Here at Bay Area Computer Solutions, we believe in keeping your computer, your network and all of your incoming/outgoing traffic as clean as a whistle. While we can provide rock solid network management, security driven data services and secure managed IT services, you also have to learn about the types of malicious traffic which can bring your protected network to its knees.
We present a two-part look into the different types of cyber attacks, how they work and how you can defend against them.
Typically, a trusted website will contain and continually update their SSL certification. The SSL certification is a security tag which websites carry to let the user know their platform is safe to browse; unfortunately, not all websites carry an SSL certificate.
A very common type of cyber attack isn’t one which comes to your network through email, messaging or pointed traffic, it is one which the user finds via a spammy website. If you are like most people, you frequently visit certain websites. Sometimes one of those “trusted” websites will prompt you with a dialogue box stating your computer is infected and needs to be cleaned by installing a third party application. Often these prompts take the form of common looking program updates, Adobe Reader being very popular. Once the user clicks past browser warnings and installs the program/update, a web-based Trojan is installed executing malware.
Easy Fix: If your employees are constantly running into website based Trojans, educate them on what a website Trojan is and how it acts. Additionally, it wouldn’t hurt to set security regulations across your network that effectively kill user ability to download any new application without consent from your IT department. Current and very strong anti-malware software scanning your network couldn’t hurt.
Malicious actors love to test the vulnerability of your network by testing the holes in the applications and programs you use. By testing holes, we mean testing to see if the applications and programs most commonly used in your network are current with their patches. A patch is the host company’s method of fixing out-of-date or broken bits of code in their software. Patches are completed to make applications run smoother and resolve any outstanding security concerns.
In a world where hackers are constantly upgrading their intrusion tactics, hacking parties constantly search for any opening into a network which will allow them exploit and take control. Unpatched software is key in this respect. By searching through network-controlled programs, hacking parties can determine what commonly used software — think Adobe, QuickTime, Java — haven’t been patched and are thus easy to exploit with current tools.
Easy Fix: Have your IT department constantly patch all software used on your network. Your IT department has no reason to ignore available software updates. Patch all your software. This is a no-brainer.
According to MailChimp and a few other email carriers, roughly 70% of all email is spam riddled with malware, viruses and infectious traffic. While we would love to think phishing attacks come as sloppy emails, in most cases the opposite is true. To make a phishing email look real, attackers build highly effective, very eye pleasing email templates to disguise their real intentions.
Unfortunately, most phishing emails/traffic can only be routed out through their URL’s. Also unfortunately, most human eyes aren’t scanning every character, every string and every word in a URL.
Easy Fix: The single best way to fight against phishing attacks is to deploy, maintain and constantly update anti-phishing tools and your browser security regulations. In most cases, an up-to-date web browser like Chrome and Safari has anti-phishing detection/quarantine built into the platform. In some cases, certain browsers will highlight the domain name of the sender located in the URL string. If and when .malware pops up, by all means, avoid that email.
Website-based Trojans, patch attacks and phishing schemes are very common cyber attacks. In part two of our series, “Types of Cyber Attacks: Critical Threats,” we are going to cover three additional cyber attacks which are just as powerful yet more sneaky.
Published on 21st September 2015 by James Berger.