If so, you are not alone- many computer users are unaware of the devastating consequences of clicking on a suspicious link or email attachment, making these talks about cyber security essential for browsing the web safely.
That said, we’re discussing all things cyber attacks in this article, from explaining cyber attacks to sharing tips on improving cyber safety, so stay tuned!
The Internet is humankind’s most salient invention, and it has blessed us with various benefits. We can access and share information in the blink of an eye, connect with peers, find entertainment, and expand our knowledge with all the available resources that roam freely on the information superhighway.
But this openness of the Internet isn’t all fine and dandy, now is it?
While connecting, the network of all networks grants us access to information, and it can also lead to exposure and even exploitation of ours. Personal and financial information, pictures, emails, sensitive data, you name it– if you use the Internet to share information, best believe your information isn’t safe.
But what about the data stored on your device?
The same rule applies. If you’re connected to the Internet via your computer, you are at risk of a cyber-attack. One infected file is all it takes to destroy your data, reformat the hard drive and, overall, wreak havoc on your device.
Now, is this a call to all people who value safety to go off the grid?
No, not at all, because technically speaking, that wouldn’t help either. On the contrary, being aware of potential threats could improve cyber security. The more secure you are, the less likely you are to become a target.
Photo illustration: Freepik
In actuality, many cyber attacks succeed because a sizable portion of computer users are unaware of the types of assaults that are frequent/possible or how they are executed. And if you don’t know what to be on the lookout for, how on earth would you be able to protect yourself from it?
So, let’s try to change that by talking about cyber security, starting by defining a cyber attack.
A cyber attack is an assault carried out by an individual or organization against one or more networks or computer systems. The nature of these attacks is malicious, and they are initiated with the intent to harm, steal, or destroy data that may be valuable to a particular user, business, or organization.
The overwhelming majority of these attacks are attacks on information. Hackers may want to steal someone’s financial information for monetary gain, assume one’s identity and use it illegally, or get into a company’s network to access valuable data and sell it to third parties or demand a ransom.
But not all hackers do it for monetary gain. Script kiddies are launching attacks left and right, often just to prove a point, make a statement, or because they believe they’re the next great thing like Mitnick.
Additionally, most cyber attacks are launched on a large scale, making less secure systems and devices their primary target. I should also mention that any system you and I use is vulnerable. Not just ours, for that matter; the president’s device, for example, has vulnerabilities, too.
Whether it be a WiFi or cellular network, server, or email account with a weak password– at the end of the day, it doesn’t really matter. These factors make your system penetrable and, therefore, susceptible to cyber-attacks.
Targeted vs Untargeted Attacks
You may think, what’s the point? What’s the point of taking preventive measures when you can end up being a target anyway?
As I mentioned earlier, the more secure you are, the less you have to worry about. True, if someone with sufficient experience is eager to break into your system, there’s not much you can do. But these attacks are rare, as attacking one computer at a time doesn’t really scream ‘productive.’
With that in mind, we can separate cyber attacks into two primary groups: targeted and untargeted cyber attacks.
Targeted attacks are dangerous because hackers have a specific person or business in mind when deciding whose head they want to hunt. These hacks, or even their attempts, can leave devastating consequences and destroy a system and security the cyber victim had built.
If the end goal of targeted attacks was to extort data, hackers responsible for the cyber attack could either demand ransom or sell the obtained data on the black market. Neither of these outcomes is favorable.
On the bright side, these attacks are somewhat rare, and although they can wreak havoc, they at least aren’t a threat to common folks. In most cases, that is.
Untargeted attacks, on the other hand, are more prevalent than targeted ones. They can do damage, but they aren’t designed for a specific group or person. Instead, they happen in clusters, frequently targeting thousands of people and their systems at once.
Untargeted attacks are usually sent and carried out via the Internet. When an Internet user opens or downloads something sketchy, that may be the beginning of a cyber attack.
This leads us to the following questions: what types of cyber attacks exist,, and what is a cyber attack example?
While there are dozens of cyber attacks types, here are the most common cyber assaults in today’s world:
- Malware– a buzzword for malicious software designed to damage or disrupt a computer system.
