Skip to content

Search Marco

    The 7 Most Dangerous Cyber Attacks (and How to Fight Back)

    By: Mike Burgard
    March 16, 2021

    According to Cybercrime Magazine, 60% of small businesses close their doors within six months of falling victim to a large-scale cyber attack.

    Scary, right? It gets worse: 43% of cyber warfare is aimed at small businesses, and only 14% are prepared to defend themselves. (Layr) If you’re reading this, it’s probably because you lie within the remaining 86%.

    Cyber criminals are not your typical middle school cyber bullies. As businesses become more aware of how to protect their networks, attackers constantly find new tricks and loopholes to bypass security measures.

    What is a cyber attack?

    A cyber attack is an attempt by an attacker to gain access to a computer information system for their own personal gain, or as means of launching cyber warfare against a business or high-profile individual.

    These types of computer attacks can lead to identity theft, manipulation of data, unauthorized access to vulnerable business systems, and more. 

    So, to help your business keep the bad guys’ hands out of your corporate pockets, we’ve compiled a list of the seven most common, and most vicious types of attacks in network security—and how to fight back.

    GettyImages-610855316

    7. Brute Force

    Essentially, this is an invigorating game of “extreme password guessing.” The attacker collects information on the targeted user such as hobbies, interests, pet names, etc., and then compares these against a “dictionary” of common passwords.

    Once the cyber villain has access to login information, they’ll use bots to input these credentials across several different web platforms. This is known as “credential stuffing” (which is not as delicious as it sounds). 

    The more accounts they control, the more the attack could cost you.

    How do I fight back?

    Brute force and credential stuffing attacks rely on two things:

    1. A guessable password.
    2. The same login info across several platforms.

    You can fight back by… well, not having these things. Make sure you have a strong (or better yet, randomly generated) password, and a different login for every account you create.

    6. Structured Query Language (SQL) Injection

    SQL injection is a type of cyber attack where the antagonist utilizes malicious codes to cause damage to website databases.

    Like an older brother looking for his little sister’s diary, the goal is for the attacker to gain access to consumer information that the site intended to be private.

    This kind of data breach is bad news for the average joe, but the more severe impact is on the company’s reputation.

    How do I fight back?

    If you don’t understand coding, hire somebody who does. Partnering with a trusted partner like Marco can help you identify, assess, develop, and track complex IT issues like SQL injection.

    5. Cross-Site Scripting

    Cross Site Scripting (XSS) is similar to SQL injection, but with one main difference:

    The website admin will be unaware that anything has happened.

    The attacker will still use malicious code, but it’s embedded into the site with the intention of baiting users into clicking unsafe links and caches.

    It’s a small-scale, sneaky way to gain access to user information without altering the site layout or raising any red flags.

    How do I fight back?

    Time to call the IT department again. Cross-site scripting issues are complex and it's best handled by professionals. If your IT team isn't familiar with cross-site scripting, we recommend partnering with managed IT specialists.

    Much like you can train a dog to sit, you can use code to train your website to recognize valid input data from users. Additionally, you can ensure that your browser interprets user queries the way that you intended.

    4. Denial of Service (DoS)

    GettyImages-1074653602-1000x680

    A DoS attacker simply seeks to interrupt whatever product or service your website offers. They’ll overwhelm your site’s bandwidth capabilities, or by close off access to a URL altogether.

    So what’s in it for them? Reminiscent of a playground bully, sometimes the satisfaction of knowing they hurt you is good enough. It could even be a premeditated attack from an immoral internet competitor.

    How do I fight back?

    Basic network security and architecture go a long way. For higher-traffic sites, though, it would be worthwhile to have a third party DoS response team on speed dial.

    3. Man in the Middle

    The hybrid between eavesdropping and ventriloquism that nobody asked for.

    A MitM attack is when a cyber attacker is able to intercept a conversation between two trusting parties — usually an employee and client. The two parties believe they’re communicating as normal, but the criminal manipulates messages in order to gain access to private information.

    How do I fight back?

    Strong encryption mechanisms (established by security experts) will prevent most MitM attacks. To combat the overachievers who still manage to make it through, try implementing tamper-detecting software, so that if a digital peeping Tom enters your conversation, you’ll know before it’s too late.

    2. Malware

    The most invasive cyber attack is malware: unintentionally downloaded viral software that impacts your system’s performance.

    Common types of malware include:

    • Spyware—the attacker obtains information from your hard drive.
    • Ransomware—key components of your network are blocked, and a ransom is demanded to regain access.
    • Keyloggers—the antagonist gains access to everything you type.

    How do I fight back?

    Install antivirus software and keep it up-to-date. Familiarize yourself with tactics to avoid malware attacks, and share this information with your staff. Work with trusted partners such as Marco to make sure the right technologies are in place.

    1. Phishing

    During a phishing attack, a criminal pretends to be someone else in order to bait your employees into handing over company data, authorizing bank transfers, or even revealing the terrible karaoke video of you that they promised they’d deleted.

    More sophisticated variants like spear phishing or whaling attacks use social engineering to make the impersonation seem ultra-realistic.

    How do I fight back?

    Educate your employees. Then put phishing prevention protocols in place, such as requiring employees to verify requests for sensitive information through multiple channels, or requiring two employees to sign off on such decisions. An investment in Data Prevention Loss (DLP) software doesn’t hurt, either.

    Prepare for Battle

    Cyber attacks are inevitable. The best you can do is know how to react when they come your way.

    Fortunately, Marco is here to help you “think fast” when a criminal strikes. With the help of our managed security services, you’ll be well-prepared to take on anything that comes your way.

    Learn more about a Risk, Security or Vulnerability assessment Get Started Today

    Topics: Security