The Most Common Types of Cyber Attacks We Should Be Concerned About
FedEx and DHL were sending a lot more than packages last year—at least that’s how hackers made it seem. Attackers targeted around 10,000 email inboxes with messages that appear to come from the two shipping giants.
One of their attack methods went like this: The recipient got an email saying, “You have a new FedEx sent to you.” In the email, the attackers included details about a document that the recipient supposedly was going to receive, as well as links that would allow them to view it.
A Multi-Phase Attack Methodology
However, after clicking on the link, the victim would be taken to a file hosted on a Salesforce tool called Quip. On that page, they would see a large FedEx logo, which made the ruse seem even more legitimate. There would also be another link for the victim to view the fake document.
After clicking this second link, the target would end up on a phishing page that looked a lot like a Microsoft login portal hosted on Google Firebase, which is a legitimate platform organizations use to make web and mobile applications.
In the next phase of the attack, victims were prompted to enter their work email password, which was sent to the attackers who most likely would use it to try to hack either the victim’s email account, other sensitive accounts, or both.
Even though phishing attacks are nothing new, their level of sophistication has increased, making it harder and harder for individuals and organizations to protect their systems. But by understanding the following three types of cyberattacks, you can prepare to avoid and mitigate some of the most potent threats.
3 Main Types of Cyber Attacks
The three main types of cyberattacks include:
- Malware: Any malicious software programmed to either harm your system, allow hackers access to it, or take control of your data or components of your infrastructure
- Ransomware: Involves a hacker taking control of the victim’s computer or server and then demanding a ransom in exchange for returning control
- Phishing: Similar to the FedEx-DHL example mentioned at the outset, a phishing attack involves a hacker pretending to be a legitimate individual or organization to trick unsuspecting victims into divulging sensitive information
There are other kinds of attacks, but these are the most common, so arming yourself against them is an effective first step in creating a secure digital environment. Also, keep in mind that you may need multiple cybersecurity tools to reduce the chances of getting victimized by these kinds of attacks.
For example, your anti-malware solution may be the most robust on the market, but it may not adequately protect your employees from phishing attacks. When considering a cybersecurity solution, it’s best to carefully study what it does, how it does it, and its limitations. In this way, you can either find one that covers the most bases or combine an option with another tool, protocol, or training program.
Why Ransomware Is the Most Concerning Attack
Ransomware is the most concerning type of attack because, in many ways, it is the most appealing to cybercriminals. Here are some reasons why:
- Relatively quick payoff: Ransomware can provide a criminal with a quick, lucrative payout. If the victim chooses to pay the ransom, the hacker can swiftly take the loot and disappear. In addition, ransomware settlement prices have been escalating, causing not just financial damage to companies but corrosion of stakeholder confidence as well.
- Easy to obtain and launch: Ransomware is getting easier and easier to obtain and use, particularly with the proliferation of cybercriminal organizations offering ransomware-as-a-service (RaaS). RaaS gives hackers the opportunity to buy pre-made, ready-to-use ransomware in exchange for a monthly subscription fee.
- Potency: Ransomware cripples organizations, including those critical to maintaining important municipal infrastructure. An example is the widely reported Colonial Pipeline hack, which affected millions of people on the East Coast.
Can Organizations Completely Recover from a Ransomware Attack?
In many cases, yes, an organization can fully recover from a ransomware attack. The key is to take the appropriate steps, both before and after the attack.
Create a Backup System
After an attack, it’s typically best to do a full system analysis before returning to business as usual, but make sure you have the ability to do so with an adequate backup system. In many cases, the attacker takes control of a certain area of your network—one they know you need to maintain continuity, such as a server hosting a critical database that one or more important processes refer to on a constant basis.
For example, they may target a server hosting a database of customer data that both your payment and customer relationship management (CRM) systems depend on. In this way, the attackers can take down two digital targets with one stone.
Through periodic backups, you have a copy of the data you need on hand, ready to spin up at a moment’s notice. In effect, you’re saying to ransomware hackers, “Go ahead. Take it. We have another one.”
Clean Your System
Even if you figure out exactly how the ransomware entered your system, it’s best to do a comprehensive scan across your network before getting everything back to normal. This kind of scan can reveal more types of ransomware and other malware, if any, including those that have been in your system for months or years prior to this attack.
In addition to performing a full ransomware scan, it’s best to erase all drives that may have been impacted. In this way, you guarantee that there’s nothing left on the drive that could be used to execute a future attack. This is particularly important because attackers often use Trojans—a piece of software that appears to be innocent but actually contains malware—to get ransomware into their victims’ systems. As a result, Trojans may get overlooked, making it necessary to do a complete wipe.
If Possible, Don’t Pay the Ransom
A ransomware attack, regardless of how advanced or professional it appears, is still the handiwork of dishonest entities—so there’s no guarantee you’ll regain control of your system after you make a payment. Further, you’ll need funds to clean your servers and hire people to address the attack. Paying the ransom on top of these can cripple your organization financially.
But in some cases, you may have no choice but to take a shot at paying the ransom. For instance, some companies lose far more over the course of a single day due to downtime than the attacker is asking for. Others reason that using their cyber insurance policy is the best strategic move even though it will likely result in higher premiums down the road.
Regardless of the route you take, put a backup system in place as soon as possible, perform a full scan, and wipe your system clean. When you succumb to an attack, criminals may see you as an easy target that they can continuously victimize.
Must-Know Things About Ransomware Settlements
Here’s a “Ransomware Settlements 101” to clear up any confusion regarding what to expect or do in the event of a ransomware attack:
- As mentioned earlier, even if you pay the ransom, you may still not regain control of your system.
- In many cases, insurance covers ransomware payments. But if attackers are aware that your organization has cyber insurance, they’ll see you as a more appealing target.
- Hire a professional ransomware negotiator if you think you need to pay the ransom.
- Inform law enforcement if you get hit with a ransomware attack. They can advise you on the best way to proceed. In some cases, they might be able to help catch the attackers or retrieve your funds if you pay.
- You will likely be asked to pay in cryptocurrency—attackers will provide a crypto wallet into which you will deposit the funds.
Arm Yourself with the Tools and Knowledge to Beat Cyber Criminals
Malware and phishing attacks are dominating today’s threat landscape, but the most concerning is ransomware. The good news is that it is possible to recover from a ransomware attack if you establish a backup system beforehand, completely clean your network after the attack, and try your best not to pay the ransom.
Although cyber insurance can significantly cushion the financial blow stemming from a ransomware attack, it can’t pay for the damage to your organization’s reputation. Nor can it guarantee that you’ll regain control of your systems after making a payment. Any time you get hit with a ransomware attack, it’s best to inform law enforcement.
In addition to possibly catching the attackers, they can help you decide what to do and may even have systems in place to help you recover your funds if you choose to pay out.