//Cybersecurity for business
Cyber attacks and threats
Cyber attacks manifest in many different forms and can cause catastrophic damage to Australian businesses. Learn more about the most common cyber threats for Australian businesses.
Cyber attacks are becoming an increasingly common occurrence for Australian businesses. Unfortunately, they are also becoming more sophisticated and complex; making them harder to prevent and manage.
Knowing about these threats and how to mitigate the risks can support your business minimise the chance of attacks, as well as limit the extent of damage caused.
Below, we have listed the top 20 cyber threats Australian businesses are currently facing. See our Cyber Security Management System (CSMS) to find out more about preventing attacks.
//CyberSecurity for business
The top 20 cyber threats for Australian Businesses
Whilst it is practically impossible to know every malicious code and virus out there, we can review the main strategies used by hackers to implant viruses and give you tools and advice to prevent them. Below are the top 20 techniques used by hackers to attack and exploit Australian businesses.
Phishing attacks use electronic communications (most commonly emails) by posing as a ‘trusted source’ with the attempt to trick the victim into giving over confidential and personal information. For example, a person may receive an email that looks like it is from ‘Australia Post’ saying they have a new parcel and they need to ‘confirm their contact details.’ The hacker will then be able to gain any details entered including credit card details and passwords. Prevention strategies include employee training, Multi-Factor Authentication and password management.
Malware attacks are a cyber breach which installs malicious code/s onto a system without the user’s knowledge and consent. Once installed on a system, the code can instruct the computer to do its bidding; this may mean installing ransomware, stealing files, or stealing client confidential details (such as password and credit card details). Malware can enter a computer system in various ways; however, a common technique use by hackers is to leverage weaknesses in old and outdated software. This is why Patch Application Management and Controlling is vital for companies.
Ransomware attacks are designed to hold a company’s files and data at ransom in return for a financial fee. It works by encrypting files, folders, backups and hard drives across an entire company network so no work can be undertaken until the ransom is paid. System backups and Restricting Administration Privileges can alleviate the pain caused by ransomware attacks, and strong Cyber Security Management Systems can minimise the risk of attacks altogether. Ransomware is commonly installed into a system via malware.
A Macro-virus is a malicious computer program written in the macro language and designed to infect programs that use macros; primarily MS Excel and MS Word. The virus can enter the system via phishing emails, malicious online advertising, or via unsecured websites. Once installed, the virus will begin to run as soon the associated computer program (i.e. Excel or Word) is opened. Configuring MS Office Macro Settings dramatically reduces the likelihood of macro-viruses entering a system.
Password attacks aim to decrypt or steal a user’s password to undertake illegal activities. This could include accessing company bank accounts, networks, systems and/or confidential client information. Hackers leverage the fact that 61% of people use the same password for a wide range of logins. This means, once the hacker has the password, they can access both personal and business information. Multi-Factor Authentication can stop hackers from leveraging stolen passwords.
Drive-by attacks, or drive-by downloads, occur when victims visit compromised websites which have been infected by malicious codes. They are called ‘drive-by’ as there is usually no action required by the victim in order for malware to install. Application Control and Application Hardening are two of the best defences against drive-by attacks.
Trojan Horse is the term used to describe malware that is disguised as a trusted and legitimate piece of software. This convinces the user to proactively install the malicious code onto the computer without considering the consequences. Business protection against Trojan Horses comes from user awareness training and Restricting Administration Privileges.
Denial of service attacks aims to take a company offline by overwhelming or flooding a network to overload a system; resulting in users (or businesses) being unable to access files. Often, these attacks are aimed at large companies for the purpose of blackmail, revenge, to harm a competitor or to shut a system down to inject other malware. Ensuring strong Cyber Security Management Systems for your networking infrastructure can reduce the risk and impact of overloading systems.
