Understanding cyber threats – a deep dive into common attacks
Phishing works by luring unsuspecting users with emails, texts, or even phone calls masquerading as legitimate entities such as banks, social media platforms, or even trusted friends. These messages often contain urgent pleas or enticing offers, urging you to click a malicious link or divulge sensitive information such as passwords or credit card details.
An example of the impact of phishing unfolded in 2016, when hackers targeting US presidential candidate Hillary Clinton’s campaign using personalized emails with infected attachments. This led to the compromise of sensitive data and impacted the campaign’s operations.
Safeguarding against phishing:
- always double-check sender addresses and URLs – hover over links before clicking to see the actual destination
- be wary of urgent requests or enticing offers – legitimate sources rarely resort to pressure tactics
- never share sensitive information via email or text links – instead, contact the sender out-of-band (via telephone or in-person for example) to verify requests
- use strong passwords with two-factor authentication for added security.
Imagine waking up to find your valuable digital files have been locked away and receiving a ransom note demanding payment for their return. That’s the reality of ransomware, malware that encrypts your data, rendering it inaccessible until you pay the attacker’s demands. Ransomware can infiltrate through infected attachments, compromised websites, or even software updates.
In 2021, the Colonial Pipeline hack, fueled by ransomware, crippled a major US fuel pipeline, leading to widespread gas shortages and highlighting the potential societal impact of such attacks.
Defending against ransomware:
- maintain backups of your data regularly – store them offline to ensure they’re untouched by ransomware
- keep software and operating systems updated – patches often address security vulnerabilities exploited by ransomware
- be cautious about opening attachments and clicking on links, especially from unknown sources
- invest in anti-malware and anti-ransomware software for an extra layer of protection.
Social engineering exploits human trust and curiosity to gain access to information or systems. Attackers weave elaborate narratives, posing as friends, colleagues, or authority figures, manipulating victims into divulging sensitive data, or granting unauthorized access. This often involves psychological tactics such as creating a sense of urgency, playing on fear, or appealing to authority.
A 2013 attack used social engineering to compromise RSA, a prominent security firm. Hackers posed as recruiters, tricking employees into opening malicious attachments that compromised the company’s network.
Thwarting social engineering:
- verify the identity of anyone requesting personal information, even seemingly familiar contacts
- be wary of requests that seem out of the ordinary or create a sense of urgency
- never grant remote access to your computer unless you initiated the contact and fully trust the source
- if something feels suspicious, it probably is – trust your instincts and adopt a cautious outlook
- stay vigilant, stay safe.
As technology evolves, so do cyber threats. Staying informed about the latest tactics and implementing the security measures discussed here is crucial. Vigilance is your best defense and it is important to remember that staying safe online is a continuous journey, not a one-time destination. Keep learning, keep adapting, and stay vigilant.
Waystone Compliance Solutions is a leading provider of cyber security consulting and compliance services to the financial services industry. If you would like to find out more about how we can help you to assess your current cyber security measures, please reach out to your usual Waystone representative or contact us below.