CYBER SECURITY ATTACKS

A cyber attacks is any attempt to gain unauthorized access to a computer, computing system

or computer network with the intent to cause damage. Cyber attacks aim to disable, disrupt,

destroy or control computer systems or to alter, block, delete, manipulate or steal the data

held within these systems.

Any individual or group can launch a cyber attack from anywhere by using one or more

various attack strategies.

People who carry out cyber attacks are generally regarded as cybercriminals. Often referred

to as bad actors, threat actors and hackers, they include individuals who act alone, drawing

on their computer skills to design and execute malicious attacks. They can also belong to a

criminal syndicate, working with other threat actors to find weaknesses or problems in the

computer systems -- called vulnerabilities -- that they can exploit for criminal gain.

Government-sponsored groups of computer experts also launch cyber attacks. They're

identified as nation-state attackers, and they have been accused of attacking the information

technology (IT) infrastructure of other governments, as well as nongovernment entities, such

as businesses, nonprofits and utilities.

Cyber attacks are designed to cause damage. They can have various objectives, including the

following:

Financial gain: Cybercriminals launch most cyber attacks, especially those against

commercial entities, for financial gain. These attacks often aim to steal sensitive data, such as

customer credit card numbers or employee personal information, which the cybercriminals

then use to access money or goods using the victims' identities.

Other financially motivated attacks are designed to disable computer systems, with

cybercriminals locking computers so owners and authorized users cannot access the
applications or data they need; attackers then demand that the targeted organizations pay

them ransoms to unlock the computer systems.

Still, other attacks aim to gain valuable corporate data, such as propriety information; these

types of cyber attacks are a modern, computerized form of corporate espionage.

Disruption and revenge. Bad actors also launch attacks specifically to sow chaos, confusion,

discontent, frustration or mistrust. They could be taking such action as a way to get revenge

for acts taken against them. They could be aiming to publicly embarrass the attacked entities

or to damage the organizations' reputations. These attacks are often directed at government

entities but can also hit commercial entities or nonprofit organizations.

Nation-state attackers are behind some of these types of attacks. Others, called hacktivists,

might launch these types of attacks as a form of protest against the targeted entity; a secretive

decentralized group of internationalist activists known as Anonymous is the most well known

of such groups.

Insider threats are attacks that come from employees with malicious intent.

Cyberwarfare. Governments around the world are also involved in cyber attacks, with many

national governments acknowledging or suspected of designing and executing attacks against

other countries as part of ongoing political, economic and social disputes. These types of

attacks are classified as cyberwarfare.

How do cyber attacks work?

Threat actors use various techniques to launch cyber attacks, depending in large part on

whether they're attacking a targeted or an untargeted entity.

In an untargeted attack, where the bad actors are trying to break into as many devices or

systems as possible, they generally look for vulnerabilities in software code that will enable

them to gain access without being detected or blocked. Or, they might employ
a phishing attack, emailing large numbers of people with socially engineered messages

crafted to entice recipients to click a link that will download malicious code.

In a targeted attack, the threat actors are going after a specific organization, and the methods

used vary depending on the attack's objectives. The hacktivist group Anonymous, for

example, was suspected in a 2020 distributed denial-of-service (DDoS) attack on the

Minneapolis Police Department website after a Black man died while being arrested by

Minneapolis officers. Hackers also use spear-phishing campaigns in a targeted attack,

crafting emails to specific individuals who, if they click included links, would download

malicious software designed to subvert the organization's technology or the sensitive data it

holds.

Cyber criminals often create the software tools to use in their attacks, and they frequently

share those on the so-called dark web.

Cyber attacks often happen in stages, starting with hackers surveying or scanning for

vulnerabilities or access points, initiating the initial compromise and then executing the full

attack -- whether it's stealing valuable data, disabling the computer systems or both.

In fact, most organizations take months to identify an attack underway and then contain it.

According to the "2022 Cost of a Data Breach" report from IBM, organizations with fully

deployed artificial intelligence and automation security tools took an average of 181 days to

identify a data breach and another 68 days to contain it, for a total of 249 days. Organizations

with partially deployed AI and automation took a total of 299 days to identify and contain a

breach, while those without AI and automation took an average of 235 days to identify a

breach and another 88 days to contain it, for a total of 323 days.

