04 Oct FPVG Insights: Types of Cyber Attacks
A cyber attack is a deliberate assault launched by cybercriminals using one or more computers against single or multiple computers or networks. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. At times compromised users or employees may unintentionally aid hackers in these attacks. Here are some common types of cyber attacks that you want to be aware of:
This type of attack consists of making multiple attempts to guess usernames and passwords. The attackers may use combinations of usernames and passwords they have collected from previous data breaches. When people use weak passwords or the same passwords to access different internet platforms, this can facilitate the work for the attacker. This is why strong passwords and resisting the temptation to repeat passwords are some of the best defensive options to this type of attack.
Malware is any type of software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. They are used by hackers to penetrate computers or networks and obtain private data. Some kinds of malware include Keyloggers, Ransomware and Spyware. Malware can be received through Trojan Horses, Viruses, Worms.
Distributed Denial of Service (DDoS)
The aim of this attack is to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic (such as messages, requests, etc). The result is that like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination, the DDoS paralyzes the system it attacks. This is usually carried out by using a group of internet-connected machines (e.g. laptops, game consoles, servers, etc.), also called botnets, that are infected with malware and thus can be controlled by the attacker, thus allowing him to send them instructions remotely as to how to attack.
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. This attack is so common that in 2018 one report stated that 75% of organizations fell for this trap. This type of attack can also be called spoofing since it is done via email or a fake website. When the attacker focuses more on a specific person or company, the term spear phishing is used.
There are valid practices that can be put in place to safely confront these challenges. FPV Galíndez welcomes you to get better acquainted with your options to secure your data. Contact us to learn more.
About the author: Wilfredo Vera Pujols, CISA, CDPSE
A skilled consultant in the areas of Internal Audits and Compliance, Vera holds a BBA in Information Services from the University of Puerto Rico Mayaguez and a Master’s in Computer Sciences from the illustrious Polytechnic University of Puerto Rico. He has used his excellent preparation in the last 3 years of his specialty in Auditing and Consulting, Internal Controls, and SOX for our diverse clientele. Among some of his major clients are Evertec, Triple S of Puerto Rico, and Banco Popular, to name a few. We are sure that this ISACA member, along with the expertise of FPV & Galíndez’s skilled Consulting Department will provide strategic solutions for any IT and Cybersecurity needs your organization may have.