Whilst it is practically impossible to know every malicious code and virus out there, we can review the main strategies used by hackers to implant viruses and give you tools and advice to prevent them. Below are the top 20 techniques used by hackers to attack and exploit Australian businesses.
1. PHISHING ATTACKS
Phishing attacks use electronic communications (most commonly emails) by posing as a ‘trusted source’ with the attempt to trick the victim into giving over confidential and personal information. For example, a person may receive an email that looks like it is from ‘Australia Post’ saying they have a new parcel and they need to ‘confirm their contact details.’ The hacker will then be able to gain any details entered including credit card details and passwords. Prevention strategies include employee training, Multi-Factor Authentication and password management.
2. MALWARE ATTACKS
Malware attacks are a cyber breach which installs malicious code/s onto a system without the user’s knowledge and consent. Once installed on a system, the code can instruct the computer to do its bidding; this may mean installing ransomware, stealing files, or stealing client confidential details (such as password and credit card details). Malware can enter a computer system in various ways; however, a common technique use by hackers is to leverage weaknesses in old and outdated software. This is why Patch Application Management and Controlling is vital for companies.
3. RANSOMEWARE
Ransomware attacks are designed to hold a company’s files and data at ransom in return for a financial fee. It works by encrypting files, folders, backups and hard drives across an entire company network so no work can be undertaken until the ransom is paid. System backups and Restricting Administration Privileges can alleviate the pain caused by ransomware attacks, and strong Cyber Security Management Systems can minimise the risk of attacks altogether. Ransomware is commonly installed into a system via malware.
4. MACRO-VIRUS
A Macro-virus is a malicious computer program written in the macro language and designed to infect programs that use macros; primarily MS Excel and MS Word. The virus can enter the system via phishing emails, malicious online advertising, or via unsecured websites. Once installed, the virus will begin to run as soon the associated computer program (i.e. Excel or Word) is opened. Configuring MS Office Macro Settings dramatically reduces the likelihood of macro-viruses entering a system.
5. PASSWORD ATTACK
Password attacks aim to decrypt or steal a user’s password to undertake illegal activities. This could include accessing company bank accounts, networks, systems and/or confidential client information. Hackers leverage the fact that 61% of people use the same password for a wide range of logins. This means, once the hacker has the password, they can access both personal and business information. Multi-Factor Authentication can stop hackers from leveraging stolen passwords.
6. DRIVE-BY ATTACK
Drive-by attacks, or drive-by downloads, occur when victims visit compromised websites which have been infected by malicious codes. They are called ‘drive-by’ as there is usually no action required by the victim in order for malware to install. Application Control and Application Hardening are two of the best defences against drive-by attacks.
7. TROJAN HOURSE
Trojan Horse is the term used to describe malware that is disguised as a trusted and legitimate piece of software. This convinces the user to proactively install the malicious code onto the computer without considering the consequences. Business protection against Trojan Horses comes from user awareness training and Restricting Administration Privileges.
8. DENIAL OF SERVICE
Denial of service attacks aims to take a company offline by overwhelming or flooding a network to overload a system; resulting in users (or businesses) being unable to access files. Often, these attacks are aimed at large companies for the purpose of blackmail, revenge, to harm a competitor or to shut a system down to inject other malware. Ensuring strong Cyber Security Management Systems for your networking infrastructure can reduce the risk and impact of overloading systems.
9. SQL INJECTION
SQL injection is a form of hacking which takes advantage of database vulnerabilities and thus enables the perpetrator to access, and sometimes manipulate, various databases. Website databases are the most common targets of SQL injection attacks and hackers often aim to steal credit card details, passwords and personal information. Ensuring website platform patches are up to date are two ways to prevent and minimise damage caused by these attacks.
10. SESSION HIJACKING
Session hijacking refers to the instance when a hacker manages to substitute its own IP address for a client’s IP address, resulting in the hacker becoming the ‘middle-man’ between the client and the network server. This means, all data that is being sent and received from a trusted computer to a network is also going via an external hacker. This attack compromises a company’s data and leaves it open to ransomware and fraud. Implementing Next Generation Antivirus systems can reduce the likelihood of an attack.
11. CROSS-SITE SCRIPTING
Cross-site scripting leverages flaws in websites to inject malicious code (usually JavaScript) which consequentially causes harm to any website visitor that clicks on the attacked webpage. For businesses, a vulnerable website can result in their clients being hacked/attacked simply by clicking on the site. Businesses should ensure they eliminate potential attacks via Application Hardening and Patch Management.
12. INSIDER THREATS
Insider threats do happen. Unfortunately, 34% of all cyber-attacks are instigated by malicious insiders. These attack can range from lazy employees who ignore protocols and accidentally activate an attack, through to disgruntled employees stealing confidential data to give to competitors or sell on the black market. Ensuring Restrictive Administration Rights, as well as user awareness Training, are the best ways to protect against internal threats. Advanced tracking and auditing can assist with identification of emerging threats and assist with legal requirements after the fact.
13. AI-POWERED ATTACKS
AI-powered attacks are becoming a scary reality for businesses and governments. AI attacks undertake machine learning in order to automate attacks and increase the speed and damage of ‘traditional attacks’ such as identity theft (stealing credit cards etc.) and password hacking. Whilst these attacks are not commonplace currently, businesses can begin to prepare for such attacks with strong Cyber Security Management Systems and end user awareness training.
14. IP SPOOFING
IP spoofing is the process of an attacker masquerading as a ‘trusted’ IP source and then manipulating the data which is sent to respective connected clients. This means the hacker is in control of the information being received by the victim. The aim of IP spoofing is most commonly to initiate a denial of services. For protection, companies should establish ensure they have Cybersecurity Management Systems in place to minimise potential damage.
15. ADVANCE PERSISTENT THREATS (APT)
APT’s are passive cyberattacks which often go undetected for long periods of time. The aim of APT’s is to gain access to a computer or network and simply gather information. The malicious purpose may be for exploitation, to sell the company’s data or to steal confidential information. Application Patch Management and Patching Operating Systems provide strong protection again these threats.
