There are many techniques hackers use to attempt an attack on a business. Below are the more common attacks experienced by Australian businesses:
1. Taking advantage of innocent employees: hackers know many employees may not think twice when opening an email from a trusted source, viewing a known website or logging into a business cloud-based app. Therefore, hackers will often attempt to deceive employees and infiltrate ‘routine business actions’ to gain access to business data.
2. Internal knowhow from malicious employee: unfortunately, disgruntled employees sometime purposefully attempt to hack into a company system from the inside.
3. Sending spam/scam/phishing emails: these emails aim to trick the user into either divulging passwords and logins, make the user click on a dangerous link which may download a virus or malware, or convince the user to make a fake payment to a fraudulent account. The coronavirus pandemic has resulted in a huge spike in thiese types of emails, read more about COVID-19 scams here.
4. Stealing/guessing passwords: majority of people use the same passwords for multiple logins, meaning hacking bots can easily guess and steal passwords. This enables the hacker to access a business computer systems from the employees password/account.
5. Creating fake/malicious websites: there has been a recent increase in malicious websites stating to provide information about coronavirus and then convincing the user to click on a dangerous link which then downloads a virus or malware. Read more about COVID-19 scams here.
6. Gaining access to cloud-based business platforms: most cloud-based programs offer high security, however it only takes one vulnerable computer system, or out-dated app, to allow a hacker to access the company system. If a hacker can reach the backend of cloud-based programs, they can access data and change passwords.
7. Hacking employees using remote access: working remotely increases the chance of remote access hacks (aka Remote Desktop Protocol (RDP) attacks). This means hackers set themselves up as an ‘administrator’ on the remote network. This gives the hacker access to every activity being undertaken on that computer, including passwords and files.
8. Hacking your IT provider or a 3rd party business: hackers predominantly attack businesses where they can achieve the largest impact and thus demand the greatest ransom. This is why they target companies such as IT providers as they can then also reach a large range of affiliated businesses.
Hackers use these techniques to implant malware/viruses onto the business network and/or gain access to businesses data. This results in direct and indirect consequences for businesses.