What are the most common types of cyberattacks?

The more you know about the risks, the better able you’ll be to protect your home or business

cyber-month-3.jpg

This is the final article to mark Cybersecurity Awareness Month, an annual outreach begun in 2004 by the National Cyber Security Alliance & the U.S. Department of Homeland Security.

— — —

A cyberattack happens every 39 seconds — or about 2,200 times a day. And with more people working from home, attempts to disable computers, steal data and hack into systems to launch more attacks are rising even faster. Statistics show cybercrime is up 600% since the pandemic began.

So while your doors may be locked, and your security system activated, a cybercriminal can still steal sneak into your home or business and wreak havoc on your work and personal life.

The best ways to begin defending yourself against such attacks is with some basic knowledge. So let’s take a few minutes to talk about the most common forms of cybercrime.

  • Malware

Malware is software designed to harm or exploit a device, service or network. This umbrella term covers a wide range of issues, from viruses — malicious codes and programs that alter the way a computer operates and can spread to other computers — to ransomware.

Like most cyberattacks, it’s often transferred via email. In fact, 92% of malware — the most common form of attack — is delivered via an email.

A subset of this is called “malvertising” — websites with fraudulent ads that can infect a computer or phone with viruses and other malicious software. Hosted on legitimate sites, these could appear to be surveys, software updates, or other seemingly harmless offers, but clicking on them could open the door for a thief — or create chaos on your system.

Alex Amirnovin, director of products and chief architect for Viasat’s Cybersecurity Services, said one of his relatives nearly fell victim to such a tactic. When the man accidentally clicked on a banner ad, a new webpage popped up in full-screen mode, making it appear his computer was frozen. The page said his computer was infected and included an 800 number to call for help.

“It may sound like any other customer help line you call, except these are the bad guys,” Amirnovin said. “They either try to take a credit card number or they make you log into your bank while they establish a remote session by making you install a malware backdoor to capture your account information.”

In this case, Amirnovin was able to resolve the problem before his relative was victimized further.

  • Phishing

Cybercriminals spread malware by phishing: sending emails designed to appear legitimate. At first glance, they may look like they were sent by a bank or other trusted source. The senders try to convince the reader to share personal information — login credentials, Social Security number, credit card or account numbers — which they can then use to defraud the victim.

“Phishing uses a ‘spray-and-pray’ approach,” Amirnovin said. “If you send a billion emails and 100 people fall for them, that’s still a successful payoff for the criminals.”

Beware of emails from people or companies you don’t know, especially those that include too-good-to-be-true taglines.

  • Ransomware

Ransomware is the fastest growing form of cyberattack. It’s a specific type of malware that restricts access to a computer until a ransom is paid.

“Ransomware is the most brutal, especially for businesses,” Amirnovin said. “It can be the most profitable form of cyberattack.”

Ransomware gangs target businesses small and large, aiming to get small amounts from multiple businesses. This can add to big profit: In 2020, global ransomware attacks cost businesses an estimated $20 billion.

  • Denial-of-service (DoS) and distributed denial-of-service (DDoS)

DoS attacks attempt to disrupt a business by overwhelming its system so it can’t respond to service requests. A DDoS attack has the same effect, but is sent from a large number of sources controlled by the attacker.

The attacks are intended to stop the chosen company or government agency from trading, damage their reputation, or simply because the attacker wants to prove they can take control. These attacks are sometimes used as distraction, keeping an organization’s information security team busy while a different attack — data theft of infiltration of a network — is simultaneously launched.

Google and Amazon Web Services are among the most high-profile victims of DDoS attacks. In October 2020, Google acknowledged it had been hit with a six-month attack mounted from three Chinese internet service providers.

The cost for a company system to be down is high, so the financial hit from even a short DDoS attack could have serious consequences for a business.

  • Cryptojacking

While less dangerous to the owner of an infected computer or system, cryptojacking still has serious implications. Cybercriminals cryptojack by hacking into business and personal computers and mobile devices and installing software that uses the computer’s power and resources to mine for cryptocurrencies. The code is easy to deploy and, because it runs in the background, is difficult to detect.

“Your computer will be slow because it’s basically crunching numbers for someone else,” Amirnovin said. “It may seem harmless from a data and financial perspective, but they’re essentially stealing your energy and compute power. Your computer could grind to a halt.”

Most up-to-date virus scanners will detect crypto mining.

To help protect you and your business from these and other attacks, check out the tips in this article. While these are written with small businesses in mind, most apply to individuals as well.

Other things to consider

Google offers the free Google Advanced Protection Program, which protects your Gmail, Google Drive, Google Photos and other Google services. The program requires a physical security key to access the account — something even a hacker who may have gotten your password can’t touch.

Use a website safety checker to ensure the legitimacy of a page you’re visiting or about to click on. My Web of Trust displays donuts that show website safety ratings on every site you visit., and helps protect users from scams, phishing, malware, and dangerous links. Google Safe Browsing examines billions of URLs per day looking for red flags, and searching is simple: Just paste the URL into the search box. McAfee WebAdvisor is another free tool that provides some protection — alerting you to suspicious typos, blocking malware, and scanning downloads for potential issues.

Buy a router with a good security package. Many include ad blocking, malware protection, and parental controls.

Or try Viasat Shield or Shield Premium, security services offered to Viasat residential subscribers. Shield actively monitors and blocks suspicious activity, and sends notifications of attempted cyberattacks. The basic service is free. Shield Premium, with additional security features, can be added for $8.99 a month.

For businesses of all sizes that want an additional, higher-grade layer of protection, consider Viasat’s Enhanced Cybersecurity Services (ECS). ECS is available to all U.S.-based private and public sector enterprises.

Viasat partnered with the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to create the program. Through it, Viasat curates DHS-provided sensitive and classified cyberthreat information, which it uses to protect a customer’s network.