This blog post was updated on Jul 29, 2024.

It was originally published on March 15, 2021.

In the previous part of this blog, we talked about 7 out of the 10 common cyber threats to your business. In this second and concluding part, we will talk about the remaining 3 cyber threats against businesses, including Theft, and the more notorious Password and Hacking attacks. 

Let’s dive right in...

Theft or loss of a device can be a serious risk for a business because the devices are a gateway to accounts, corporate resources, and sensitive information. A stolen device may be just one step in a complex corporate espionage campaign that can do untold harm to your entire business. Lost or stolen devices are a risk to not just your internal network but also your cloud resources because breaking into a password-protected device is not a difficult task for most hackers.

Since data is your most valuable asset, you need to ensure the security, confidentiality, and integrity of your company data. One of the simplest ways to achieve this is to encrypt your company devices so that even if criminals gain physical access to your devices, they won’t be able to access any of the sensitive information on them.

Passwords have been used as the most common safeguard against unauthorized account access. However, passwords aren’t as secure as they used to be. They are vulnerable primarily because of poor password hygiene and social engineering techniques.

A password attack is an attack wherein a hacker tries to steal your password. Due to their inherent vulnerability, password attacks have become very common. In fact, over 80% of security breaches due to hacking involve password attacks.

Password attacks can be carried out in many different ways, here are 5 of the most common types of password attacks:

A brute force attack is a type of password attack in which a hacker tries different combinations of characters until they find the correct password. Such an attack requires testing a lot of different combinations of passwords, so it takes a long time to do this.  Of course, this cannot be done manually so the hackers use special software programs run on powerful computers to hack into a user’s account trying all possible password combinations, one after the other until they succeed.

That’s the reason why you see the CAPTCHA when logging into a website. Without the CAPTCHA check, an automated system, such as the program used by hackers, can just keep trying to log into your account until it finds the right password combination. Another commonly used defense against password attacks is the locking of the account after a certain number of failed attempts. This way the hackers can’t keep trying new password combinations.

A dictionary attack is a type of password attack that uses commonly used word combinations such as those from a dictionary, to guess passwords. Words such as “password”, “sunshine”, “football”, “monkey”, etc. are commonly used as passwords and hackers know that. So a dictionary attack involves the hackers trying to log into your account by running through a list of common words and phrases until they find the right password for your account.

A dictionary attack is similar to a brute force attack but it doesn’t try out all combinations of characters but is built specifically for a particular target. It is well known that people tend to reuse passwords so the dictionary used for the password attacks include passwords that have been leaked online after security breaches, common passwords, and variants such as substituting ‘@’ for ‘a” or adding ‘1’ or ‘123’ at the end of passwords.

As we mentioned in the previous part of this blog post, phishing is a common tactic for stealing passwords. The end goal of phishing is to gain access to your account, escalate rights, and move laterally until they get access to critical information such as financial data, intellectual property, or personally identifiable information (PII).

Password Spraying is a kind of password attack that tries to access multiple accounts by “spraying” the same password across all of them before trying another password. Such an attack will try thousands if not millions of accounts at once with the same password. This is intended to circumvent the common countermeasures against brute force attacks such as account lockout.

A password spraying attack is usually preceded by social engineering and/or phishing campaigns to create a list of passwords similar to what’s used in the dictionary attack. Password spraying is commonly used against single sign-on (SSO) and cloud-based applications with the aim of compromising the authentication mechanisms, then moving laterally to gain access to critical applications and data.

As we mentioned in the previous part of this blog post, keyloggers can be used to spy on users and steal their login credentials. The compromised account can then be used to access email addresses for further attacks or for expanding laterally within the network.

A strong password policy can thwart most password attacks. In addition, you can implement two-factor authentication along with a password manager to add layers to your security. This makes it extremely difficult, if not impossible, to gain unauthorized access to your accounts using a password attack.

When we think of cyberattacks, hacking is probably the first thing that comes to mind- hoodie-wearing rogue programmers sitting in dimly lit rooms, tapping away at their keyboards, producing a continuous stream of code to crack passwords and gain access to secret files. That may make a gripping Hollywood movie but doesn’t come anywhere close to the real-world hackers.

Hacking is defined as an attempt to exploit a computer system to gain unauthorized access to or to compromise digital devices such as computers, mobile phones, etc. While an overwhelming majority of hacking is financially motivated, hacking-related to spying, protest, or even just as a challenge is not uncommon.

Hacking is usually seen as technical, but that’s not always true. As we have seen earlier tactics such as social engineering and phishing are also common in hacking. You don’t necessarily have to be an expert at programming; all you have to do is get on the dark web and purchase off-the-shelf malware and ransomware. Hacking has become that simple.

Here’s a list of common hacking techniques:

Malware infection is a very common attack method used by hackers. Given the wide variety of malware attacks possible, this isn’t surprising. Phishing emails are the most common ways of malware delivery but there are also other delivery methods that businesses should be aware of.

Some of the other malware delivery methods are:

• Drive-By Download Attack

• Bait and switch attack

• Through infected storage media such as thumb drives

• By gaining physical access to devices such as routers, servers, etc.

