Imagine trying to access your computer (or your network as a whole), only to find yourself locked out and presented with a demand for payment in exchange for your files to be decrypted. This is precisely the scenario that ransomware puts its victims into, usually with a deadline to pay up under threat of the destruction of the encrypted files. If you’ve heard about Cryptolocker, WannaCry, or Petya, they are what we are referring to.
In 2019, a business was infected with ransomware once every 15 seconds, racking up a total of $11.5 million in total losses. Spam and phishing attacks were responsible for infecting 66 percent of affected companies, and in 2017, almost half of companies surveyed were affected by ransomware.
Denial of Service
Denial of Service (DoS) attacks, and their more-popular offshoot, Distributed Denial of Service attacks are the most common form of cyberattack. Using automation, an attacker has resources batter a target with the aim of taking it down. The rise in Internet of Things-enabled devices now allows an attacker to take over these devices and turn them against a single webpage. Naturally, this takes the website down.
The biggest DDoS attack on record happened on March 5, 2018, but was fortunately unsuccessful in taking down the targeted ISP… despite clocking in at 1.7 TB/s. On average, one of these attacks costs somewhere between $20K-to-$40K each hour, or in other terms, just under the average American worker’s annual salary. In the UK, businesses lost £1 billion to cybercrime in 2019.
A Man-in-the-Middle attack compromises any communications between a business and their contact. Any and all data can be interfered with, allowing cybercriminals to have their way with personal data, business correspondence, or financial data that is transmitted. It can be intercepted, altered, or redirected, potentially causing more problems than can be counted. The worst part: because Man-in-the-Middle attacks are relatively easy to carry out, they are rising in popularity on a daily basis. They are most commonly used to extract information, whether personal or professional, that otherwise wouldn’t be available. This includes things like login credentials, banking information, or payment card data.
Okay, that wasn’t the worst part. The worst part is that the majority of servers are still vulnerable. As in, 2016 saw 95 percent of HTTPS servers still at risk.
Believe it or not, phishing attacks are ranked as the biggest threat to businesses out there today. Phishing is a kind of social engineering where an attacker will reach out to the victim through some format, from email to instant messaging and beyond, in order to gain access to a secure system by fooling their victim into erroneously trusting them. While phishing emails have been around the block a few times, today’s attacks have grown to be quite sophisticated.
Many statistics surrounding phishing emails demonstrate how effective this relatively simple attack has proved to be. Phishing is involved in 93 percent of all social engineering attacks, and was directly responsible for 70 percent of government network breaches. In the last 12 months, 64 percent of organizations had first-hand experience with phishing, notably, 82 percent of manufacturers. The aforementioned ransomware relies on phishing for 21 percent of its delivery. As recently as 2016, 30 percent of phishing messages were opened.
Abbreviating a structure query language injection, an SQL injection attack does what it says on the box – it injects malicious code into a target’s SQL servers and feeds the database information back to the attackers. While this is another “golden oldie” of an attack, web-based applications that call for database access have given new life to SQL injection attacks and allowed attackers to extract very valuable info.
It should then come as no surprise that 65 percent of all web application attacks are performed through SQL injections. So, if your organization draws information from a database for an application, you could easily be victimized to a significant degree. Even gamers need to be concerned, as 12 billion out of 55 billion detected SQL attacks that Akamai security experts found were leveled at the gaming community.
If only these other attacks meant that attackers didn’t have time to try anything else, but unfortunately, that isn’t the case. Malware attacks still rank among both the worst, and most common, attacks against businesses. Of course, there are many types to consider, including:
- Trojan horses – Malicious code will be concealed within other files and applications and allow an attacker a point of access to a computing system or network.
- Worms – Malicious and self-replicating applications that travel along and infect networks and individual devices.
- Viruses – Samples of malicious code that infect applications for a variety of motives, including sabotage and theft of data and other resources.
- Spyware – Code that, while it seems harmless, piggybacks to software and gathers information about how a device or network is used.
There are many ways for malware to be introduced into a system. Again, phishing messages can be responsible, but many attackers will use something called “droppers.” Droppers are specialized programs that will install a virus after bypassing cybersecurity solutions. Since there is nothing inherently malicious about the dropper, protections usually don’t flag them.
Fortunately, there are ways to protect your business’ resources, network, and infrastructure from the millions of different versions of these attacks – and you need them, as your business is actively targeted by these attacks. To learn more about putting these protections into place, reach out to the professionals at Aspire by calling (469) 272-0777.