The past few years have brought a lot of attention to several high-profile hacking attempts against big name companies and government agencies. However, some might not be aware of the more common cyber attacks that occur every day, and primarily target individuals and SMBs. The two are not mutually exclusive, and many smaller and mid-sized organizations may be chosen because of the expectation that they will have a harder time protecting themselves.
Perhaps the most widespread goal among the majority of breach attempts is the acquisition of login credentials. Password cracking is often the first step to compromising a system as it allows an attacker access to privileged data. There are many different techniques employed by hackers to discover passwords, quite a few of which require only a certain amount of effort and can be carried out repeatedly.
Socially engineered attacks are becoming one of the most popular new methods for illegally collecting digital information in the current era of the Internet. Cybercriminals are increasingly devoting efforts to studying potential victims and predicting their habits. These types of attempts involve building a delivery system that will not immediately raise suspicion while also usually communicating a sense of urgency. This includes messages from coworkers or c-level officers asking for financial transactions for company purposes, or government agencies threatening legal consequences if their orders are not quickly followed.
Phishing emails are fairly ubiquitous now and are not always easy to spot, and even an accidental click on a message that gets past spam filters can leak information. Spear phishing is a particularly dangerous form of a socially engineered attack that is tailored towards a specific individual, often a gatekeeper for greater access to a company’s data. Using information that is available online, hackers can build messages that their victims are more likely to take seriously.
Social media provides an easy way for attackers to identify and study potential targets as people often give away too much of their personal information through their public profiles, including company details. However, social media can also be a vector of attack for malware through fake friend requests or third-party applications.
Attackers also often use fake webpages to spread malware, and even if someone manages to avoid clicking suspicious links in spam emails, there is a chance that they will come across one while surfing the Web. Socially engineered malware adds another danger with websites set up to trap particular individuals based on their preferences. If these sites are visited from a company computer with software that is not fully patched, then the entire network may become infected.
Cyber attacks are becoming more common with each year and they are only going to increase. More frequent, lower-profile threats are growing in popularity among hackers and attempts against SMBs are going to become commonplace. You should find out how safe your business really is with a Network Vulnerability Test, and you can even educate employees to detect these phishing attempts described above with our Phishing Defender service.