cyberattacks

Every year, there are new types of cyber attack to beware of. Cyber criminals are becoming even more advanced, and they have even more ways to harm your business.

In the early days of the internet, cyber crime was limited to badly-spelled emails from Nigerian princes. They would ask you to invest in a diamond mine (we just need your sort code and account number!).

But cyber crime is now big business, and the hackers have an astonishing range of weapons. In today’s blog, we’ll talk about some of the latest, and most dangerous, types of cyber attack.

Remember, if you are concerned about the security of your website, consider a managed web security service like the one we offer at CyberAlpha. We stay on top of all the latest techniques and vulnerabilities. The result – complete peace of mind for the business owner.

Types Of Cyber Attack – The Basics

According to the National Cyber Security Centre there are broadly two different types of cyber attack:

  • Un-Targeted attacks
  • Targeted attacks

Un-targeted attacks are when the hacker isn’t trying to attack a specific business or website. They cast their net as wide as possible and hope to catch anyone who has weak security. These types of attacks include: phishing, water holing, ransomware and scanning.

When you are the victim of a targeted attack, the hacker has specifically tried to undermine your website. The NCSC explains why this can be so devastating to your business:

In a targeted attack, your organisation is singled out because the attacker has a specific interest in your business, or has been paid to target you. The groundwork for the attack could take months so that they can find the best route to deliver their exploit directly to your systems (or users). A targeted attack is often more damaging than an un-targeted one because it has been specifically tailored to attack your systems, processes or personnel, in the office and sometimes at home.

Targeted attacks include: spear-phishing, botnets and supply chain subversion.

The Rise Of Phishing Attacks

Phishing is a particularly dangerous type of attack for small businesses (who may not have professional web security or proper cybersecurity training).

The hacker tries to get you to disclose sensitive information, by pretending to be a customer, manager, colleague, bank or some other trusted entity. Hackers often use email and will hope to capture:

  • Usernames & passwords
  • Credit card data
  • Bank details
  • Personal information

In the next section, we’ll discuss a few of the more common types of phishing attack. We’ll also give some basic tips for how to deal with them. However, a managed web security package is always recommended for maximum peace of mind.

Types Of Phishing Attack And How To Counter Them

As we explained earlier in the article, phishing attacks can be:

  • Targeted
  • Un-targeted

Basic un-targeted phishing involves sending out a huge number of malicious emails. The hacker doesn’t bother to discriminate. He just sends the phishing email to anyone on a list of contacts (which he has bought or stolen). If anyone responds, he will then take manual control and try to cause the most damage.

Un-targeted phishing emails are usually pretty easy to spot (mis-spelled or badly-formatted with lots of different font types and sizes). They will also have links that don’t point to the typed hyperlink. If you spot any of these signs, delete/spam the email and move on.

Targeted phishing attacks have become more common in recent years. The hacker targets a specific person or institution and tailors the phish specifically to deceive them. Modern phishing techniques include:

  • Spear phishing
  • Whale phishing
  • Clone phishing

These attacks are often much harder to spot. The hackers don’t have to just use generic language. They can sign off with the name of your boss, or bank manager, or member of parliament. As such, they require detailed staff training and cybersecurity awareness to counter.

As a general rule, if in doubt, attempt to confirm any communication directly with the person. If you get an email from “your boss” asking for sensitive information, give him a call or walk over to her office to check. It’s always better to be sure.

If you’d like to discuss how we work with business owners to provide complete website security for every budget, please get in touch.