Throughout December we have been running a campaign with our email subscribers educating them on the key cybersecurity threats to look out for this Christmas.
The festive season brings plenty of merriment, but it poses threats to businesses too. It is all too easy for staff to be distracted by thoughts of Christmas and become vulnerable to the kinds of sophisticated attacks that are now becoming more common.
We want to make sure all businesses are prepared against attack this festive period, here are 12 cybersecurity threats to look out for this Christmas.
Phishing is the fraudulent practice of sending emails pretending to be from a reputable source in an attempt to get hold of sensitive information such as usernames, passwords and bank details. Phishing is the biggest cybersecurity threat at the moment with over 12 phishing attacks being attempted on your business every day*. In business hackers often use the information they collect, specifically passwords, to further infiltrate the network.
*Sonic Wall October 2018 Cyber Threat Data
Ransomware prevents users from accessing their IT files and demands a ransom payment in order to regain access to them. Payment is demanded in cryptocurrency or by credit card.
As one of the original types of cybercrime, malware has become a sophisticated form of attack that often takes place without the user realising anything is wrong. Originally created as on-screen popups, malware is now affecting machines through email attachments and website traffic. Once contaminated, it sits dormant on computers quietly collecting personal information in the background.
4. Intrusion attack
A growing type of cyberattack, there were 3.2 trillion network intrusion attempts in October 2018, an increase of 45% in the last 12 months. A network intrusion is defined as any unauthorised activity on a computer network. It searches for networks without firewalls in place or that have firewalls with ports (emails, internet traffic) that are open to the internet.
Encryption refers to the process of coding a message in a certain way so that only authorised parties can have access to it. It is easy to spot an encrypted site as the browser will contain a padlock image. Encryption is vast becoming a standard technology especially on websites using financial transactions.
6. Spear phishing
Spear phishing takes place when hackers specifically target a business with a phishing email. In order to increase the chances of the user filling out their personal information or making a payment, hackers carry out extensive research on the business and pose as a known contact or organisation.
Botnets are groups of connected computers. Perfectly legal, botnets perform a number of repetitive tasks that help maintain a good user experience on the internet. However, hackers can quickly find holes in security and exploit botnets, using them for illegal and malicious practices.
8. Social engineering
A social engineering attack uses fake social media accounts to encourage users to click on malicious links that can install malware on their computer. It can also be used to gather information on individuals which is then used to exploit their network or join a botnet network. This collecting of information can be used to start a spear phishing campaign which can lead to further attacks.
9. Cryptocurrency mining malware
Cryptocurrency mining malware refers to software programmes and malware components developed to take over computers and mine for cryptocurrency without the user’s permission. With cryptocurrency gaining more and more traction in the cyber world, this has become an attractive way for hackers to make significant amounts of money as it is difficult for authorities to detect. According to research by Kaspersky, a single cryptocurrency mining malware botnet can make cyber criminals more than $30,000 per month.
Malvertising is the use of online advertising to entice users to click on an advert with embedded malware. These adverts are often placed on legitimate websites duping users into thinking they are genuine offers. Malvertising is attractive to hackers because it can be easily and quickly spread across a large number of high authority websites reaching users who might not otherwise be duped into clicking criminal links due to firewalls and other safety precautions.
11. Wi-Fi intrusion
Wi-Fi intrusion is an attack on a computer or PC connected to an unsecured public network. Hackers and cyber criminals log onto public Wi-Fi and try to attack machines that are also connected. They do this using multiple different methods, some of which we have taken you through over the last ten days including: intrusion attack, social engineering and spear phishing.
12. Vulnerability attacks
A software vulnerability or loophole that can be exploited by a hacker to perform malicious activity and unauthorised actions within a PC or laptop. One of the most famous vulnerability attacks was the spectre attack which took place in 2017. Spectre tapped into a vulnerability within computer processors, tricking the programmes to reveal sensitive information contained within it. To date at least 3 million computers have been impacted worldwide
If you want to take your cybersecurity seriously take a look at Hollinsafe, our IT security service that keeps your business protected.