DP Solutions Logo WHITE-01

 

5 Popular Cyber-Attacks, How to Spot Them & What You Can Do

Learn the surefire signs of the five most common types of cyber-attacks and how you can fight back to protect yourself and your business.

While access to the Internet and technology has enriched our lives in many ways, it also opens us up to threats that we never had to consider in the past. Obviously, we aren’t going to stop using the Internet for things like personal finance, healthcare, e-commerce and connecting with friends and family. However, it’s important to understand that the more we leverage these digital tools, the more risk we face.

Cyber-criminals know how reliant we are on technology, so it’s no surprise that in recent years we have seen more attacks with greater consequences. More than ever before, individuals need to recognize what their cyber-risks are and how to respond to the threats that are out there.

Let’s go over some of the common signs you are being attacked and what you can do about it.

Account Compromise

Account Compromise

Since gaining access to your personal accounts can be quite lucrative, it shouldn’t surprise you that taking over accounts and selling credentials on the dark web is so common.
 
Every account you have is like a digital vault.  Instead of a big safe with a lock on it, the entrance is usually a website with a name and password.  Once you are inside, you have access to the assets inside.  Sometimes that may be your email, or your files, or sensitive personal financial information.  These assets, just like the assets in a bank vault, have value to criminals. 
 
Your account might have been compromised if you notice any of the following activities:
  1. Unusual login notifications.
  2. Not being able to access your account.
  3. Your password has been changed.
  4. Strange inbox activity, such as receiving unfamiliar emails or seeing emails you didn’t send in your sent folder.
 
To help protect against account compromise, make sure to follow these three steps:
  1. Passwords: Create a strong, complex password
  2. Authentication: Utilize multi-factor authentication on all sensitive accounts
  3. Alerts: Opt-in to monitoring alerts that show suspicious logins from strange locations or devices.  Many sites that hold your personal information, such as banks, social media, and email sites, will offer free monitoring alerts. 
 
None of these defenses are perfect, but like everything else we talk about, having a comprehensive approach to security will dramatically minimize your likelihood of being a victim.
 

Ransomware

Ransomware

Ransomware might be the scariest threat, especially because it may make you feel as if you are stuck with no recovery.

Indeed, if ransomware takes over your system and locks up your files, you may not be able to remove it using standard security tools, which is why people and businesses still sometimes pay the ransom when they get infected.

Below are some common signs that you might be infected with Ransomware:
  1. Your web browser or desktop is locked with a message about how to pay to unlock your system or files.
  2. Your file contents are scrambled for no reason. 
  3. You notice an inexplicable slowdown in your workstation or network.
  4. You see suspicious changes to files, file names or locations.
 
It is critical that you have a plan to deal with ransomware. Here are some proactive steps you can take:
  1. Backup Your Data: Make sure that your critical data is backed up and protected so that it’s not potentially locked behind a ransom demand.  It’s important to have an alternative plan to access your data.  
  2. Patches & Updates: Make sure that your software & systems are patched and updated so that vulnerabilities are addressed ahead of time.  
  3. Keep up with the News: Stay on top of cybersecurity current events with sites like ThreatPost, The Hacker News, & Security Week so you’ll know about zero-day exploits and new threats that may require action on your part.  
  4. Endpoint Protection: Be sure you have strong endpoint protection that can help fight back if malware makes it into your machine.

Phishing/Vishing/Smishing

Phishing Vishing Smishing

Phishing, Vishing and Smishing are popular because they are easy to do and go around many of the technical tools used to protect you from other threats.

Did you know your car’s extended warranty is about to expire?  How about those nasty websites you have been visiting that someone sent you an email about? 
 
Cyber-criminals constantly use these baiting techniques to exploit your personal vulnerabilities as part of a phishing attack.  This is why it has extended past email and now targets text messages, phone calls and really any means of communication. 
 
If patches are installed and the device has good tools on it, maybe it’s just easier to get someone to let you in by unlocking the door themselves through clicking your link or volunteering their password.
 
Some common Phishing tricks you might notice in your emails and text messages include: 
  1. Claiming there’s a problem with your account or payment information.
  2. Requests for you to confirm personal information.
  3. Asking you to pay a fake invoice for an unfamiliar account.
  4. Saying you’ve won something or offering you steep discounts for certain items.
  5. Odd looking URL’s or email addresses.
Since phishing targets the person, that’s where your defenses should be focused (along with good technology):
 
  1. Recognize Malicious URL’s & Senders: Make sure you have a basic awareness of how to identify suspicious senders and URLs in emails.  
  2. Only Use Known, Secure Sites: Understand what secure and official channels you should be using for your sensitive work, so a scammer can’t trick you into doing something you might not otherwise do.
  3. Security Awareness Training: Users must be the first level of a layered defense system to protect you from phishing attacks. A security awareness program will teach employees how to recognize phishing attempts and what to do when confronted with them.
 

Identity Theft

Identity Theft

Criminals can stitch together pieces of personal information they gather about you to perform other crimes.  If someone can get your name, address, social security number, or other pieces of sensitive information and tie it together, they can use that information to access your sensitive accounts or open a credit card in your name.

While there are services that can help fight back against this, it is important that you take personal ownership of the issue.  People are often very careless with their personal information, by sending it through unencrypted emails, posting it on social media quizzes, signing up for excessive services and otherwise treating their information as if it’s meaningless.  
 
The more places you share your data, from giving it to individuals that you trust, to businesses and websites, the more places your information could be breached and used against you.  Be mindful of how you use and share information.
 
Here are some tell-tale signs that your identity may have been stolen:
  1. Your bank statement seems off or your checks are bouncing.
  2. You see unexplained activity on your credit card.
  3. You aren’t receiving bills that you were expecting.
  4. Your credit card is declined, or you are denied a new credit card.
  5. You get a credit card in the mail that you didn’t apply for.
  6. You can’t file your taxes because someone has already filed a tax return in your name.
 

Man-in-the-Middle Attacks

Man In The Middle Attacks

While Man-In-The-Middle Attacks (MITM attack) are fairly common, most people don’t understand what they are. 

Networks are a mesh of devices connected sort of like a highway and data travels over paths (locally and over the Internet) to reach their destination.  When one of these attacks occurs, something sits between you and the destination, for example, a rogue network device that scans and steals information before it arrives at the place it is supposed to go.

The best way to detect an MITM attack is to pay attention to the URL in your address bar. If there is no ‘S’ in HTTPS, or if it’s a strange looking address, those are red flags. Also be on the lookout for frequent disconnection or connections to unfamiliar locations.
 
As an individual, it can be difficult to fight back against this aside from using many of the tactics outlined earlier in this blog, but here are a few things you can do:
  1. Reliable Networks: Make sure you aren’t working on networks that are not ideal, such as poorly managed open WiFi from a coffee shop.  
  2. Secure Channels: Stick with secure and formal channels for your sensitive work, so that the risk that someone is sitting in the middle is minimized.  
  3. Safe Home Networks: If you are working from your home, ensure that your home network is reasonably maintained, with devices that are not open to exploitation with default credentials or open access to wireless connectivity.
 

Wrapping Up

Sadly, cyber-attacks are a part of the reality of the Internet. We won’t be facing a future where attacks are a thing of the past, but what we can achieve is better cyber-security standards both in our personal lives and in our businesses. While attacks are common, most of the things we do digitally can be done safely if we show basic care both with our personal behavior and implementing the proper technology tools.

 

Cybercriminals are continually inventing new ways to infiltrate and extort an organization’s mission-critical data. We keep up with the latest in ransomware so we can help protect your business. Let us help!

REACH OUT TODAY

 

SUBSCRIBE