SHOW
As technology continues to advance, cyber attacks have become more sophisticated and prevalent. Here are some of the most common cyber attacks to be aware of:
Shorthand for malicious software, malware is an application written with the intent to cause damage to systems, steal data, gain unauthorized access to a
network, or wreak havoc. Malware infection is the most common cyberthreat that organizations face. It’s often used to steal data for financial purposes, but can also be applied as a weapon in state-orchestrated attacks, as a form of protest by hacktivists, or to test the security posture of a system. Malware is a collective term and refers to a number of malicious software variants, such as trojans, worms, or ransomware.
Common types of malware:
Virus: The most common form of malware, viruses attach themselves to clean files, replicate, and try to infect other clean files — much like their biological namesake. Viruses must be executed to run, either by an unsuspecting user or by an automated process running the host application. A virus may delete files, cause reboots, join machines to a botnet, or enable remote access to the system via a backdoor.
Worm: Worms get their name from the way they infect systems. Unlike viruses, they don’t need a host file or application — instead, they simply infect a system and then self-replicate across other systems through the network, using each consecutive infection to spread further. Worms reside in memory and can replicate hundreds of times, consuming network bandwidth.
Trojan horse: A reference to the story of the Trojan War, where the Greeks hid inside a wooden horse to infiltrate the city of Troy, Trojan horses (or simply Trojans) disguise themselves as a legitimate application or just hide within one. This type of malware acts discretely, opening security backdoors to give attackers or other malware variants easy access to the system.
Backdoor: Backdoors are a stealthy method of bypassing normal authentication or encryption on a system. They’re used for securing remote access to a system, or for obtaining access to privileged information to corrupt or steal it. Backdoors may take many forms: as a standalone program, as a hidden part of another program, as code in the firmware, or as part of the operating system. While some backdoors are secretly installed for malicious purposes, there are deliberate, widely-known backdoors that have legitimate uses, such as providing a way for service providers to restore user passwords.
Ransomware is also a form of malware, but one that demands special attention. Originally, ransomware was designed to take control of a system, locking users out until they paid the attackers a ransom in order to restore access. Modern variants of ransomware usually encrypt the user’s data, and may even exfiltrate copies off the system to dramatically increase the attackers’ leverage over their victims.
Typical ransomware infection flow
Ransomware usually infects users through a distribution campaign in which attackers use techniques such as social engineering or phishing, tricking users to download a dropper that installs the ransomware on the system, e.g. via malicious website.
More aggressive ransomware, such as NotPetya, exploits gaps in security to infect systems without the need for trickery. Once installed, the ransomware finds all files of a specific type locally and across the network, creating a new encryption key and encrypting the files. The original files, recovery points, and backups are deleted to ensure users can’t restore the system. Ransomware usually changes the file extension, (e.g. myFile.doc. encrypted) and adds a “help” file explaining how victims can pay the ransom to recover their data.
Phishing is a common attack technique that utilizes deceptive communications (including email, instant messages, SMS, and websites) from a seemingly reputable source in order to gain access to sensitive information. The attacker impersonates a trustworthy organization, such as a bank, government institution, or legitimate business. The goal is to take advantage of the user’s trust and trick them into clicking a malicious link, downloading a malicious attachment (malware), or disclosing confidential information such as personally-identifiable information (PII), financial information, or user credentials. As an example, a phishing attack might look like a legitimate email for renewing your Microsoft 365 subscription, but actually contain an embedded link that takes you to a malicious page disguised as a Microsoft 365 renewal page — the goal being to steal your credentials or credit card information.
Spear phishing is a form of phishing that targets a specific victim who have been researched using insider knowledge or publicly available information (e.g. social media). These attacks tend to be quite convincing, as they’re highly-personalized — often involving real names and roles within the company. For example, an attack might be disguised as an email from a user’s direct manager or IT support department. Such malicious techniques are hard to recognize unless detected by cybersecurity products.
Zero-day exploits refer to a vulnerability that is actively being exploited in the wild, but is not yet known to the software provider — thus, a patch to fix the exploit is unavailable. Security administrators have “zero days” to eliminate the vulnerability. Eventually, all vulnerabilities become known and security patches can remediate the risk they pose, but this process may take months or even years. Zero-day exploits pose a significant threat to businesses, as they’re quite hard to detect — doing so requires deep system knowledge and constant monitoring of all applications.
As the name suggests, file less attacks are carried out without malicious files on disk. Instead, the threats reside only in random access memory (RAM), leveraging applications and processes known to be “safe” in order to collect data, deliver malicious executables, or gain unauthorized system access.
The infection leaves no traces on the target hard drive, nor even in RAM after a system reboot. The nature of these attacks makes them especially difficult to detect without advanced cybersecurity solutions that employ multiple layers of defence, working together cohesively.
Security breaches can lead to the unauthorized transmission of data to an external environment, or to unauthorized parties within the organization. Data leakage is primarily an insider threat, most often resulting from internal actors who provide third parties with unsanctioned access to sensitive data — either deliberately, or due to negligence or mistakes in data handling. Information can be leaked both electronically — through network communications such as email, instant messengers, or social media— and physically, through peripheral devices such as
USB drives or printers. When intentional, such security breaches are usually performed for financial gain, with culprits aiming to steal highly-sensitive data such as trade secrets, cardholder data, or PII. This can lead to severe financial and reputation damage to businesses, and subsequent regulatory fines.
