In this day in age, most people are aware of the phrase ‘cyber attack’ and generally know what is meant by the term, yet there are many different types of attacks so it’s important to understand the differing types, and what they entail, to help better protect yourself and your company from them. This blog covers exactly that, including a list of cyber attack examples for you to familiarise yourself with.
Types of cyber attacks
Cyber attacks generally fall within one of two categories: Targeted Cyber Attack or Un-targeted Cyber Attack. Below we go into more detail as to what these categories mean, as well as the means and methods of what they typically include…
Un-targeted cyber attacks
As the name suggests, un-targeted cyber attacks simply target as many users, devices or services as possible. The ‘targets’ are completely random and the attackers are going for quantity of users, devices and services rather than quality. By adopting this mass ‘blanket attack’ method the attackers have absolutely no idea what kind of reward they may get for successfully hacking into un-targeted territory, but one thing for sure is that the blanket attack method will certainly uncover a large number of vulnerable machines / accounts that are super easy to hack into. Tactics used for un-targeted cyber attacks mainly take advantage of the openness of the world wide web, and may include just some of the following methods…
Phishing - This is by far the most popular form of a cyber attack with most people knowing what it means and entails. As the title depicts, phishing is literally like ‘fishing’ for users’ sensitive information via emails. Un-targeted phishing campaigns include sending emails to large numbers of people which either request confidential information (such as bank or account details) or that aim to encourage people to visit a fake website. For guidance on how to spot a phishing email be sure to see our blog on ‘9 tips to help identify phishing emails’.
Ransomware – Another relatively popular form of an un-targeted cyber attack, this sneaky tactic involves the encryption of a user’s information, meaning they can no longer access their files, databases or applications.
Water holing – Unless you work in IT, or are very up to speed on IT jargon (which we try never to use), you likely won’t have heard about ‘water holing’ before, and unlike its sinister sister ‘phishing’, the name doesn’t really give away what it means. Water holing is the creation of a fake website or indeed the compromising of a legitimate site used for exploiting visiting users.
Port scanning – Again this is a less popular term unless you are up on your IT security lingo. Port scanning is an app-based technique used to scan servers or hosts for open ports, to essentially uncover weak / vulnerable points within a network which can then be targeted. Port scanning can also determine whether active security measures (such as firewalls) are being utilised.
Targeted cyber attacks
Targeted cyber attacks are the polar opposite of un-targeted attacks, so rather than the blanket randomness of attacks as seen in un-targeted, targeted attacks entail the singling out of an organisation because the attacker has a specific interest in that particular company- that could be down to the wealth of said company, or due to the amount of data said company may be privy to- which the attacker can use to their advantage. Whatever the reason, small, medium and large businesses alike should be aware of the common tactics used within targeted cyber attacks, as ultimately, as they are ‘targeted’, more thought, research and sophistication generally goes into these types of attacks, hence the victim is more likely to be tricked and fall foul to the hackers tricks.
Some of the most common targeted cyber attack techniques are as follows…
Spear-phishing - So we heard all about ‘phishing’ earlier in the blog, well ‘spear-phishing’ is similar in that it is still generally email based, but more advanced in that the emails are sent to ‘targeted individuals’ meaning they have been more carefully crafted to entice the ‘chosen’ victim to respond. Again the emails will likely contain malicious software attachments, or links that download some form of sneaky software, to essentially open the gateway to what the hacker is after.
Botnet deployment - A botnet is a collection of infected devices which have been deployed with malicious software (i.e. a virus). Attackers can control botnets as a group (unbeknown to the individual owners knowledge), gradually increasing the magnitude of further cyber attacks. These ghastly botnets are then used to overwhelm systems in a distributed-denial-of-service-attack (DDoS).
Supply chain attack - A supply chain attack (also known as a third-party attack) is when someone sneaks into your systems via an outside partner (usually a supplier or provider) to gain access to your systems and data. This is particularly problematic for businesses as the hackers are honing into people and companies that you know and trust.
How to get ‘on top of’ cyber attacks
The above examples of targeted and un-targeted cyber attacks are just some of the most common techniques used against SMEs and larger corporations within the deep realms of the cyber attack spectrum. There are various other ways the hackers can sneak into business systems, and sadly the means and methods are evolving day by day. Luckily though, so are the ways to minimise the risks of a cyber attack. Here at Resolve we welcome further discussion on how we can help businesses protect themselves against a cyber attack, so if you would like to know more, do get in touch.
In the meantime we hope this blog has taught you a thing or two about what a cyber attack is, and the common techniques to watch out for. If you would like a print ready copy of the above cyber attack techniques and definitions to display in your workplace for future use, you can do so via the form below…