- Ransomware– a type of malware that locks the victim out of their computer system and demands ransom for its removal.
- Spyware– malicious software that gathers information from the victim’s device.
- Phishing– a social engineering attack usually spread via mail, designed to steal a victim’s data, including login credentials and financial information.
- Backdoor Trojan– masked malicious software that can exist on a victim’s device without them even noticing, but can harm a device or network.
- Denial-of-service (DoS)– DoS attacks are attempts to disrupt the regular traffic of a target server.
- DNS tunneling– a cyber attack abusing a DNS protocol, usually used for data exfiltration.
- Cross-site scripting (XSS) attack- an injection of malicious scripts in trusted websites.
- Cryptojacking– installation of crypto mining software onto a victim’s device without their consent.
I’ve prepared an in-depth explanation of these attacks, so check out the guide for different types of cyber attacks in the continuation of the article.
What Is an Example of a Cyber Attack?
We all use email services and regularly check our inboxes for new messages, right?
These messages are from colleagues, friends, service providers, and other senders whose emails we’ve agreed to receive (promotions, subscriptions, newsletters, etc.).
When we get a message from, let’s say, a colleague, we don’t overthink the validity of that message.
However, sometimes our email addresses fall into the wrong hands, allowing malevolent techies to send us emails containing malicious programs. Or, they could do it via other parties, which happens when one cyber victim forwards an infected email to the other, improving the impact of the initial attack.
So, let’s say you open your Gmail inbox and find a message from your bank. You open the email and see an attachment of your financial records.
But wait, something here seems unusual. Your bank usually sends you emails via [email protected], but this sender’s email address is [email protected]. Although suspicious of the message, you decide to open the attachment included. One click leads to the other, and you’ve already realized that the attachment isn’t what it was supposed to be. And before you know it, you see a popup on the screen claiming that YOUR COMPUTER HAS BEEN LOCKED.
It could look something like this:
What happened here?
As unfortunate as it seems, you just became a victim of a ransomware attack.
When a ransomware attack occurs, the victim will, in most cases, lose access to their computer or specific files on the said device. The victim is then urged to pay a ransom to get the encryption key that unlocks access to their device.
Depending on the attack type, cyber attacks can cause all sorts of damage, ranging from data theft to destroying critical systems that control large-scale operations.
So, for example, hackers can extort a victim’s financial or personal information during a cyber attack. They could exploit victims’ data for illegal activities or sell it on the black market to other perpetrators.
Similarly, some types of spyware allow criminals to access and control the victim’s camera or microphone using malware. Not only does this invade privacy, but it can lead to other crimes and harm the victim in many ways.
But no, that’s not everything cyber criminals can accomplish after launching a cyber attack.
Denial of service (DoS), and distributed denial of service (DDoS), which is a DoS attack on steroids, tend to overwhelm targeted websites with fake traffic, causing them to slow down or crash. Actual website visitors can then not access the said site, which causes a lot of trouble for website owners.
Another example of a cyber attack is cross-site scripting. The attacker can infect a trusted website with malicious scripts that infect visitors’ devices. These are considered large-scale attacks, as they can affect thousands of visitors interacting with a trusted website.
As you can see, different cyber attacks cause different types of damage. So, let’s discuss the consequences of these attacks and what you can do if your device gets infected with malicious software.
The sad reality is that cyber attacks happen daily, and some are more potent than others. The consequences can be devastating and often felt by a large group of people, not by the victim alone.
For example, a potent cyber attack on an electrical company can lead to blackouts, an attack on an e-commerce website can prevent shoppers from ordering goods and services, and attacks targeting governments can lead to breaches of national security secrets.
People could lose all their savings, careers, and access to their data and devices after cyber attacks or even face charges for crimes they haven’t committed.
A hacker may compromise a WiFi or hop on a network to commit fraud or any other type of illegal activity. And if the crime traces back to the victim’s network, and the victim can’t prove they aren’t responsible for the crime, there’s a chance they could be held accountable.
