Whether you’re just starting your IT career or you’re a seasoned pro, you face the same cybersecurity risks. And they’re becoming more and more cunning.
Defence is twofold: knowledge and evasion. The more knowledge you have, the better equipped you are to make the right decisions to evade these threats. So the question becomes: How well do you know these threats?
Viruses, worms, Trojans, and bots are all part of a class of software called malware. Malware or malicious code (malcode) is short for malicious software. It is code or software that is specifically designed to damage, disrupt, steal, or in general inflict some other “bad” or illegitimate action on data, hosts, or networks. Once inside the system, malware can do the following:
- Blocks access to key components of the network (ransomware)
- Installs malware or additional harmful software
- Covertly obtains information by transmitting data from the hard drive (spyware)
- Disrupts certain components and renders the system inoperable
Some of the more commonly known types of malware are viruses, worms, Trojans, bots, back doors, spyware, and adware. Damage from malware varies from causing minor irritation (such as browser popup ads), to stealing confidential information or money, destroying data, and compromising and/or entirely disabling systems and networks.
Ransomware is a type of malicious software, also known as malware. It encrypts a victim’s data until the attacker is paid a predetermined ransom. Typically, the attacker demands payment in a form of cryptocurrency such as bitcoin. Only then will the attacker send a decryption key to release the victim’s data. Many ransomware variants have appeared in recent years.
Phishing is the practice of sending fraudulent communications that appear to come from a reputable source. It is usually done through email. The goal is to steal sensitive data like credit card and login information, or to install malware on the victim’s machine. Phishing is a common type of cyber attack that everyone should learn about in order to protect themselves.
A distributed-denial-of-service, or DDoS, attack is the bombardment of simultaneous data requests to a central server. The attacker generates these requests from multiple compromised systems. In doing so, the attacker hopes to exhaust the target’s Internet bandwidth and RAM. As a result, the system is unable to fulfil legitimate requests. Attackers can also use multiple compromised devices to launch this attack. The ultimate goal is to crash the target’s system and disrupt its business.
A zero-day exploit hits after a network vulnerability is announced but before a patch or solution is implemented. Attackers target the disclosed vulnerability during this window of time. Zero-day vulnerability threat detection requires constant awareness.
A Structured Query Language (SQL) injection occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker could carry out a SQL injection simply by submitting malicious code into a vulnerable website search box.
Traditional security is reactive. But today’s threats require a much more proactive approach. Like any good warrior, once you know what the threat you’re dealing with is, you need to recon. You need to determine what the points of entry are and prevent attacks before they happen. Our latest eBook, What Attacks Aren’t You Seeing, explores this. Download it below.