Cyber Threats

One of the fastest growing and longest lasting attack-styles, ransomware attack vectors are popular amongst criminals because it’s very effective and easy to implement.  Ransomware infiltrates systems and software and restricts access to data by locking the systems.  Instructions are given about payment, however, once the ransom is paid, additional data theft can occur for additional payments.  Even if a company complies with the criminals, there’s no guarantee the systems or data will be unlocked or undamaged.  Stolen data from ransomware can be exploited repeatedly after a breach has been established. 

Discover the terrifying truth about ransomware >

Spyware software is designed to stay on your computer, gather information about you, and forward that information to a third-party.  Not all spyware is malicious, some can monitor your data for commercial usage, like advertising cookie tracking.  Criminal spyware surveils activity, creates data breaches, and profits from stolen private data without user consent.

Worms are a type of malware that uses self replication to spread to other computers.  Worms stay active while replicating and exploiting automatic portions of an operating system while remaining invisible to the user.  This malware’s only goal is to replicate onto as many computer systems as possible.  Worms require no human interaction to spread, which is different than how computer viruses spread.

Trojan horse malware hides as a “harmless file” and once engaged it unpacks its payload.  There are different ways this type of attack can be used to deliver a variety of harmful attack styles.  One of the more successful and often replicated trojan horse attacks was the Zeus trojan horse (or Zbot).  This attack was a high-profile cybercrime against the United States Department of Transportation.  This particular trojan horse stole data from the US Government and was used to breach online commerce giants as well as some of the biggest financial institutions.  Copycat cyberattacks are still carried out because of the scale of success the initial attack achieved.

• Backdoor Trojans – This trojan attack type allows criminals to remotely access a computer.  Typically, this is so they can upload, download, and execute their files.
• Exploit Trojans - Specifically targeted machines get infected with these trojans, which are code designed to take advantage of a known weakness in the software, opening the door for cyber criminals.
• Rootkit Trojans -This variety of trojan attack hides malware already infecting a system, increasing the ability to cause the maximum amount of damage.
• Banker Trojans – This is a specifically designed trojan attack that targets banking information, usually personal information and online banking transactions.
• Distributed Denial of Service (DDoS) Trojans – DDoS trojans execute a programmed attack that floods requests from multiple sources with the intent of disabling a network or computer system by overloading it.
• Downloader Trojans -These are files written to download additional malware, often including more Trojans, onto a device.

Social engineering relies on human interaction, deception, and gaining a person’s trust to get access to pertinent systems for an attack.  Person-to-person manipulation is the key, finding the right individual with the necessary credentials for the targeted system.  There are a number of common attacks that are still very successful.

• Phishing & Spear Phishing: Phishing is a wide range attack.  An attacker sends out a spam email scam to thousands of random email addresses at the same time.  Criminals use a “ticking clock” urgency to help manipulate the target into following the email’s instructions.  This directs them to open an unsecure attachment, web link, or tricking them into entering their personal information, such as credit card or social security number.  The goal is that within those thousands of emails sent, there is at least one successful response. 
   
  Spear phishing is a more direct attack method.  Like phishing, it sends out scam emails, however, these emails are socially engineered to appear as if they’re a personal or business source.  Scammers can use social media accounts to gain information about their intended target and they’re able to “personalize” a message directed at them.  This makes the success rate much higher because the target believes they’re responding to a personal contact.
• Baiting: Phish bait is a cyber “bait and switch” scheme.  An email sent from a real company, which looks like a legitimate communication.  The scammer is actually using that as a decoy to trick the target into believing what they’re responding to is actually from the reputable company.  Emails are sent from that company but under the supervision of a compromised system, which the bad actors use as camouflage.  They mine the responses from these emails for the requested sensitive information and then exploit that info.
• Vishing: This method goes one step further, where the criminal makes a voice over internet call to the target.  Instead of the standard scam email, this bad actor tries to get private, personal information directly over the phone.
• Smishing: Cell phones are susceptible to malware just like computers.  SMS texts can be used as phishing attacks, known as “smishing” and can infect phones.  Scam links and corrupt attachments can be sent from an unknown number with the hope that the victim will open them, exactly like email phishing.

A cyberattack that mimics a company’s outside partner or supplier can trick that supplier’s customers.  They use the already established business relationships and credibility to attack their customers as a group.  This is a supply chain attack, an attack that targets the weakness of an entire supply chain rather than individuals or single companies.  These attacks compromise a vendor, gain access to their customer list, and launch an attack against them.   
 
This system can use malware to steal data, alter records, delete files, and even spy on customers and deploy harmful software against them.

“Man in the middle” attacks happen when a perpetrator positions themselves between two users or applications.  This method passes the data through the criminal in between the  communication lines, similar to eavesdropping.  Sensitive information is “handed off” to the criminal in the middle, who duplicates it, and then passes it to the reputable recipient.

A Denial of Service attack is used to overwhelm the attack target with a massive influx of internet traffic, which would overload the system and crash it.  Denying services through false internet traffic prevents customers and business from resuming transactions per usual.  These attacks can be from disgruntled employees or customers, hacktavists making a statement, or criminals looking for extortion or a ransom. 

When an attacker forces randomized coding, queries, or programs inputted into an application to cause an unforeseen coding malfunction, this is considered an injection attack.  This attack is meant to force open the public facing application (like an online form or log-in box) when a large volume of automated, randomized coding is put into those information boxes.  This coding can disrupt the standard entry point and create programming reactions that can cause problems and uncover vulnerabilities that bypass security measures.

• SQL Injection: Structured Query Language (SQL) injection attacks are when an attacker exploits an application entry point causing it to damage itself.  The attack finds programmatic defects by injecting coding or characters into the input sections.  This can create undiscovered, unexpected reactions and may result in the application divulging additional vulnerabilities and sensitive data.  It’s incredibly difficult to defend an SQL injection attack once the targeted application is launched.  Pen testing, using dynamic application testing, and a black box fuzzer tool can help uncover these application code abnormalities before it’s deployed to the public.