Blog

30th September 2014 News

6 of the Worst Cyber Threats!

Research shows that large enterprises do more to lock down their infrastructure against Cyber threats, yet less secure smaller businesses are the low-hanging fruit for cyber criminals to cash in on.

Cyber threats hitting businesses

CRYPTOLOCKER

CryptoLocker – and several copy-cat variants which have emerged subsequently – are a particularly nasty form of ‘ransomware’.  After seizing control of your computer files, they will demand a ransom before you can access them again.

Attachments are received under the disguise of genuine email addresses.   However, employees opening such attachments will activate malware, allowing hackers access to files.  Encryption is used to lock your files.  The perpetrators then demand a ransom.   which, if you don’t pay, the decryption key is destroyed and your files are lost forever.

However, because the ransom is typically between £200 – £400 most businesses willingly pay up, with payment made via a hard-to-trace virtual method such as Bitcoin or online voucher system.

The perpetrators of these scams have indeed elicited millions of pounds from their victims.

SPEAR PHISHING

Spear phishing, uses emails that look like they’re from someone in your Company or a trusted person.   Links within the email will take you to a fake page.  Either, spyware is downloaded, enabling the hacker to gather information about the individual or organisation, or a bogus log-in page is presented to capture security details.

The success of spear phishing depends upon three things: the apparent source must appear to be a known and trusted individual; there is information within the message that supports its validity; and the request the individual makes seems to have a logical basis.

HEARTBLEED

In April 2014, the Heartbleed bug made headlines around the world.  A flaw in a highly popular software programme called OpenSSL used by many web servers meant hackers could steal the cryptographic keys used to secure online commerce and web connections.  The bug could also leak personal information to hackers when people carry out searches or log into email.

Security experts say that over 300,000 web servers remain vulnerable even though it is easy to protect against the bug.

INTERNET EXPOLORER VULNERABILITY

Just weeks after the Heartbleed alert, Microsoft announced a major security warning.  This affected all versions of their popular web browser from Internet Explorer 6 to 11.

The vulnerability enables hackers to access user’s computer through a phishing email and trick them into clicking a link or opening an attachment which installs malicious software without the user knowing.

The issue is of concern to businesses still using Windows XP as Microsoft ended official support for the operating system earlier this year, meaning there are no longer any security updates and bug fixes provided.

DENIAL OF SERVICE ATTACKS

Denial-of-Service (DoS) attacks bring networks to a halt by flooding them with random traffic.  Many DoS attacks such as the ‘Ping of Death’ and ‘Teardrop’ exploit limitations in network communication protocols.  The hacker does this by instructing thousands of remotely-controlled computers to flood traffic to a Server.

The Server is so busy dealing with the attacker’s requests that it doesn’t have time to respond to legitimate User requests, causing the target system to stop responding, resulting in long delays and service outages.   Software fixes for known DoS attacks are available which system administrators can install to mitigate the damage caused.  DoS attacks and Viruses, are becoming increasingly sophisticated.

TIMTHUMB PLUG-IN

In this attack, hackers exploit a security flaw in a photo re-sizing plug-in (called Timthumb.php) for the popular blogging and website publishing tool WordPress.

Through this flaw, hackers install malicious code or files into a Website or Server.  They can then launch spear phishing campaigns as well as ‘Denial-of-Service’ attacks.

Timthumb attacks have hit millions of websites over the last few years.

 

Don’t become another statistic of cyber-threats – ensure your systems and working practices are secure.

 



Back to blog list

Tags



Join Discussion