Apart from the security attacks that you should be aware, of there are other cyber-attacks that you are likely to face in your day to day activities. If you are not careful, you might underestimate or ignore an attack that really poses a great risk and even open more vulnerabilities.
The best thing is to prevent the attacks before they happen. Below are some successful and most common cyber attacks that you are likely to face.
Phishing attacks
These are the most common cyber attack which you must be prepared to encounter. Phishing remains to be at the top of cyber security attacks as chances of getting them are still high. Currently, you won’t miss a spam email in your inbox as their percentage is around 60 to 70. Even though today’s email services and anti-spam vendors have put mechanisms to filter them out, you will still get spam emails. Attackers have also advanced in that spam emails now look like legitimate emails. Some even warn you about spam emails but again present you with a link designed to trick you and then steal your login credentials.
Fortunately, you can lower the chances of being a victim of spam message using the following countermeasures. The first thing is to make sure that you don’t open any spam message unless you know where it is from. Examine any new email in your inbox before opening any links or attachments. Ensure you use strong usernames and passwords combinations of at least 12 characters long. Additionally, don’t use the same credentials for all of your accounts. Also use access control mechanisms such as smart cards, biometrics, and two-factor authentication. Access control credentials can’t be given away and hence are hard to steal.
Engineered malware
Popularly known as Socially Engineered Malware (SEM) attacks. These are attacks that often trick users into downloading and installing software that turns out to be malicious. The software may look legitimate but once downloaded, it delivers a payload of other malware that may compromise the security of your device even of a network as a whole. Attackers can deliver SEM attacks in many ways, for smaller attacks, they may put up a website that looks familiar to the ones you visit often. These attacks can be magnified if the attackers use referral links for more traffic. For bigger attacks, they may compromise a legitimate website, but this is hard nowadays. A simpler option to use is mal-advertisement.
Mal-advertisement is done by a trojan that looks like the real thing. Mostly, the trojan pops up as an update. A good example is the Bad Rabbit ransomware; the SEM attack posed as an Adobe Flash update. This fake update acted as a dropper as it was a carrier that used to inject the ransomware into victims’ devices.
The best way to counter SEM attacks is through cybersecurity training and end user’s education. The training enables one to know how to identify a SEM attack before a disaster happens. Another way is to use reputable antivirus programs and malware protection tools. These tools will even block you when you are trying to access compromised websites.
Advanced persistent threats (APTs)
Almost every major organization has suffered from advanced persistent threats in a one way or another. The best and successful way attackers use to facilitate this attack is through socially engineered malware, trojans, and even phishing attacks. In most cases, the kind of phishing is more advanced, spear phishing; sending phishing attacks to many employees of a particular corporation. This increases the chances of the ATP to materialize. If an employee doesn’t know how to identify or even counter phishing attacks, he/she might allow the ATP into the organization. Once executed on one machine, the ATP or the attackers can take over/down an entire organization in few hours. Even the security team will realize when it’s too late. Most ransomware are also ATP attacks.
Cleaning up after an ATP is the most difficult tasks a security team or an individual can go through once the attack has happened. Earlier on, it was difficult to prevent and even detect ATPs but not anymore, thanks to the recent ransomware attacks. Many vendors are now filling the void with services and products that are specifically built for detecting ATP attacks. Like an intrusion detecting system, they will look for ATP signs and alert you. You can also control what is allowed to go in and out of your system. You can control where to receive traffic from. Also, differentiate internal networks from the internet.
Social media threats
These threats are easier to deploy as nearly everyone uses one to six social media platforms almost every time. As the social platforms got improvements, they allowed logins to other accounts. Threats on social media platforms pose as application install request or even a rogue friend request. Accepting these requests give attackers access to your crucial info. Unless you work in a big corporate, you are safe from these attacks as they are perpetrated by corporate attackers. Often, the attackers are not the real threat, but other parties that pick up where they left or a combination of both. Social media attackers will usually post the details such as passwords and usernames on the same social platforms.
Countering social media threats is easy; that’s through end-user education and training. This involves not sharing corporate passwords on social platforms, using strong passwords and also looking for suspicious activities in your social account and report the account.
Outdated software
Last but not least, obsolete software or operating system is the door to almost all over the above attacks. This includes other support components such as plugins and add-ins which make life easier. Before you start using any software ensure that it’s up to date. In case of devices and operating systems, ensure that they are patched to keep out known vulnerabilities and also be ready for future attacks. It is easier to eliminate many vulnerabilities to when patching programs most likely to be used since system-wide patching may not work as planned.