Hackers study their targets and learn to dribble their defenses in order to obtain what they want. This is valid for cyber attacks against people and companies.
If they study companies to attack, entrepreneurs and professionals responsible for company data security should also study to be able to protect themselves.
The reasons for the attack in turn can be various, such as obtaining sensitive and sensitive information or theft of the highest possible money from the company.
According to analysis by Kaspersky, extortion and bitcoin theft will increase by 2021 , where financial cybers are among the most dangerous, as they directly imply damage to the victims. It is inevitable that the changes (adoption of home office due to pandemic) occurred by 2020 have influenced the mode of operation of cybercriminals.
In this article, you will see why companies are recurring targets of cyber attacks, and what are the most common attacks.
Why do hackers look for companies as a target?
As I wrote earlier, cybercriminals study their targets to get as much information as possible, facilitating persuasion and identifying possible security breaches on the companies.
A lot of information about the company and its employees, used to architect the plan, is available for free and without much effort on social networks, such as workplace, name, date of birth, preferences and habits. By the way, social networks and cloud services are in the sights of hackers. In another survey , it reveals that Facebook, WhatsApp, Amazon, Apple and Netflix were the five most used brands in phishing attacks in 2020, as you can see in the table below:
After learning about your employees, the hacker can send an email with a link or attachment, for example, which installs software and provides device control to the invader. This email can be customized with real user information, becoming more attractive to click.
But the main factor of companies is a constant target of attacks, is the financial. With small caveats, virtually all companies make bank transactions and use systems connected to the Internet for payment and transfers payments. With this fact in hand, cybercriminals depart for action with attack techniques such as falsifying possible suppliers or simulating a site from a financial institution to collect bank details. In addition, in attacks where there is a kidnapping of information, companies that do not have data backup systems are hostage to pay high values to criminals in exchange for data return.
Next, we will see the main attacks suffered by companies and some characteristics about each.
What are the main cyber attacks in companies?
Information security has been spread as a contingency strategy, especially in the year this scenario has become very favorable for cyber criminals with home office.
If you, manager, entrepreneur, or IT professional want to keep your company armored against cyber attack, the first step is to know how to act, and what are the main types of attacks today.
In the next lines, we mention some of the main cyber attacks on companies and some variations that have been improved in recent months.
Attack DDOS
The main objective of this attack, translating to “service navigation”, is to overload the activities of the server, causing slow system and making the websites and access unavailable.
As many professionals are more connected because of social isolation, this type of attack, if well distributed, can go unnoticed by safety. A DDOS attack is one of the biggest threats to the full operation of a company's systems.
In February 2020, Bitfinex suffered a DDOS attack and had to maintain urgent maintenance to investigate the attack .
Port Scanning Attack
If there is any vulnerability in the company's system, this malware search the server in an attempt to find this vulnerability. If you can find the security breach on the company's server, steal information and data to damage the system or kidnap the data.
The AlwaysUpdate Portal has made a study of the 3 doors that should not be opened on the company's router .
Ransomware
Much widespread as “data kidnapping”, ransomware blocks access to all wholesale server files, and are released only after paying a cash amount (usually bitcoins) and the “rescue” value is determined by the hijacker.
A good example of ransomware attack was the recent attack on Honda Motor, where it suspended part of the production, including in Brazil .
Trojan horse
Popular on the Internet, this malware only works with user "authorization". Simply put, the individual performs some suspicious or unknown sender annex, or performed a suspect download, containing the camouflaged virus.
There are numerous goals in the attack with Trojan horse. Among them are, stealing personal information and interrupting functions on the computer.
Brute force attacks
Imagine that to open a numeric code lock, you will have to try all the possible combinations. It seems time consuming right? But in the digital world this can be done very fast. An attack of brute strength stole accounts through various attempts at user and password combinations in a very short time.
In possession of this information, the criminal can send several messages with a sender known to the user with content such as phishing and spam, requesting deposits, transfers, passwords and many other delicate information.
According to Kaspersky, a reference company in security software, brute force attack numbers to companies grew 333% in two months .
Phishing
Usually performed by email, phishing is a virtual attack in which hackers lead users to reveal confidential information, including passwords, bank data and CPF.
The attack is usually well built and takes the user to a page identical to the Bank branch, for example.
As the name suggests, hackers "fish" user data, launching a "bait" to deceive them.
It is one of the most common attacks that are most successful in attempts and has a lot of news about this attack spread over the internet.
Employees are the gateway to cyber attacks
The entrance doors for a cyber attack are numerous. Emails, malicious files, fake links, fake advertisements, among many others. Internet security systems such as firewall, antivirus and a backup system can add an extra layer of internet security in the business environment. However, the key point for attacks within companies is users.
Lack of knowledge, inattention or the famous “I know what I'm doing” make employees the largest internet security breach for companies. Therefore, training employees and maintaining an Internet security policy within the company is as important as security systems.
But, not everything is flowers. You may already imagine that depending on employees' knowledge and common sense does not seem to be very good.
According to a Tessian survey, two thirds of employees are not regularly trained on cyber threats . And most of those who are trained do not remember what was taught.
As stated earlier, hackers study their targets and prepare attacks that, for unprepared and without training employees, are easy targets.
Unfortunately there is still no single solution that can solve all internet security problems to companies at once. But there are several effective ways to close the vast majority of entry doors for cyber attacks against internet companies.
In the Internet Security Guide for Business, you will find a list of good internet safety practices so you can protect yourself against cyber attacks.
Until later!
2 comments
Comments closed