If you were to ask my friends what my greatest skill is, they’d all agree that it is my ability to interpret the philosophy of 17th Century Chinese military leaders.
Whilst it might be a bit dramatic to describe our modern internet as a war ground, Sun Tzu, author of ‘The Art of War’ and one such military leader, had a great prediction about cybersecurity. There’s a quote from his book ‘The Art of War’ which roughly translates as:
“If you know your enemies and know yourself, you will not be imperilled in a hundred battles”. – Sun Tzu
What I think Sun was trying to say here is that in order to protect yourself and your business from cyber-attacks you first need to know why they happen and what the attacker wants. Well, he meant all of it apart from the bit about cyber attackers – he almost definitely didn’t know what ransomware was back in 1621.
Whether we consider cyber attackers the enemy in a war or – less dramatically – as a mild annoyance, it’s true that attacks are increasing in both frequency and severity so it’s important to be one step ahead. How do cyber attackers operate? What do they want and how can we stop them?
To help you better understand the cyber enemies lurking online, we explain the most common techniques used by cyber attackers.
Cyber attackers ‘phish’ for your password, username or credit card details by masquerading as a trustworthy email or website. The attack relies on the assumption that people are who they say they are. Online, these attacks are designed to look identical to the login screens and emails that you are accustomed to using from your bank, social networks and even from colleagues.
Imagine you’ve been tagged in a photo and receive a notification from firstname.lastname@example.org. Can you see what’s wrong with the email address? Would you have seen it if you were in a rush?
As you can imagine, a phishing attack is a relatively low-tech cyber attack. Unlike other forms of attack which need to fool a computer, a phishing attack only needs to fool the average user. The key to foiling phishing attacks is to ensure that both you and your employees are vigilant and question every piece of contact which they received.
Cyber attackers want your passwords, credit card details and other private credentials so that they can steal data from your accounts or money from your bank account. This approach might be done on a large scale and be automated
Whilst a phishing attack aims to find a human weak link, a ‘distributed denial of service’, or DDoS attack aims straight for the technology, specifically the server.
Every website needs a server to host its files on (that’s what we do here at UKFast) and every server has a maximum number of users it can provide content to simultaneously. Website owners can estimate how much traffic they’ll receive and respond with the appropriate amount of resource.
A DDoS attack floods the targeted server with such a huge amount of unexpected traffic that it stops working. When the server goes down, so does your website. This is why we have products like DDoSX – which can identify the tidal wave of fake traffic and make sure it doesn’t even reach the server.
DDoS attack isn’t designed to steal personal information or for any direct financial gain. Its purpose is to take down entire websites temporarily or permanently. DDoS attacks, then, could be for business advantage, for political reasons, or even just because a cyber attacker wanted to see if it was possible. It’s worth noting that not every website that is down is experiencing a DDoS attack. Without the right hosting solution, a server can be taken down by a sudden surge in completely authentic traffic.
Whilst phishing attacks target users and DDoS attacks servers, malware attacks your actual computer. You’ve probably heard malicious software referred to by it’s shortened name, malware. If you’ve been reading the news, you’ll also know that one of the most popular types of malware right now is ransomware. Malicious software is written to work specifically on your operating system (Windows or OSX for example). It covertly installs itself on your operating system without your permission, and often without your knowledge.
Malware is covertly installed on your computer in a range of ways and often uses the breached computer to spread to yet more computers. Malware gets into your computer through email attachments which are seemingly harmless, through a website you’ve visited, or via a USB stick. It can also be bundled into (often pirated) software installs and can find its way onto your machine via an exploit in your operating system or an app which is connected to the internet. Sometimes, as is the case with ransomware, it makes itself known. It might also remain hidden in order to keep operating.
Malware is the most ubiquitous form of cyberattack. Viruses, trojan horses, worms, ransomware, spyware, and adware all come under the banner of ‘malware’ and because they potentially have control of your entire system, they have the most varied purposes. Some malware is designed to steal passwords or destroy files. Others ransom your data or spy on you and collect your personal and business information. Whatever your computer can do, malware can too.
Hopefully, this has helped you to understand the techniques and motives of the modern-day cyber attacker.
To end with another quote from Sun Tzu: “The greatest victory is that which requires no battle”.
In this quote, I think what Sun was trying to say that you should update your password regularly and that those passwords should be strong. Oh, and that you remain sceptical of strange emails. And he’s also saying that you should install software updates and patches quickly and get some DDoS protection before it’s too late. He was a wise man.