Question

Phishing, Malware, Spyware. Have you been targeted by any of these kinds of attacks? What was the outcome?

What kind of attack is it when a bad actor tries to slow or block access to network services?

Answer 1

PHISHING

Phishing is the crime of deceiving people into sharing sensitive information like passwords and credit card numbers. As with real fishing, there's more than one way to reel in a victim, but one phishing tactic is the most common. Victims receive a malicious email (malspam) or a text message that imitates (or “spoofs”) a person or organization they trust, like a coworker, a bank, or a government office. When the victim opens the email or text, they find a scary message meant to overcome their better judgement by filling them with fear. The message demands that the victim go to a website and take immediate action or risk some sort of consequence.

Types of phishing attacks

1.Spear phishing

2.clone phishing

3.phone phishing

Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping their information secure. Whether it's getting access to passwords, credit cards, or other sensitive information, hackers are using email, social media, phone calls, and any form of communication they can to steal valuable data. Businesses, of course, are a particularly worthwhile target.

To help businesses better understand how they can work to avoid falling victim to phishing attacks, we asked a number of security experts to share their view of the most common ways that companies are subjected to phishing attacks and how businesses can prevent them.

MALWARE

A malware attack is a common cyber attack where malware (normally malicious software) executes unauthorized actions on the victim’s system. The malicious software (a.k.a. virus) encompasses many specific types of attacks such as ransomware, spyware, command and control, and more.

Criminal organizations, state actors, and even well-known businesses have been accused of (and, in some cases, caught) deploying malware. Like other types of cyber attacks, some malware attacks end up with mainstream news coverage due to their severe impact.

Types of Malware Attack Vectors

1.Trojan horse

2.virus

3.worm

Best Practices against Malware Attacks

The following best practices can help prevent a malware attack from succeeding and/or mitigate the damage done by a malware attack.

Continuous User Education

Training users on best practices for avoiding malware (i.e. don’t download and run unknown software, don’t blindly insert “found media” into your computer), as well as how to identify potential malware (i.e. phishing emails, unexpected applications/processes running on a system) can go a long way in protecting an organization. Periodic, unannounced exercises, such as intentional phishing campaigns, can help keep users aware and observant. Learn more about security awareness training.

Use Reputable A/V Software

When installed, a suitable A/V solution will detect (and remove) any existing malware on a system, as well as monitor for and mitigate potential malware installation or activity while the system is running. It’ll be important to keep it up-to-date with the vendor’s latest definitions/signatures.

Ensure Your Network is Secure

Controlling access to systems on your organization’s network is a great idea for many reasons. Use of proven technology and methodologies—such as using a firewall, IPS, IDS, and remote access only through VPN—will help minimize the attack “surface” your organization exposes. Physical system isolation is usually considered an extreme measure for most organizations, and is still vulnerable to some attack vectors.

Perform Regular Website Security Audits

Scanning your organization’s websites regularly for vulnerabilities (i.e. software with known bugs, server/service/application and to detect if known malware has been installed can keep your organization secure, protect your users, and protect customers and visitors for public-facing sites.

Create Regular, Verified Backups

Having a regular (i.e. current and automated) offline backup can be the difference between smoothly recovering from a destructive virus or ransomware attack and stressful, frantic scrambling with costly downtime/data-loss. The key here is to actually have regular backups that are verified to be happening on the expected regular basis and are usable for restore operations. Old, outdated backups are less valuable than recent ones, and backups that don’t restore properly are of no value.

SPYWARE

Although it sounds like something James Bond would employ, spyware is all too real. Spyware is any software that installs itself on your computer and starts covertly monitoring your online behavior without your knowledge or permission. Spyware is a kind of malware that secretly gathers information about a person or organization and relays this data to other parties. In some cases, these may be advertisers or marketing data firms, which is why spyware is sometimes referred to as “adware.” It is installed without user consent by methods such as a drive-by download, a trojan included with a legitimate program or a deceptive pop-up window.

Spyware uses your internet connection to relay personal information such as your name, address, browsing habits, preferences, interests or downloads. Other forms of spyware hijack your browser to point it to another website, cause your device to place calls or send texts automatically, or serve annoying ads even when you are offline. Spyware that steals your username, password or other credentials is referred to as a “keylogger” – an insidious prerequisite for cyber crime.