What are the most common types of cyber attacks?

Cyber attacks most commonly involve the following:

1. Malware is malicious software that attacks information systems. Ransomware,

spyware and Trojans are examples of malware. Depending on the type of

malicious code, malware could be used by hackers to steal or secretly copy

sensitive data, block access to files, disrupt system operations or make systems

inoperable.

2. Phishing occurs when hackers socially engineer email messages to entice

recipients to open them. The messages trick recipients into downloading the

malware within the email by either opening an attached file or embedded link.

The "2022 State of the Phish" report from cybersecurity and compliance company

Proofpoint found that 83% of survey respondents said their organization

experienced at least one successful phishing attack in 2021, up 46% over 2020.

Moreover, the survey also revealed that 78% of organizations saw an email-based

ransomware attack in 2021.

3. SMiShing (also called SMS phishing or smishing) is an evolution of the phishing

attack methodology via text (technically known as Short Message Service, or

SMS). Hackers send socially engineered texts that download malware when

recipients click on them. According to the Proofpoint report, 74% of organizations

experienced smishing attacks in 2021, up from 61% in 2020.

4. Man-in-the-middle, or MitM, occur when attackers secretly insert themselves

between two parties, such as individual computer users and their financial

institutions. Depending on the actual attack details, this type of attack may be

more specifically classified as a man-in-the-browser attack, monster-in-the-

middle attackor machine-in-the-middle attack. MitM is also sometimes called

an eavesdropping attack.
5. DDoS take place when hackers bombard an organization's servers with large

volumes of simultaneous data requests, thereby making the servers unable to

handle any legitimate requests.

6. SQL injection occurs when hackers insert malicious code into servers using

the Structured Query Language programming language to get the server to reveal

sensitive data.

7. Zero-day exploit happens when hackers first exploit a newly identified

vulnerability in IT infrastructure. For example, a series of critical vulnerabilities

in a widely used piece of open source software, the Apache Log4j Project, was

reported in December 2021, with the news sending security teams at organizations

worldwide scrambling to address them.

8. Domain name system (DNS) tunneling is a sophisticated attack in which

attackers establish and then use persistently available access -- or a tunnel -- into

their targets' systems.

9. Drive-by, or drive-by download, occurs when an individual visits a website that,

in turn, infects the unsuspecting individual's computer with malware.

10. Credential-based attacks happen when hackers steal the credentials that IT

workers use to access and manage systems and then use that information to

illegally access computers to steal sensitive data or otherwise disrupt an

organization and its operations.

11. Credential stuffing takes place when attackers use compromised login

credentials (such as an email and password) to gain access to other systems.

12. Brute-force attack in which hackers employ trial-and-error methods to crack

login credentials such as usernames, passwords and encryption keys, hoping that

the multiple attempts pay off with a right guess.

How can you prevent a cyber attack?

There is no guaranteed way for any organization to prevent a cyber attack, but there are

numerous cybersecurity best practices that organizations can follow to reduce the risk.

Reducing the risk of a cyber attack relies on using a combination of skilled security

professionals, processes and technology.

Reducing risk also involves three broad categories of defensive action:

1. preventing attempted attacks from actually entering the organization's IT systems;

2. detecting intrusions; and

3. disrupting attacks already in motion -- ideally, at the earliest possible time.

Best practices include the following:

• implementing perimeter defenses, such as firewalls, to help block attack

attempts and to block access to known malicious domains;

• adopting a zero trust framework, which requires every attempt to access an

organization's network or systems -- whether it comes from an internal user or

from another system -- to verify it can be trusted.

• using software to protect against malware, namely antivirus software, thereby

adding another layer of protection against cyber attacks;

• having a patch management program to address known software vulnerabilities

that could be exploited by hackers;

• setting appropriate security configurations, password policies and user access

controls;

• maintaining a monitoring and detection program to identify and alert to

suspicious activity;
 • instituting a threat hunting program, where security teams using automation,

intelligent tools and advanced analyses actively look for suspicious activity and

the presence of hackers before they strike.

• creating incident response plans to guide reaction to a breach; and

• training and educating individual users about attack scenarios and how they as

individuals have a role to play in protecting the organization

What are the most well-known cyber attacks?

Cyber attacks have continued to increase in sophistication and have had significant impacts

beyond just the companies involved.

