With the advancement of technology in the form of social networking sites and cloud computing – just to name a couple — cyber security is becoming more of a challenge these days. As attackers are becoming more familiar with technology, they are also becoming more adept at hacking their way in to your network. What follows is a list of the most prevalent types of cyber attacks against small business owners:
1) CryptoLocker Virus: This technique involves hackers first emailing a PDF attachment. If the attachment is opened, malware is installed on your hard drive which allows the cybercriminal to access your computer files. The files are then encrypted restricting you access to your own files. Days later, the criminal sends an email demanding payment for the files threatening to erase them if the ransom is not paid. They demand virtual payment which is much harder to trace.
2) Spear Phishing: Spear phishing is an email spoofing fraud scheme. An email that appears to be from someone in your company or a trusted client is sent to you. You click on a link in the email that takes you to a fake web page. At this point, hackers attach malware to your browser and now they have access to your browser history. Then, they can send more fraudulent emails that appear to be from trusted sources, like a bank or a favorite store.
3) Timthumb Attack: This type of attack involves hackers taking advantage of a known security flaw in WordPress or other website building applications. They use the security hole to install malicious code or files on your server or website. Then, they are able to easily launch spear phishing attacks and denial of service attacks where they inundate your website with requests that make it inoperable.
4) Manipulating BeEF Toolkit: BeEF Toolkit is shorthand for Browser Exploitation Framework which is software that is used to test the security of a business’ network. Hackers use it to steal financial information or trade secrets from unsuspecting firms. They do this through phishing emails with malicious links embedded. Once the link is clicked, the software is activated, attaches to your browser and allows hackers to see your browser activity.
5) SEO Poisoning: Hackers use the most popular keywords to lure you to fake websites that once accessed allows them to install malware to hack into your system. Also, the fake search results can do further damage to businesses whose legitimate search results get pushed down in the list.
6) Phishing + Social Attack: This type of attack may involve a two-step process. This scam starts out with a phishing email typically targeted to persons in financial roles, like an accountant or CFO. A second email is sent as a follow-up from what appears to be a vendor of the targeted company. The email states that an invoice is past due and includes an attachment of the “invoice”. If the attachment is opened, malware is installed on your system. Sometimes, criminals also use phone calls to get the information they want from you.
Reference
Kavilanz, Parija. “6 most dangerous cyberattacks”. Money.cnn.com. 11/21/2013.