Based on these examples, we can agree that cyber attack prevention is more critical than isolating the attack and neutralizing the damage.
But, of course, some attacks can’t always be prevented, so if you suspect that you’re under attack, consider the following:
- Isolate the infection and contact an IT professional: It’s a good idea to turn off the device and, if possible, disconnect it from other systems to prevent the infestation from spreading. Additionally, trying to reload data from backups could infect that data, which is why it’s recommended to wait until a professional examines the device and suggests potential solutions. However, in some cases, you could replace the hard drive, but it would also be a good idea to wait until someone inspects the device and neutralizes the threat first.
- Prevent more damage: In case of a cyber attack, report the crime and contact your bank and other financial service providers to arrange holds on your accounts. On top of that, consider reporting that you may be a victim of identity theft.
- Identify vulnerabilities: At an appropriate point, identify your system’s vulnerabilities that made the attack possible. That could be anything from unsecured Internet access to out-of-date or unpatched software.
- Learn from the attack: Once the vulnerabilities have been identified, upgrading your cyber security is essential. Depending on the attack’s magnitude, you might consider installing a better antivirus, improving network security, and overall elevating your cyber hygiene.
Training yourself and others in your business to keep ahead of security issues is the core concept of cyber hygiene. After all, building cyber resilience and ensuring your devices and software are up to date is of utmost importance, so let’s discuss what you can do to improve your cyber security.
For starters, it’s crucial to mention that good cyber hygiene isn’t a one-time thing. In other words, you can’t simply install antivirus software once and then hope you’ll be safe forever.
On the contrary, practicing good cyber hygiene is all about building habits that will keep you and your organization up to date with the current cyber attack trends and relying on preventative measures to reduce the risk of a security breach.
With that in mind, here’s how to reduce the chances of a cyber attack:
- Install reliable antivirus software: An antivirus software is a program that keeps an eye on your computer and its files. It performs device scans that can detect infected files and help you keep your device malware-free. After antivirus software installation, schedule and perform scans to avoid security issues.
- Keep your apps and software up to date: Although they can be annoying and often take up too much space, app and software updates are essential for cyber safety. Most updates involve security fixes that can prevent unauthorized access to your data. That said, outdated apps and software versions are much easier to crack. So it’s always a good idea to delete a few pictures and make some space on your phone, for example, instead of snoozing that update button.
- Use strong passwords: Complex passwords are one of the most vital aspects of good cyber hygiene. Yes, I know– it’s more convenient to use your dog’s name or a loved one’s birthday as your password combination. Still, these passwords are easy to guess, especially if you disclose that information to the public (sharing a pet’s name or birthday on social media, for example). Additionally, switching up your passwords and using a different combination for every account could instantly elevate your security. Make sure to use a combination of letters, numbers, and special characters, and try to make it at least 10 or more characters.
- Consider using a VPN: VPNs establish encrypted connections between systems, and they can increase users’ security and privacy, but to some extent, of course. However, a VPN alone isn’t enough. They can be a great addition to other security measures, such as using antivirus software, but they alone can’t do much regarding your online safety.
- Encrypt your data: All sensitive data on your computer should be encrypted because keeping it in the regular text format makes it easier for intruders to steal it. That is especially true if you own a business, as its foundation can crumble down if that data is compromised.
- Entertain the idea of installing firewalls: In simple words, firewalls monitor network traffic and spot unusual activities that jeopardize your data’s safety. Still, most people don’t need them, but organizations and business owners should consider getting firewalls.
- Stay informed: Learning about cyber security and what can happen if you don’t implement preventive measures can be scary, but understanding what happens to some people daily could prevent you from falling victim to a cyber attack. For example, if you know that social engineering relies on manipulation to trick potential cyber victims, you are more likely to recognize and avoid attacks such as phishing.
As you can see, cyber hygiene involves taking a proactive approach to safety. Still, if you or your business can’t follow these cyber security tips, take one step at a time. Any level of security is better than no security, and you can always upgrade or downgrade your cyber security measures if you aren’t happy with the results.
Good luck and stay safe!