SQL injection is a form of hacking which takes advantage of database vulnerabilities and thus enables the perpetrator to access, and sometimes manipulate, various databases. Website databases are the most common targets of SQL injection attacks and hackers often aim to steal credit card details, passwords and personal information. Ensuring website platform patches are up to date are two ways to prevent and minimise damage caused by these attacks.
Session hijacking refers to the instance when a hacker manages to substitute its own IP address for a client’s IP address, resulting in the hacker becoming the ‘middle-man’ between the client and the network server. This means, all data that is being sent and received from a trusted computer to a network is also going via an external hacker. This attack compromises a company’s data and leaves it open to ransomware and fraud. Implementing Next Generation Antivirus systems can reduce the likelihood of an attack.
Insider threats do happen. Unfortunately, 34% of all cyber-attacks are instigated by malicious insiders. These attack can range from lazy employees who ignore protocols and accidentally activate an attack, through to disgruntled employees stealing confidential data to give to competitors or sell on the black market. Ensuring Restrictive Administration Rights, as well as user awareness Training, are the best ways to protect against internal threats. Advanced tracking and auditing can assist with identification of emerging threats and assist with legal requirements after the fact.
AI-powered attacks are becoming a scary reality for businesses and governments. AI attacks undertake machine learning in order to automate attacks and increase the speed and damage of ‘traditional attacks’ such as identity theft (stealing credit cards etc.) and password hacking. Whilst these attacks are not commonplace currently, businesses can begin to prepare for such attacks with strong Cyber Security Management Systems and end user awareness training.
IP spoofing is the process of an attacker masquerading as a ‘trusted’ IP source and then manipulating the data which is sent to respective connected clients. This means the hacker is in control of the information being received by the victim. The aim of IP spoofing is most commonly to initiate a denial of services. For protection, companies should establish ensure they have Cybersecurity Management Systems in place to minimise potential damage.
APT’s are passive cyberattacks which often go undetected for long periods of time. The aim of APT’s is to gain access to a computer or network and simply gather information. The malicious purpose may be for exploitation, to sell the company’s data or to steal confidential information. Application Patch Management and Patching Operating Systems provide strong protection again these threats.
Droppers don’t directly cause harm themselves, however, they are malware installers. This means, when a dropper (often disguised or hidden in a file or directory) is installed on a computer or network system, it can initiate malicious codes and viruses to run havoc on systems. To avoid droppers installing on a system, ensure your business implements Restrictive Administration Rights and Application Hardening.
Adware is a more common term that many have heard of and experienced. However, these days, it has become much more advanced and specific unwanted ads will not only appear on your website and screens, but they can also contain malicious codes and macros which may automatically install if you open or click on the advert. Strong Next Generation Antivirus software can eliminate most adware, and Application Hardening can prevent malicious codes from installing.
Spyware, as the name suggests, is designed to spy on and steal information from its victims. Spyware can download itself via adware or other program vulnerabilities, which is why Patch Application Management is vital, as is Next Generation Antivirus. Spyware aims to primarily steal passwords and personal details from users and businesses for financial benefits. It is one of the oldest known cyber-threats and continues to cause major issues to those who don’t have Cybersecurity Management Systems in place.
Port scanning and sniffing have the core same objective which is to work out a system’s vulnerabilities. Port scanning analyses a system’s 65,000+ ports to assess if any ports are open and if the hacker can infiltrate a connection or malware via the opening. Sniffing is the act of analysing servers and networks with the aim to assess potential breach options. The best way to stop an attack is to prevent scanners and sniffers entering the system. Patching Operating Systems and Application Control are the first lines of defence.
Brute force attacks are a technique used by hackers to attempt to gain access to a company’s systems and files. The concept is simple: hackers work to calculate every possible password combination required to ‘crack’ a security code. Brute force attacks are more common for larger companies, as it can take a hacker a long time crack the code. In 2016, a brute force attack resulted in hackers gaining access to 21 million Alibaba accounts. Brute force attacks are best prevented with strong Password Management.