Cyberattacks have continued to grow as our technology expands and evolves. These threats come by the dozen, and if you don’t know what’s happening, it can be very difficult for you to stop it.
In fact, past studies have shown a marked increase in cyberattacks over the past five years, at more than fivefold. The average cost of these attacks has also increased, with costs expected to exceed $150 million in the next year or two.
With the lucrative nature of cybercriminals, we can only deduce that this will encourage more people to venture into this illegal way of life.
The profitability of these cyberattacks is for another discussion, for now, we’ll be talking about the 3 most common forms of cyberattacks, around the world today.
1. Phishing
Statistics has put the number at around 1 million, for the number of new phishing sites created each month. Phishing scams is a major issue that costs the average mid-size company around $1.6 million per year.
Phishing is typically carried out using unsolicited emails that are designed to appear authentic. The email will contain a link to a website that looks like an authentic version of a site you’re familiar with, like your bank site or PayPal site etc. The unsuspecting victim would thus be known the wiser, when putting their sensitive information into this fake site.
Over the years, phishing scams have evolved into many other forms, like pharming, spear phishing, and deceptive phishing.
2. Drive-by Attack
Drive-by download attacks are one of the most common ways of spreading malicious files. Hackers will seek out insecure websites which they can add malicious scripts to, such scripts will usually be embedded in the PHP code. The purpose of the script may be to install a malicious file directly onto the computer of an unsuspecting visitor, or it might be designed to redirect the victim to a website that is owned by the hacker.
These drive-by downloads can occur when viewing an email, visiting a site or via a popup message. Unlike with your more typical forms of cyberattacks, drive-by attacks don’t require the victims to carry out any specific pre-determined behaviour to enable the attack. So you won’t have to open and download a malicious attachment or click on a specific button, to be infected. Drive-by downloads are capable of taking advantage of an application, web browser or operating system that has security flaws in it that can be exploited.
In order to protect your system from these kinds of attacks, you need to keep your operating system and web browser up-to-date and avoid any fraudulent websites. Stick to websites that you are familiar with, but remember that even the sites you most frequent can be hacked. You also don’t want to have too many unnecessary applications installed on your device. The more plug-ins you have on your browser, for example, the more potential vulnerabilities that a hacker can exploit.
3. Password Attack
When it comes to authenticating information, passwords are what is most commonly used, obtaining these passwords has become one of the most effective modes of attack. A hacker can acquire a victim’s password by looking around at different things on his/her desk, sniffing a connection in order to acquire an unencrypted password, using social engineering attacks, guessing or gaining access to a database of passwords. Outright guessing can be done either systematically or randomly:
- Brute-force password attacks is basically a random approach, as it works by attempting many different passwords in hopes of getting the right one. This is no different from someone trying passwords by using information related to the person, such as their name, names of pets, names of items and family members, etc.
- Dictionary attacks use a dictionary of common passwords in order to gain access to the victim’s computer and/or network. One method that is used, involves acquiring an encrypted copy of the legitimate password, then applying the same kind of encryption to a dictionary of commonly used passwords, then matching the results, to find the real password.
To protect yourself and your system from these two forms of password hacks, you must add an account lockout policy that locks a person out, after they have made a certain amount of password attempts. There are many services and plugins that you can use, to add this feature to your accounts.
–AUTHOR INFO–
Uchenna Ani-Okoye is a former IT Manager who now runs his own computer support website https://www.compuchenna.co.uk/