtual assistants that seem like a real human being, but they trick you into giving your identifying information. There are also “deepfake” types that create realistic pictures, video, and audio. These can be planted to sway opinion or even fool you into thinking someone you know is in trouble. Belief in these will often cause you to give away information that you would normally know you should not.
2. IoT (Internet of things) attacks – Your system is no longer just a computer connected to a router that goes to the internet. Your system now includes so many devices that they named it IoT. Think phones, computers, tablets, printers, cameras, appliances, smart watches, GPS systems, or even your thermostat! If these are connecting to your network, they are points of attack, and they tend to be more vulnerable than your server. We think it necessary to put passwords on our server, but not on the thermostat, which is now a new way for the bad guys to get in.
3. Malware – Malware is “malicious software” that takes on many forms. Malware can lock your system, delete your files, track your keystrokes, and more. While they are all bad, ransomware is a particularly nasty piece of malware. Ransomware completely locks your system by encrypting your data unless you pay the ransom to the owner of the key. Without the key to unlock the encryption, you have nothing. The FBI has taken the stance that no one should pay the ransom on the basis that paying does not ensure the bad guys will remove the ransomware. However, looking at this as a business model, the incentive for hackers to release your system is to keep the funds flowing for future attacks.
4. Denial-of-Service (DoS) attacks – I find these to be interesting. There may be financial gain to some of these, but for the most part, someone is just trying to be disruptive. One common form of this is creating massive traffic on a website so that it effectively shuts down. This happens naturally (Amazon days, anyone?) when the system cannot handle the traffic, but in DoS attacks, the system is overwhelmed by the number of fake accessors.
5. Phishing – Usually taking the form of email, phishing is what it sounds like. There is a cyber attacker who is casting out a line to see who will bite. You are being asked to click on something that loads malicious software onto your computer, or you are being asked to provide sensitive information like login credentials. If in doubt, do not click on anything in the email, respond to the text, or provide information over the phone. For example, your electricity supplier emails that you need to log in and fix something on your account. Just go directly to the website and bypass links in the email!
6. Spoofing – There are people who take time to make the fake look real! An email came from a trusted source, but did it? The website looks legit, but is it? Spoofing relies on people seeing what they want to see instead of what is there. www.eaglesecureesolutions.com looks like a completely legitimate web address until you realize that there is a second “e” after secure. jenifer@eaglesecuresolutions seems like a credible email address until you realize that “Jennifer” has two Ns. In spoofing, the cyber attacker is looking for you to trust what you see to the point of releasing your information to them.
7. Insider Threats – Last, but most potently, your worst cyber attacks rarely come from a faceless stranger. Most organizations are most susceptible to the attacks that come from within. Some are not even meant to be attacks, but human error generating data loss or data leaks that are critical to an organization. However, too often, organizations have faith that someone is going to do the honorable or right thing. Anyone remember the crux of Office Space? Stealing fractions of pennies is still a cybercrime, and it was committed by otherwise good employees.
What is the point of cyber-attacks? What is the gain for the attackers?
1. Disruption and control – One of the main goals of cyber attacks is to cause disruption and show control over someone else. Remember the DoS attacks? There is often no other gain than to block traffic and disrupt the normal function of a system. It is the “I have control and you don’t” way of thinking.
2. Fun – The movie or show with the genius hacker that got through all the Pentagon’s firewalls in 5 minutes…not happening, but there are those out there who try to do something just for the fun of it. Usually, the consequences of such attempts are enough to sway most from trying it.
3. Insider information – There are those that will try to get a competitive edge by gaining information like trade secrets or orange crop projections for commodities trading (Trading Places, anyone??).
4. Money – Like most jobs in life, the hacker is not doing this for anything other than money. Don’t be fooled, this is seen as a job to most cyber attackers out there. Whether they are hired by a company, sponsored by a foreign country, or simply in business for themselves, there is money as a driving force.
So, what can we do?
Thankfully, there are more good guys than bad in the world, so there are many tools at your disposal.
1. Cyber Security – Yes, you may need to spend the money and take the time to protect your systems. An unprotected system is going to get infiltrated. It is not a question of if, but when. You have to take steps to set up a secure system that includes the following:
a. Network Security – firewalls, intrusion detection, and encryption
b. Software and Device Security – updating software and operating systems, using passwords (different ones for everything!)
c. Information Security – using access controls, encryption, and backups to maintain information integrity
d. Operational Security – having policies and procedures surrounding IT use, teaching best practices, and creating audits and frequent checks to ensure compliance
2. Cyber Resiliency – It is not enough to secure your system; you have to prepare for the possibility it will be compromised despite your best efforts.
a. Backups – There is a new philosophy on backups, 3-2-1. Keep 3 backups of critical data, 2 on different types of storage media, and 1 offsite (like the cloud). This strategy helps prevent catastrophic failure most of the time.
b. Disaster Recovery Planning – Ok, so you have backups, but what do you do when something goes wrong? What is the plan, who needs to know, and what timeline needs to be followed? Having a comprehensive plan takes the guesswork out of recovering.
3. Take the hard road – Remember, easy often means less secure. Do you have the same password for everything or worse, do you not have a password? Take the time to do the right thing and it will pay off in the end.