9 Common Cyberattacks That Threaten Users in Minneapolis and St Paul

Although there are thousands of ways that cyberattacks could occur, most cyberattacks can be grouped into 10 main categories.

1. Phishing attacks (click here for more info)

Phishing is a type of cyberattack that is designed to steal money, personal account information, business information, or other “sellable” information about you, your business, your customers, or your staff. Phishing attacks take many forms but primarily happen when users open a malicious email, visit infected websites, or give cybercriminals access to information over the phone. The perpetrators of these attacks are known as cybercriminals, cyberattackers or hackers … and they use trickery, lies, forgery, and human nature to get users to make mistakes!

Phishing is sometimes called social engineering and is effective because of human fallibility, emotions, and our natural human instincts to be nice. Hackers study and fully understand these human weaknesses. Phishing exploits these human flaws rather than flaws in application software or computer hardware.

Some of the first phishing attacks were made public in 1996 when hackers posed as AOL employees asking people to confirm their billing information with the company. Of course, AOL sent out a message warning customers of these attacks, and they reassured the public that they would never ask for this info … but these warnings were issued long after much damage had already been done! This is a common scenario for many phishing attacks occurring today.

Phishing exploits cost companies around the world over $5 billion every year. Some studies estimate that over 1.6 billion people receive at least one phishing email EVERY DAY!

2. Website embedded malware

When a website’s platform is not updated with the proper security protocols, cybercriminals can inject malware into the website’s code.

NOTE:

It is the responsibility of all owners of websites to make sure that the website’s platform is secure and has all security updates applied. No one wants visitors to their website to get infected with malicious code!

Once a cyberattacker has gained access to the website, they add malicious code to the site. When an unsuspecting website visitor visits the site and clicks on the infected area, their computers become infected. Sometimes the hacker entices the visitor with photos or promising links.

In other instances, the hacker leads the user to install a new piece of software by claiming that the user’s computer is infected. The attacker promises to clean the computer with the new software which is actually a malicious payload. Other schemes happen when the cyberattacker entices the user to install software that will make the computer faster … and on and on.

Savvy hackers can even convince users to ignore security warnings and disable the real working antivirus program installed on the computer designed to protect against known viruses. These hackers are incredibly clever, and their methods are getting more and more devious every day.

Socially engineered malware is responsible for BILLIONS of attacks every year!

3. Unpatched software

Software developers are constantly testing their programs for “security holes”, and end-users also report flaws in software applications. When these holes/flaws are discovered, the software company releases security patches. When these patches are applied to the affected software programs, the security holes are patched and cybercriminals are not able to exploit the software.

Unpatched software is one of the most common methods for hackers to access computers and company networks. Unfortunately, the first software patches that were issued were not thoroughly tested, and when the patches were applied to networks they “broke things”. Sometimes the patches caused computers to lock up or crash. Sometimes users could not print or access other network resources. Because of these early failures, many people are hesitant to install security patches. This is a problem.

The testing of patches has dramatically improved. In fact, these updates very rarely cause problems and because of this:

Patches should be automatically applied as soon as they are released!

According to Microsoft, approximately 6,000 software vulnerabilities are discovered each year! This means that any computer could be exposed to hundreds of new vulnerabilities, and each one of these vulnerabilities needs to be patched! To make this process even more complicated, different applications have different patching methods … some have auto-update routines while others force end-users to apply the patches manually.

The most common unpatched and exploited programs are browser add-in programs like Java and Adobe Reader and other programs people often use to make surfing the web easier.

4. Hacking your passwords (click here for full story)

Some sources estimate that 70% of email is spam, and much of this spam harbors phishing attacks … wow! Keep in mind that phishing attacks target users to try and trick them to exposing their login usernames and passwords. Most users hear warnings about password security: never use default passwords, never share passwords, never use words or easy to guess passwords, etc … but, most users don’t fully understand what secure passwords really look like. (For an in-depth discussion of “good” passwords, click here.)

Hackers are constantly attempting to get their hands on your sensitive financial info, your company, your clients and/or your users’ confidential data. Understanding why they do it may help you appreciate why passwords, security techniques, and multi-factor authentication are so vital.

You can improve your cybersecurity protocols by first understanding how hackers go about stealing your passwords and infiltrating your computer network

The 3 most common methods used to break into your network:

  1. Brute Force Attack: A hacker uses a program or script to try and log in with possible password combinations, beginning with easiest to guess passwords. Often these programs run on super-computers and will include algorithms to allow the hacker to try thousands or even millions of combinations.
  2. Dictionary Attack: A hacker uses a program or script to try to login by cycling through combinations of common words.
  3. Key Logger Attack: A cybercriminal tries to track all of a user’s keystrokes, basically everything the user has typed that day, including login IDs and passwords. A key logger attack is usually malware (or a full-blown virus) that penetrates your device or your network. Often the user is tricked into downloading it by clicking on a link in a phishing email. Key logger attacks are more sophisticated because stronger passwords don’t provide much protection against them (which is a reason that multi-factor authentication (MFA) is becoming a must-have for all businesses and organizations).

5. Social engineering (Detailed information click here)

Social media has been getting a lot of attention in the past year. Companies like Facebook, Instagram, Twitter, and LinkedIn are very widely used, but the list of other social media sources continues to grow every year. Mark Zuckerberg has been the center of attention lately, as he was summoned to Congress to answer questions about Russia’s use of Facebook to possibly sway the 2016 US elections … and, how the information from 80+ million users accounts might have been used by the Russians!

6. Social media threats

Social media has been getting a lot of attention in the past year. Companies like Facebook, Instagram, Twitter, and LinkedIn are very widely used, but the list of other social media sources continues to grow every year. Mark Zuckerberg has been the center of attention lately, as he was summoned to Congress to answer questions about Russia’s use of Facebook to possibly sway the 2016 US elections … and, how the information from 80+ million users accounts might have been used by the Russians!

Obviously, with employees spending more and more time on social media, it has become a real threat to cybersecurity. Social media threats usually show up as fake friend requests or invitations to install rogue applications. If users accept the request, they could be giving personal or business social media account information to a cybercriminal.

Organized hackers will exploit a company’s social media accounts to infiltrate and control a company’s social media messaging. Many of the worst hacks in the world started out as simple social media hacks and grew from there.

Do not underestimate how social media threats can comprise your cybersecurity!

7. Denial-of-Service attacks (DoS)

A DoS attack will disrupt the services to your network by sending high volumes of data or traffic to your network until the network becomes overloaded and can no longer function properly!

The most typical DoS attack is called the “distributed-denial-of-service” (DDoS) attack and involves the cybercriminal using numerous computers to send massive amounts of traffic and data to a specified network. Typically, the users of the infected computers used in a DDoS attack don’t even know their computer has been hijacked or turned into a zombie computer used by the cyberattacker.

8. Malvertising

Malvertising is just what it sounds like, malware that is embedded in advertising, so your system becomes infected when you click on an infected ad. Cybercriminals will upload display ads to thousands of different websites using an advertising network.

These infected advertisements are presented to users who have matched certain search terms and keywords. After a user clicks on these malicious ads, malware is downloaded to the user’s system!

9. Rogue software

Rogue software will pretend to be legitimate security software. Typically, a pop-up window or major alert will come across your screen saying you have been infected. This alert advises you to download software, agree to terms, or update your current system … and the notice warns the user that if action is not taken the computer will be infected. Of course, by clicking ‘yes” or “ok” to any of these alerts, the rogue software is now downloaded to the computer!