Want to build a solid cyber threat prevention strategy for your organization?
Then you have to be in-the-know about what you’re up against. In this article, we’ll go through six of the more common types of cybercrime that you’re likely to come across this year, to help you protect your organization from cyber-attacks. To be sure, there are many other types of threats out there but the ones we cover here are some of the most damaging and the most common.
Identity theft is one of the most common forms of cybercrime. Cyber criminals use a variety of techniques, some more sophisticated than others, to steal personal information such as names, social security numbers, and/or credit card details. With an increasing amount of sensitive data and personal information stored and processed by organizations around the world, the risk of data breaches is higher than ever before.
Cyber criminals use stolen personal information, such as Social Security numbers and credit card information to open new financial accounts under the victim’s name, or to make transactions using their credit card details. Either way, victims of identity theft can be left with heavy financial damages. A recent study found that in the United States, a whopping $16.8 billion was stolen through identity theft in 2017 alone.
Preventing identity theft necessitates actions from two sides. Firstly, the organizations storing the data must be equipped with multi-layered security systems to protect their computer networks. Secondly, individuals must make sure to keep their personal information safe, taking measures to secure their personal devices with the appropriate security software, using secure passwords and two-factor authentication to access online accounts, and only sharing confidential information with verified, trusted parties.
Malware refers to malicious software designed to harm your computer system, such as viruses, Trojans, spyware and the like. Malware is often installed when a user downloads an infected file or opens an infected email attachment. The malware installer is hidden within a file that looks harmless, so as not to alert the user as to its presence. Once it’s installed on the computer, it can perform a variety of actions – taking control of the computer, recording keystrokes, and sending personal data to the attacker.
To prevent malware, you can train users on how and when to download files properly and you can install anti-malware software that can detect and quarantine malware before it gets installed on your computer systems. Dedicated file sanitization tools are also available, leveraging advanced technology such as content disarm and reconstruction (CDR) to cleanse downloaded files of suspicious-looking elements that could be hiding malware.
While technically a subset of malware, this type of cybercrime has been making plenty of headlines lately and is therefore worth mentioning in its own right. In a ransomware attack, attackers encrypt your entire computer system and demand a ransom in return for a decryption key. When ransomware hits a large organization, it can prevent entire systems from functioning, with huge financial damages. And, in some cases, there are even bigger ramifications – such as with the infamous 2017 WannaCry attack, where actual lives were at stake. The devastating attack hit the computer networks of organizations including many healthcare facilities and hospitals around the globe in a matter of hours causing millions of dollars in damages in the United States and abroad.
Sadly, while organizations may pay the ransom in an attempt to get back up and running as soon as possible, there’s no guarantee that paying the ransom will indeed lead to decryption at all – sometimes the cyber criminals just demand more money. As a general rule, no matter how good your defenses, it’s always smart to have all important files backed up in the cloud or other external location – just in case.
DDoS, or, ‘Distributed Denial of Service’ attacks, are targeted attacks used to bring down a website or other online service by overwhelming the server with traffic from multiple locations. Large networks of infected devices known as botnets are used to perform these attacks, sometimes also installing malware on the victim’s device at the same time. This allows the hackers to use different types of unsavory techniques such as extortion or blackmail to get whatever they want from their victims. At the end of 2016, top websites including Amazon, Twitter and Tumbler were rendered unavailable by a DDoS attack that targeted their DNS server provider – Dyn. It took a number of hours before the websites were back up and running, affecting users across the globe. In general, using more than one server, or using a cloud-based service, can help prevent such attacks.
Phishing is when cyber criminals masquerade as a trusted third party in an attempt to trick email recipients into divulging personal information or downloading “important” malware-laced files. Many of these emails are designed to look like they were sent from an official company, requesting the user to take action to correct some (fabricated) technical or financial issue or take advantage of a lucrative – but phony — offer. Other more sophisticated phishing emails may be doctored to look like they were sent by a colleague or other business associate, in an attempt to convince the user that the email is from someone they can trust.
Phishing is a type of social engineering – where the criminals exploit the user’s sense of trust to trick them, rather than finding a technical way to hack into their computer. Phishing emails often contain links to a phony website, where users are encouraged to enter their personal information, such as passwords or bank details. Fraudsters can then use this information for their own nefarious purposes – including related cybercrimes like identity theft. Phishing emails are also used to trick users into installing malware-infected files on their device.
The best way to combat phishing attempts is by training users to recognize – and avoid opening – suspicious emails. Look out for spelling mistakes and lousy formatting on emails that are supposedly from banks or other companies – and check the “from” field to make sure the sender is authenticated. Banks, in particular, usually have numerous security methods in place so email recipients can ensure that an email was really from them – such as including the customer’s full name, zip code, or other piece of identifying information that a cybercriminal wouldn’t usually have access to. If the email simply says “Dear Customer”, alarm bells should ring. In any event though, it’s best to avoid accessing your bank account through a URL link in an email – instead, use a trusted bookmark or type in the URL manually.
While most of the cybercrimes listed can be carried out through the web – and often are – there are some that are particular to the browsing experience. Drive-by-downloads, for instance, use browser vulnerabilities to download malware through active browser code. These attacks occur automatically, merely by browsing on an infected website, without any further action required on the user’s part.
Drive-by attacks can take many different forms. In one scenario, known as malvertising, cyber criminals place malicious or malware-laden advertisements on a legitimate, ad-supported website. In many cases, the endpoint device can become infected even if users don’t click on the ad. Cryptojacking is another type of drive-by-download attack. As cryptocurrencies like Bitcoin become increasingly popular, enterprising miners have begun planting cryptojacking scripts on websites, which allow them to harness the victim’s computing power to mine cryptocurrency. Again, no installation is required.
As you can imagine, drive-by-downloads are one type of cybercrime that is particularly difficult to avoid, as no user action is needed in order for the attack to be successful. Users can try to stick to browsing only trusted websites, but even trusted sites can become compromised, meaning that any browsing activity presents a risk. Innovative solutions such as remote browser isolation (RBI) prevent drive-by-downloads and other browser-based threats by keeping all active code off of endpoint devices and outside of the organizational network. Instead, web content is rendered in an isolated virtual container hosted outside of the network, such as in the DMZ or cloud. To the user, the entire experience feels and behaves just like a regular browsing session, but in reality the web pages they’re visiting aren’t executed on the endpoint, so no malicious files can install themselves. When a browsing session is complete, the container is destroyed, along with all files, malicious or otherwise.
Now that you understand some of the most common types of cybercrime out there, you’ll be able to take preventative steps to reduce your risks and ensure your computer network is protected from all angles.