Modern technologies have become firmly established, both in the life of an ordinary person and in business. The latest tools are used to conduct efficient business activities, as well as for convenience. With many advantages and new opportunities, the risk of becoming a cybercriminals’ victim increases. Many companies use cloud services to store corporate data, place data on the Internet, forgetting about reliable cybersecurity organization. The need for information security, understanding and managing risks, identifying and preventing incidents is a priority for any company.
Cyberattack is an unauthorized attempt to access a system to modify, damage or steal data. To accomplish this, cybercriminals use various methods to launch an attack: malware, phishing, ransomware, man-in-the-middle, etc. Cyberthreats can vary in complexity, from installing malware on a small company’s system to trying to disable critical infrastructure (government, public agency etc.). The result of a successful cyberattack is often data leakage and disclosure.
The target of any cyberattack is a physical or logical resource that has at least one vulnerability. As a result of an attack, the confidentiality, integrity, or availability of a resource can be violated. However, damage, disclosure, control over resources may go beyond the identified vulnerabilities, including gaining access to the Wi-Fi network, social networks, operating systems or confidential information (credit card information, bank accounts, etc.).
Types of cyberattacks:
- Internal and external
An internal cyberattack is initiated within an organization by a person who has access to sensitive data. An external cyberattack is initiated outside the organization, such as a distributed denial of service (DDoS) attack using a botnet.
- Passive and active
Passive cyberattacks include attempts to access or use information from the target system, while using system resources. Common examples of passive cyber threats are:
- Monitoring programs (monitoring computer activity, data stored on the hard drive, monitoring activity and data transmitted over the network);
- Wiretapping;
- Port scanning;
- Keylogging (recording keystrokes on the keyboard);
- Backdoor (bypassing standard authentication or encryption in a computer, product, embedded device);
- Typesquatting;
- Eavesdropping;
Active cyberattacks include deliberate attempts to change or affect a system (data leaks, ransomware attacks etc.).
- Brute force attacks (guessing usernames and passwords to gain access to the system and/or confidential data);
- Cross-site scripting (injection of malicious code into a web page);
- DoS attacks (denial of service);
- Exploit (use of vulnerabilities to carry out an attack);
- Email spoofing (sending messages from a fake address);
- Phishing;
- Attack «man-in-the-middle»;
- Social engineering;
- Ransomware attacks;
- Trojan horses;
- Malicious code;
- SQL injection (a way to hack sites and programs that work with databases);
Cyberthreat is a potential cybersecurity risk that exists when there are circumstances, opportunities, actions, events that cause data leakage or any other type of unauthorized access. A cyberthreat can be any vulnerability that can be exploited to further cybercriminals’ goals.
Cyberthreats can be intentional (for example, a cybercriminal purposefully launches a ransomware attack, encrypts data and demands a ransom) and accidental (for example, poorly configured S3 bucket security, resulting in a big data leak).
Measures to prevent and detect cyberattacks:
- Organizational measures (cybersecurity training at all levels);
- Procedural measures (questionnaires of third-party providers to assess their safety);
- Technical measures (installation of anti-virus and anti-spyware, network intrusion detection systems, monitoring of the company and third parties for data leaks etc.).