CIO Insider

CIOInsider India Magazine

Separator

Main Stream Cyberattacks

Separator

In 2021, 47 percent of small businesses reported cyber-attacks. Despite many businesses returning to office spaces, the number of attacks has only increased from 2020. The implications, then, are clear: Cyber-attacks aren't going to slow down any time soon.

It's quite clear that businesses must invest in cybersecurity to protect their digital assets. Cyberattacks can target a wide range of victims, from individual users to enterprises or even governments. When targeting businesses or other organizations, the hacker’s goal is usually to access sensitive and valuable company resources, such as intellectual property (IP), customer data, or payment details.

Ransomware
Ransomware is a type of malware that denies legitimate users access to their system and requires payment, or ransom, to regain access. A ransomware attack is designed to exploit system vulnerabilities and access the network. Once a system is infected, ransomware allows hackers to either block access to the hard drive or encrypt files. In ransomware attacks, adversaries usually demand payment through untraceable cryptocurrency. Unfortunately, in many ransomware attack cases, the user is not able to regain access, even after the ransom is paid.

The Rise in Ransomware Attacks
Ransomware is one of the most common types of malware attacks today. According to the CrowdStrike Global Security Attitude Survey, which was published in November 2020, more than half of the 2,200 respondents suffered ransomware attacks over the previous 12 montCrowdStrike’s 2021 Global Threat Report also explored the growing use of ransomware within certain industries. Our analysis revealed that the most common targets include organizations conducting vaccine research and government agencies managing responses to COVID-19. The report also notes that ransomware attacks on manufacturing facilities have proven uniquely effective, as the time-sensitive nature of their production schedules often renders paying the fee less expensive than losing critical throughput.

Cryptojacking attacks have waned since 2018 due to increased attention from law enforcement, as well as the decommissioning of Coinhive, the leading crypto-mining site for Monero cryptocurrency. However, such attacks have increased due to the rising value of cryptocurrencies

Unfortunately for targets, ransomware attacks also tend to be among the more high-profile cybersecurity events, resulting in negative publicity and reputational harm. For example, in May 2021, the Colonial Pipeline, which supplies gasoline and jet fuel to the southeastern U.S., was the target of a ransomware attack by the criminal hacking group DarkSide. Service was temporarily disrupted, which impacted gas and fuel supply throughout the region. While Colonial Pipeline paid the ransom, totaling $4.4 billion, the network operated very slowly.

Malware
Malware — or malicious software — is any program or code created to harm a computer, network, or server. Malware is the most common type of cyberattack, mostly because this term encompasses many subsets such as ransomware, trojans, spyware, viruses, worms, keyloggers, bots, cryptojacking, and any other type of attack that maliciously leverages software.

The Rise of Fileless Malware
Since organizations are taking steps to defend against traditional ransomware attacks, cybercriminals constantly revamp their techniques. One of these advanced techniques involves “fileless” malware, which is when malicious code is either embedded in a native scripting language or written straight into memory using a program such as PowerShell. In a fileless malware attack, it is also common for attackers to exploit a public-facing web server and then use a web shell to move laterally in the environment.

Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) is a code injection attack in which an adversary inserts malicious code within a legitimate website. The code then launches as an infected script in the user’s web browser, enabling the attacker to steal sensitive information or impersonate the user. Web forums, message boards, blogs, and other websites that allow users to post their own content are the most susceptible to XSS attacks.

Though an XSS attack targets individual web application visitors, the vulnerabilities lie in the application or website. As such, organizations that needed to deploy a remote workforce may have inadvertently exposed themselves to this type of attack by making internal applications available via the web or by deploying cloud-based services. This increased the attack surface at a time of significant strain for businesses and IT teams.

Cryptojacking
Cryptojacking programs may be malware that is installed on a victim’s computer via phishing, infected websites, or other methods common to malware attacks; they may also be small pieces of code inserted into digital ads or web pages that only operate while the victim is visiting a particular website.

Cryptojacking attacks have waned since 2018 due to increased attention from law enforcement, as well as the decommissioning of Coinhive, the leading crypto-mining site for Monero cryptocurrency. However, such attacks have increased due to the rising value of cryptocurrencies.

IoT-Based Attacks
An IoT attack is any cyberattack that targets an Internet of Things (IoT) device or network. Once compromised, the hacker can assume control of the device, steal data, or join a group of infected devices to create a botnet to launch DoS or DDoS attacks. Given that the number of connected devices is expected to grow rapidly over the next several years, cybersecurity experts expect IoT infections to grow as well. Further, the deployment of 5G networks, which will further fuel the use of connected devices, may also lead to an uptick in attacks.

Phishing
Phishing is a type of cyberattack that uses email, SMS, phone, social media, and social engineering techniques to entice a victim to share sensitive information such as passwords and account numbers. Or, it could download a malicious file that will install viruses on their computer or phone. Common phishing examples in the COVID era as noted above, COVID-19 dramatically increased cyberattacks of all kinds, including phishing attacks. During the lockdown period, people generally spent more time online and also experienced heightened emotions — the virtual recipe for an effective phishing campaign. Throughout 2020, the CrowdStrike data science team closely tracked COVID-19-related malspam (malicious spam). Most attacks urged the recipient to download an attachment, which was malware that then acted as a keylogger or password stealer.

Current Issue
63SATS : Redefining Cyber Security For A Safer World