With Halloween right around the corner, most people are thinking about the spooky decor they will place around their house, the loads of candy they’ll both give and receive, and of course the creative costumes that either make us laugh or hide our eyes in fright. All of these things are fun aspects of the holiday that many people enjoy.
But the flip side is that the real ghouls and goblins we need to be paying attention to nowadays, and not just on Halloween but year-round, are the “bad guys” of the internet. They are working around the clock to devise evil genius plans to disrupt and destroy technology that impacts our daily lives! At minimum, these attacks can be inconvenient and pesky, but often they’re much more. Private data is shared or deleted, financial information is used as a weapon, and users are locked out of accounts they need to do their job or take care of their family.
So this Halloween, if you’re looking for a real horror story, but one that can come with a suspenseful yet heroic ending, keep reading to learn the ins and outs of cyber crime and how you can play the hero to protect what’s most important to you.
How do they attack?
The villains of the cyber world are smart and they focus their time and talent on creating malicious tricks and weapons that can be deployed in a number of ways and all across the globe. The attack on your technology could be coming from hundreds of thousands of miles away from someone you will never meet.
Technology does a wonderful job of connecting us remotely. This also means people can gain remote access to your devices without needing to do much more than guess your password or trick you into giving them access. This can make it all the harder to identify or anticipate when an attack will take place. While cyber threats are always growing and evolving, there are a few things we know about the most common types. Take a look.
7 Types of Cyber Attacks
#1 - Malware “Mogwai turns into a Gremlin once in the system”
During a malware attack, a hacker sends a dangerous link or email attachment that, when clicked, installs software that can block access to key network components, install malware or other types of destructive software, access the hard drive to transmit and collect data, and disrupt components to make the system inoperable.
#2 - Phishing “Vampire gets invited in and sucks out your information”
A phishing attack involves sending communication, usually through email, that impersonates a reputable source. The goals of this attack may be to steal sensitive data, such as login information and credit card details, and to install malware.
#3 - Man In The Middle “The enemy in plain sight”
A man-in-the-middle (MitM) attack occurs when a hacker infiltrates a two-party transaction with the intent to filter and steal data. Common entry points for this type of attack include unsecure public Wi-Fi and software installed on a victim’s device.
#4 - Denial of Service “Frankenstein's monster”
During a denial-of-service attack, a bad actor floods servers, systems, or networks with traffic to clog bandwidth and cripple the system. This type of attack may use multiple compromised devices in a distributed-denial-of-service (DDoS) attack.
#5 - SQL Injection “Invisible man sneaks in and reveals sensitive data”
An SQL injection involves inserting malicious code into a server using structured query language (SQL) to force the server to reveal sensitive information. The cybercriminal may enter malicious code into a website search box to carry out this type of attack.
#6 - Zero Day “Ghosts move swiftly through the system before action can be taken”
A zero-day exploit attack involves targeting a disclosed vulnerability before a solution or patch has been implemented. Organizations that fail to act quickly may find themselves the target of this type of attack.
#7 - DNS Tunneling “Phantom of the Opera waits to gain access backstage”
DNS tunneling occurs when a bad actor sends HTTP and other protocol traffic over the domain name system (DNS) to mask outbound traffic as DNS and hide data that is typically shared through a secure internet connection; acquire data from a compromised system; and send commands to a compromised system and obtain information.
How do the cybersecurity heroes fight off the monsters?
The good news is that the heroes of cyber security can take on many shapes and forms, and can even look like you! Sure, cyber villains are smart, but the good guys are smarter. The heroes of the cyber world are also working around the clock to arm themselves with weapons to fight back and ways to make the fortress stronger. And the solutions aren’t all that complicated. With some foresight and common sense, most cyber attacks can be warded off before they ever get too close to causing harm.
Work with employees to generate and maintain strong passwords.
First and foremost, test the strength of your passwords. You can use free resources like howsecureismypassword.net. Don’t use your actual password, but something similar to your original password to test its strength. This will help you identify blindspots and strengthen your protection. When choosing a password, remember: the longer it is, the stronger it is. A strong password is at least 12 characters long and hard to guess.
Teach users to trust no one on email.
This may sound a bit extreme, but always be on the lookout for deceitful emails and compromised web pages (spam and phishing). Interacting with these in any way puts your information at risk and can download viruses. Remember: don't open emails from unknown email addresses; trash attachments in unexpected emails; avoid risky clicks, instead type the address directly into your browser. When in doubt, it’s best to call the organization you received the email from to determine if it is a phishing scam or not.
Teach people how to protect personal information on the internet.
Cybercriminals may comb through social media posts in search of information commonly used in security questions, such as a pet’s name or mother’s maiden name. To combat this risk, social media users should set their account to private or avoid revealing sensitive information in posts.
Keep your software updated.
Keeping up with software updates is important, as cybercriminals often target known flaws in software to access a user’s system. Start by putting procedures and systems in place that tighten your configuration process and use automation wherever possible. Monitoring application and device settings and comparing these to recommended best practices reveals the threat for misconfigured devices located across your network.
Be careful when using public WI-FI.
Most free public Wi-Fi networks have no security measures. This means that other people using the same network may have access to your information. Share personal information when you are on a password-protected and secure network.
A Horror Story Turned Into Heroic Victory!
Like all good stories where the hero wins, the growing attacks on cyber security can also have a happy ending. What it takes is more qualified cyber security specialists getting trained in the latest information technology. An IT Security Analyst is just one of the various roles that allow individuals to make a living out of protecting important information for businesses. They are professional problem solvers, risk minimizers, and security professionals who are constantly evolving and growing tools to produce the best practices for internet security.
Best of all, you can be the hero in this story. If you love fighting cyber crime and working for the “good side” you can turn this passion into a fulfilling career as a cyber security professional. Train to be an IT Security Analyst with NuPaths where you will receive hands-on training on the most important tools and technology in cyber security. Classes are starting soon! Don’t be frightened this Halloween; reach out to a student success coordinator to get started and learn about opportunities for scholarships and financing.