Five Common Cyber-Attacks in Images
We considered calling this post "Five Common Cyber-Attacks for Dummies." But then, we changed the title.
The truth is, cyber-attacks happen to many people, and it's not because they're "dummies." Cyber-attacks succeed because they're really good at tricking people. We advise education as the first step to prevention, but these attacks do occur with increasing regularity.
While your IT team may, admittedly, find this list a little basic, it's likely that many end users in your organization don't deal with cyber-attacks as a daily occurrence. We've compiled a list of five common cyber-attacks, accompanied by a representative image, to help increase familiarity.
Share with your coworkers. Share with your family. Share with your friends. The better we all learn to recognize common cyber-attacks and the threats they pose, the more protected our systems will remain.
Phishing is when a hacker sends an email trying to trick you into revealing personal and sensitive data. A phishing email appears to be from a trusted source and tries to convince you to give credentials needed to access your accounts and information. Phishing emails may have malicious attachments or links to forms that look trustworthy. If you enter your information, the cybercriminals behind the attack access your account.
A targeted form of phishing called whaling is gaining popularity. The goal of a whaling attack is to trick an executive into disclosing sensitive company information. Scammers will often send emails in the name of a CEO or other executive requesting company information such as tax returns, wire transfers or account passwords.
A phishing email might look like something you want to click on, perhaps an attachment or a link to download an invoice, but be cautious. Always make sure you know the sender and are expecting the content. Otherwise, you'll be caught like the baby below, who just wanted some pizza, but was tricked with a spoonful of baby food instead.
Ransomware is an attack in which a hacker infects a device or system with malicious software, encrypts the data and holds it ransom. Data held hostage and encrypted by ransomware is basically inaccessible. Ransomware is commonly delivered through phishing emails.
Victims of ransomware are forced to make an unfortunate decision — either pay the ransom and possibly get the data back, or don't and lose the data. Targeted organizations will sometimes decide to pay the ransom because they believe this is the only way to get their data back in safe hands. The hacker behind the attack will promise to restore access to your data once you have paid the ransom, but that doesn't always happen. (Cybercriminals by nature are not honest individuals.) Another problem with paying the ransom is that it directly funds the development of new and more elaborate ransomware scams.
Of course, prepared victims can restore their systems from a data backup.
To illustrate a ransomware attack, we look to Chief Wiggum, from The Simpsons, as he attempts to recover stolen goods that he would very much like back.
3. Man in the Middle Attack
A man in the middle attack involves eavesdropping and deception. It’s when a hacker intercepts or modifies communication between two parties and impersonates them in order to obtain valuable personal information such as bank account credentials. One example of a man-in-the-middle attack is a Pineapple attack.
The information obtained through a man-in-the-middle attack can be used for many purposes including identity theft, wire transfers or gaining access to accounts through passwords.
The grocery list image below shows how a man-in-the-middle attack works. One person makes a grocery list, but their child intercepts it and alters the information to advance their own agenda (that of acquiring more toys, of course.) Another example of a man-in-the-middle attack would be if your mailman opened your mail and copied the information then resealed your mail to look like it was never altered.
4. Denial-of-Service (DoS)
Denial-of-Service (DoS) is an attack in which the hacker overwhelms a device or network with traffic until it is unusable. DoS attacks will render an organization’s online services such as websites, email and bank accounts useless.
This toll booth traffic jam represents how a flooding DoS attack works (specifically, this would be a Distributed Denial of Service Attack, or DDoS) and how frustrating it can be. The incoming cars represent the “traffic” sent by the attacker to overwhelm a server. In this case the victim’s server is the toll gate that is trying to process all the traffic. As you can see the toll gate is not functioning as it should due to the high amount of traffic, creating a big mess on the other side. In an office environment, a DoS attack presents a huge roadblock in your ability to get any work done.
A Trojan Horse is a type of malware that hackers use to secretly gain access to your computer and install malicious code in your system. Much like the Ancient Greek story, a Trojan Horse will appear to be some useful program that you want to download, but it will actually give a hacker control of your system. The Trojan Horse can hide on your computer and complete malicious tasks like stealing your personal information or files, logging your keystrokes and potentially destroying your computer.
Trojan Horse attacks can be tricky, as they are dependent on the user downloading the malware. A common method used to spread these Trojans Horses is through email attachments (another common phishing ploy). There are several things you can do to protect yourself from a Trojan Horse, including never downloading attachments from unknown senders and installing antivirus software that can scan downloaded files.
Because the Trojan Horse is already a known illustration, we thought this image with computer-related labels would help explain:
We hope this got you thinking about the various ways hackers can trick you.
Loffler's IT Solutions Group is a trusted cybersecurity partner for many organizations. Whether your organization is large or small, has full-time IT staff or not, we can help keep your organization secure.
Have an additional type of attack you'd like us to add to this list? Tell us in the comments.
Kaela Seay is a Cybersecurity Analyst at Loffler Companies. Her duties at Loffler include creating internal and external documentation, implementing cybersecurity campaigns and training, running audits to ensure security and drafting policy templates. Outside of work, Kaela enjoys spending time with family and friends, traveling and reading.