For example, JBS S.A., an international meat-processing company, suffered a successful

ransomware attack on May 30, 2021. The attack shut down facilities in the United States as

well as Australia and Canada, forcing the company to pay an $11 million ransom.

That came just weeks after another impactful cyberattack. Hackers hit Colonial Pipeline in

May 2021 with a ransomware attack. The attack shut down the largest fuel pipeline in the

United States, leading to fuel shortages along the East Coast.

Several months before that, the massive SolarWinds attack breached U.S. federal agencies,

infrastructure and private corporations in what is believed to be among the worst

cyberespionage attacks inflicted on the U.S. On Dec. 13, 2020, Austin-based IT management

software company SolarWinds was hit by a supply chain attack that compromised updates for

its Orion software platform. As part of this attack, threat actors inserted their own malware,

now known as Sunburst or Solorigate, into the updates, which were distributed to many

SolarWinds customers.

The first confirmed victim of this backdoor was cybersecurity firm FireEye, which disclosed

on Dec. 8 that it was breached by suspected nation-state hackers. It was soon revealed that

SolarWinds attacks affected other organizations, including tech giants Microsoft and

VMware, as well as many U.S. government agencies. Investigations showed that the hackers

-- believed to be sponsored by the Russian government -- had been infiltrating targeted

systems undetected since March 2020.

Here is a rundown of some of the most notorious breaches, dating back to 2009:

• a July 2020 attack on Twitter, in which hackers were able to access the Twitter

accounts of high-profile users;

• a breach at Marriott's Starwood hotels, announced in November 2018, with the

personal data of upward of 500 million guests compromised;

• the Feb. 2018 breach at Under Armour's MyFitnessPal (Under Armour has since

sold MyFitnessPal), which exposed email addresses and login information for 150

million user accounts;

• the May 2017 WannaCry ransomware attack, which hit more than 300,000

computers across various industries in 150 nations, causing billions of dollars of

damage;
 • the September 2017 Equifax breach, which saw the personal information of 145

million individuals compromised;

• the Petya attacks in 2016, which were followed by the NotPetya attacks of 2017,

which hit targets around the world, causing more than $10 billion in damage;

• another 2016 attack, this time at FriendFinder, which said more than 20 years'

worth of data belonging to 412 million users was compromised;

• a data breach at Yahoo in 2016 that exposed personal information contained

within 500 million user accounts, which was then followed by news of another

attack that compromised 1 billion user accounts;

• a 2014 attack against entertainment company Sony, which compromised both

personal data and corporate intellectual property, including yet-to-be-released

films, with U.S. officials blaming North Korea for the hack;

• eBay's May 2014 announcement that hackers used employee credentials to collect

personal information on its 145 million users;

• the 2013 breach suffered by Target Corp., in which the data belonging to 110

million customers was stolen; and

• the Heartland Payment Systems data breach, announced in January 2009, in which

information on 134 million credit cards was exposed.

Cyber attack trends

The volume, cost and impact of cyber attacks continue to grow each year, according to

multiple reports.

Consider the figures from one 2022 report. The "Cybersecurity Solutions for a Riskier

World" report from ThoughtLab noted that the number of material breaches suffered by

surveyed organizations jumped 20.5% from 2020 to 2021. Yet, despite executives and board

members paying more attention -- and spending more -- on cybersecurity than ever before,
29% of CEOs and CISOs and 40% of chief security officers said their organization is

unprepared for the ever-evolving threat landscape.

The report further notes that security experts expect the volume of attacks to continue their

climb.

The types of cyber attacks, as well as their sophistication, also grew during the first two

decades of the 21st century -- particularly during the COVID pandemic when, starting in

early 2020, organizations enabled remote work en masse and exposed a host of potential

attack vectors in the process.

Consider, for example, the growing number and type of attack vectors -- that is, the method

or pathway that malicious code uses to infect systems -- over the years.

The first virus was invented in 1986, although it wasn't intended to corrupt data in the

infected systems. Cornell University graduate student Robert Tappan Morris created the first

worm distributed through the internet, called the Morris worm, in 1988.

Then came Trojan horse, ransomware and DDoS attacks, which became more destructive and

notorious with names such as WannaCry, Petya and NotPetya -- all ransomware attack

vectors.

