Cyber Security 101

Lesson 7

Avoiding cyber attacks and knowing the difference between them

Welcome to Lesson 7 in cyber security

In Lesson 6 you learnt about keeping your children safe online. This lesson deals with the different kinds of cyber attacks and how to avoid them.

There are many different kinds of cyber attack, all taking different angles of approach. If you know the difference between them, you’ll be better placed to protect your business from them.

Here are 12 of the most common kinds of cyber attack and what to use or do to avoid them:

Denial-of-service (DoS) attack

A hacker overwhelms a computer or a network with traffic to such an extent that it can’t operate and continue. This can mean a flooded inbox or server making it inaccessible to the intended user and therefore causing a system disruption.

A comprehensive defense application is needed for this advanced attack such as Panda Adaptive Defense.

Man-in-the-middle (MitM) attack

A hacker inserts itself between two places such as a wifi network and a victim’s machine and gains access without the victim knowing. Info can then be stolen or malicious software can be installed to carry out a malware attack.

A VPN or encryption software can be used against this.

Phishing attack

A user is tricked into thinking an email is from a reputable source when it’s actually fraudulent communication. It can steal sensitive personal information such as credit card numbers and login details on the victim’s machine.

Employee training is critical with this kind of attack.

Drive-by download attack

A hacker slips malicious code into apps, operating systems or web browsers that haven‘t been updated and therefore contain vulnerabilities.

Delete apps you hardly use or update as those ones are the risky ones.

Wifi eavesdropping attack

When a user is connected to a public wifi network, hackers can intercept communication and steal usernames, passwords and other unencrypted confidential information sent while connected to the wifi network.

Use a VPN to avoid this.

Formjacking attack

A hacker loads malicious code onto an e-commerce site and steals credit card details from the checkout pages. Small to mid-sized retailers are the biggest targets though Ticketmaster and British Airways were also compromised this way

Use an automated vulnerability scanner to look for weaknesses in systems and applications.

Malware attack

A user activates malicious software (virus, spyware, ransomware) that has installed via a link attachment click, or an email attachment click. It can block access to the network, steal information by transmitting it from the hard-drive, and disrupt the working of a victim’s machine. 

Employee training is critical with this kind of attack. You can also use two-factor authentication and an endpoint protection service.

Password attack

A hacker tries to guess a password by repeatedly trying different passwords to gain entry. This doesn’t work when a lockout policy protects the account and it locks after three incorrect password entries.

You are responsible for creating your own strong password! Consider using a password management application like 1Password.

Zero-day attack

A hacker hears about a network, app or system insecurity and exploits it before a patch or update has been issued. This is an opportunistic attack and can only be avoided if users have advanced cyber security in place. 

Proactive security solutions as opposed to reactive solutions might be a better option.

SQL injection attack

A hacker embeds malicious code (structured query language) into a poorly designed application and is then able to gain access to resources, alter data and execute damaging commands.

Use an automated vulnerability scanner to look for weaknesses in applications.

Cross-site scripting (XSS) attack

A hacker injects malicious code into a trusted app or website. The code triggers when a victim visits the app or page. Most common in forums, message boards and web pages that allow comments. Can also be used to deface a website.

Use an automated vulnerability scanner to look for weaknesses in applications.

Brute force attack

A hacker uses trial-and-error to guess a username or password, trying repeatedly with various combinations until eventually gaining access. This is an old attack method that’s surprisingly effective and still popular with hackers. 

Use two-factor authentication and an endpoint protection service.

Share this cyber security course

Share on facebook
Share on linkedin
Share on twitter
Share on whatsapp
Share on email

In Lesson 8 we’ll look at how to cope with a cyber attack.

Note: This content is general advice and should not be construed as paid-for cyber security advice and instruction.

We are taking all necessary precautions around the COVID-19 situation. Our offices are closed and our team members have each been set up to work remotely in self-isolation at home. As far as possible IronTree will maintain business as usual. All our resources such as server platforms, transactional capacity, telephony and electronic communications, including video meeting facilities, have been configured in the cloud and are 100% operational. Please feel free to contact us if you require our assistance. Stay safe!
One of our team members will be happy to help answer any questions you have!
Just click the chat icon in the right-hand corner.