It’s not fake news. Data exposure is now a fact of corporate and daily life. Just ask Evite, Capital One and Toyota – a few of the victims of large-scale data breaches this year. But just like everything else, there’s more going on behind the scenes. What you don’t see on the news are smaller, lower profile stories of small businesses and individuals suffering the consequences of cyberattacks – and they’re not as elaborate as you may think.
According to CompTIA’s research report, Cybersecurity for Digital Operations, only 35% of IT staff rated their current cybersecurity as completely satisfactory. Staying on top of risk means continually assessing threats – even the most basic ones. Don’t give cyber-criminals an opportunity to get their hands on your valuable data or wreak havoc on your systems. Revisit these basic cyberattacks and refresh your security strategy with the assistance of CompTIA resources.
Spoofing happens when a source hides its true identity, masquerading as someone or something else. This tactic is often used during a cyberattack to disguise the source of attack traffic. For example, sending an email with a fabricated “From:” address would qualify as spoofing. Of course, there are different types of this deception, including: DNS server spoofing, ARP spoofing and IP address spoofing. Identify fake email addresses and websites
A Distributed Denial of Service (DDoS) attack is an attempt to flood a website or online service with traffic in order to overwhelm and render it unavailable. While a hacker doesn’t really gain any valuable information from this type of attack, they do find success in causing confusion and chaos – oftentimes making it a perfect distraction to launch another type of attack. Secure the perimeter to help prevent DDoS attacks
Ransomware is a type of malware that holds your personal files hostage. The hacker demands payment – usually in an untraceable currency, like Bitcoin – in exchange for restoring access to your own data. The software spreads from one system to the next and encrypts all hard disk contents. Ransomware is a (mostly un-reported) crime of extortion, and the more valuable your data, the more you are at risk. Get your data back
Phishing attackers send mass emails to distribute malicious links or attachments that (if opened) can steal your login credentials and/or your account information. Sometimes, the email even asks you to reset your password – thus handing over access to your account. This is a fairly easy way for hackers to gain personal data, as their success ultimately relies on end user awareness and training. Identify a phishing email
Social engineering is the number-one way hackers are getting into your systems for credential harvesting and even cryptojacking. Unlike other cyberattacks, this one involves human interaction. Perpetrators will lie or manipulate their way into your organization to gain access to your system(s) under the guise of something legitimate. Once inside, they install malware to pull confidential information or perform certain actions. Explore systems at risk
Data tampering is intentionally modifying (destroying, manipulating or editing) data through unsanctioned channels. It’s one of the biggest threats that any application, program or organization can face and includes URL manipulation (or URL rewriting). This involves subtly changing parameters in a URL. To the unsuspecting user, the URL appears the same, but the altered parameter enables access to information. Configure and secure a DNS server
Exploiting a Back Door
A back door is a common application or program that enables remote access to software, a system or a network. Of course, hackers have found a way to exploit that by installing malware in a quest to steal data, deface a website, hijack a server, launch a DDoS attack or infect website users. Hackers predominantly utilize remote file inclusion (RFI) in these instances. In this scenario, the referencing function is tricked into downloading a back door trojan from a remote host. Lock your doors
Malware is an umbrella term that describes many nasty programs, codes and bugs that can confuse your system(s). The purpose is to attack, destroy or disable networks and devices by taking over. Usually, malware does not cause permanent damage – but don’t let that fool you. It can manipulate your data, alter your system’s functions and essentially spy on your activity without your knowledge or authorization. Change passwords frequently
Stay on Top of Cybersecurity
CompTIA cybersecurity certifications validate the skills needed to protect your organization from cyberattacks. Join the CompTIA Store Club to get 20% off all your CompTIA training and exam voucher purchases, including bundles, for a whole year. Claim your discount now!