Cookies are small files placed on your computer by websites and applications when you visit them. Cookies enable the websites and apps to identify your computer, store your preferences, and also to identify if you have logged in.

Cookie theft involves a hacker stealing your cookie by exploiting insecure connections. They can use the stolen cookie to pretend that it’s you who is logged in and change settings, or otherwise hijack your account.

There are too many bad actors lurking around the web trying to snoop in on your digital activities, therefore it is very important to protect your privacy while you surf or conduct your business online.

Internet of Things (IoT) devices make our lives easier and help our businesses become more cost-effective and efficient. However, because of their nascent stage of development, IoT devices have inherent cybersecurity vulnerabilities that can expose your business to cyberattacks.

Therefore, it is critical to understand the security risks associated with IoT devices and to take necessary precautions. In a previous blog post, we have discussed at length how to secure IoT devices and infrastructure.

A fake WAP (Wireless Access Point) attack consists of a hacker setting up a wireless router in a public spot disguised as a free WiFi offered by a legitimate business. Once unsuspecting users connect to the WAP, the hacker can monitor and change your connection to steal any information that you transmit or can force you to download malware on your device.

Fake WAP attacks can also be used to launch man-in-the-middle (MITM) attacks. A MITM attack is a sophisticated technique that places the hacker between the legitimate website or application and the user. This allows them to monitor and even alter the communication from both ends.

If you have to use a public WiFi network, ask for the WiFi name instead of connecting to any open WiFi network that you see. Also, it is highly recommended to use a Virtual Private Network (VPN) when you use a public network.

An exploit is a piece of code or program created to take advantage of a software vulnerability or security flaw. Exploit in itself isn’t a malware but is frequently used to deliver malware. The exploit is usually one of the many steps in a complex attack that is used to infiltrate your system to deliver a payload such as a malware.

Remember the WannaCry ransomware attack? It is a case of a vulnerability exploit. Hackers used the EternalBlue exploit to target unpatched computers running the Microsoft Windows operating system. This is one of the reasons why keeping your operating system and applications up to date is necessary.

A backdoor is a method used to bypass the security, authentication, or encryption in a computer or device to gain unauthorized access to the device or to transfer the information stored within.

A backdoor can come in different forms. It may be a virus hidden in a program, a standalone program such as a worm, or a Trojan that creates a vulnerability in your device. It may come through a rootkit, piece of code in the firmware, or as part of your operating system.

You may have heard of the cyber attack on SolarWinds. It was carried out using malware that inserted a backdoor into the SolarWinds product. A backdoor is a sophisticated cyberattack that is extremely difficult to detect. The responsibility for maintaining the integrity of the software largely rests with the OEM.

In the case of most end users, purchasing devices and software only from authorized vendors mitigates the risk of the devices or software being infected. However, in high-stake settings where backdoor attacks are a realistic threat, adequate security measures need to be put in place, especially for systems connected to the cloud.

We cannot imagine our lives without web applications; Gmail, Trello, Google Maps, Spotify, YouTube, etc. have made our lives a lot easier and possibly a little less secure. Their ease of use, along with the development of extensions to support dynamic content make web applications very popular.

However, there is always a constant push for new functionalities and features that often come at the expense of security, leaving vulnerabilities leading to attacks ranging from relatively harmless defacement of websites to more severe SQL injection attacks and Cross-Site Scripting (XSS) attacks.

Therefore, if you offer web applications, you need to safeguard not just your digital assets such as your database but also your users. And, as an end-user of web applications, you also need to be vigilant against such web application attacks. Securing your browser with anti-script plugins goes a long way in keeping yourself safe. We have talked about such browser plugins that can keep you safe online in our blog post: 5 Simple Tools That Protect Your Online Privacy.

DNS (Domain Name Server) spoofing, also known as DNS poisoning is another sophisticated attack that alters the DNS records redirecting users to fraudulent websites that look like the intended destination. If the users enter their login credentials on the fraudulent website, the hackers gain access to those credentials, and their account becomes compromised.

In addition, such malicious websites can also install malware on a user’s device, giving the hacker long-term access to the device. DNS poisoning was a common technique in the late 2000s but has recently made a comeback as researchers have found vulnerabilities that can be exploited to launch DNS poisoning attacks.

Protecting yourself from such spoofing attacks consists of steps you must already be familiar with and include:

• Don’t click on unfamiliar links, verify the link by hovering your mouse over it.

• Regularly scan your device for malware

• Use VPN

Conclusion

Many of the cyber threats mentioned above can be mitigated by employing cybersecurity best practices and creating a cybersecurity-conscious culture in your organization. But for some of the more sophisticated attacks, you will require the help of IT security professionals. Since most small and medium-sized businesses have limited resources that they can allocate to IT security, it is necessary to know exactly where you need to spend those resources.

Understanding the different threats that face your business has two-fold importance. First, it gives you an insight into the threat actors’ toolkit. Second, it helps you understand your own vulnerabilities, allowing you to better secure your business. Combining the knowledge of threats and of your own vulnerabilities, you will be able to decide where your security systems need strengthening.

Do you have adequate security systems to protect you against all of the above cyber threats? If you would like to review your security systems and improve your security posture, feel free to click the button below and reach out to us.

If you liked the blog, please share it with your friends