The 2010s then saw the emergence of cryptomining malware -- also called cryptocurrency

mining malware or cryptojacking -- where hackers use malware to illegally take over a

computer's processing power to use it to solve complex mathematical problems to earn

cryptocurrency, a process called mining. Cryptomining malware dramatically slows down

computers and disrupts their normal operations.

Hackers also adopted more sophisticated technologies throughout the first decades of the 21st

century, using machine learning and artificial intelligence, as well as bots and other robotic

tools, to increase the velocity and volume of their attacks.

And they developed more sophisticated phishing and spear-phishing campaigns, even as they

continued to go after unpatched vulnerabilities; compromised credentials, including

passwords; and misconfigurations to gain unauthorized access to computer systems.

SUGGESTION TO PREVENT CYBER SECURITY ATTACKS

1. Train your staff.

One of the most common ways cyber criminals get access to your data is through your

employees. They’ll send fraudulent emails impersonating someone in your organisation and

will either ask for personal details or for access to certain files. Links often seem legitimate to

an untrained eye and it’s easy to fall into the trap. This is why employee awareness is vital.

One of the most efficient ways to protect against cyber attacks and all types of data breaches

is to train your employees on cyber attack prevention and inform them of current cyber

attacks.

They need to:

• Check links before clicking them

• Check email addresses from the received email (have a look here on how to check it)

• Use common sense before sending sensitive information. If a request seems odd, it

probably is. It’s better to

check via a phone call with the person in question before actioning the “request”
Leaf can provide bespoke cyber awareness training for organisations of all sizes. Contact us

to find out more.

2. Keep your software and systems fully up to date.

Often cyber attacks happen because your systems or software aren’t fully up to date, leaving

weaknesses. So cybercriminals exploit these weaknesses to gain access to your network.

Once they are in – it’s often too late to take preventative action.

To counteract this, it’s smart to invest in a patch management system that will manage all

software and system updates, keeping your system resilient and up to date.

Leaf offer patch management as part of their managed security solution.

3. Ensure Endpoint Protection.

Endpoint protection protects networks that are remotely bridged to devices. Mobile devices,

tablets and laptops that are connected to corporate networks give access paths to security

threats. These paths need protected with specific endpoint protection software.

4. Install a Firewall.

There are so many different types of sophisticated data breaches and new ones surface every

day and even make comebacks.

Putting your network behind a firewall is one of the most effective ways to defend yourself

from any cyber attack. A firewall system will block any brute force attacks made on your

network and/or systems before it can do any damage, something we can help you with.

5. Backup your data.

In the event of a disaster (often a cyber attack) you must have your data backed up to avoid

serious downtime, loss of data and serious financial loss.

6 Control access to your systems..

Believe it or not, one of the attacks that you can receive on your systems can be physical,

having control over who can access your network is really really important. Somebody can

simply walk into your office or enterprise and plug in a USB key containing infected files

into one of your computers allowing them access to your entire network or infect it.

It’s essential to control who has access to your computers. Having a perimeter security

system installed is a very good way to stop cybercrime as much as break ins!

7. Wifi Security.

Who doesn’t have a wifi enabled device in 2020? And that’s exactly the danger, any device

can get infected by connecting to a network, if this infected device then connects to your

business network your entire system is at serious risk.

Securing your wifi networks and hiding them is one of the safest things you can do for you

systems. With wireless technology developing more and more everyday there’s thousands of

devices that can connect to your network and compromise you.

8. Employee personal accounts.

Every employee needs their own login for every application and program. Several users

connecting under the same credentials can put your business at risk.

Having separate logins for each staff member will help you reduce the number of attack

fronts. Users only log in once each day and will only use their own set of logins. Greater

security isn’t the only benefit, you’ll also get improved usability.
9. Access Management.

One of the risks as a business owner and having employees, is them installing software on

business owned devices that could compromise your systems.

Having managed admin rights and blocking your staff installing or even accessing certain

data on your network is beneficial to your security. It’s your business, protect it!

10. Passwords.

Having the same password setup for everything can be dangerous. Once a hacker figures out

your password, they now have access to everything in your system and any application you

use.

Having different passwords setup for every application you use is a real benefit to your

security, and changing them often will maintain a high level of protection against external

and internal threats.