cyber attacks

2017 was a big year for data security—from speculated interference in the presidential elections to a data breach at Equifax and the emergence of the BrickerBot botnet that renders physical (IoT) devices unusable. The perpetual cat and mouse game between hackers and security professionals continues to escalate as threats and mitigation strategies evolve. Here are a few of the top threats for cyber attacks and what you can do to protect yourself and your business.

DoS/DDoS Attacks

A denial-of-service (DoS) attack is simply a type of cyber attack with the aim of making an online service unavailable to its users. A Distributed denial-of-service attack (DDoS) occurs when the attack comes from multiple IP addresses (usually thousands). DDoS attacks come in many forms but they are becoming more commonplace. There are roughly 50 million attacks every year. The attacks can overwhelm a web server’s bandwidth and can degrade or cause complete outages. The costs are even more staggering when you consider that each attack can cost millions in lost revenue. Not to mention the cost to detect and mitigate and damage to brand reputation. In 2016, almost half of companies affected each reported over $100k in damage from lost revenue per hour.

How to protect yourself

Service providers, followed by financial and gaming sectors, are the most at risk. To help protect users and itself, enTouch employs a DDoS mitigation strategy. Our security partners and enTouch engineers monitor traffic on our network 24/7 and automatically mitigate threats as they occur. This practice proactively contains and limits damage caused by DDoS attacks originating or targeting IP addresses on the enTouch network. If you find yourself a victim of a DDoS attack, providers such as NexusGuard have emergency on-boarding options to help mitigate the attack on your network quickly.

IoT Botnet Attacks

Another related cyber attack type involves turning connected devices, such as cameras, DVRs, wearables, routers and other embedded technologies against us. The collection of these compromised IoT (Internet of Things) devices is known as an IoT botnet. Malware allows an attacker to take control of these devices and use them to carry out DDoS attacks. Other actions include “bricking” the device, making it unusable.

How to protect yourself

The biggest thing one can do to prevent these types of cyber attacks is to change any factory default passwords and use a strong password. Many attacks exploit the fact that many people never change default login information for these devices.

Ransomware Attacks

Another growing and alarming threat is ransomware. While the method of infecting computers may be different by attack, the intent is the same—to hold victim’s data hostage in exchange for payment. This growing problem was the motivation behind 50% of cyber attacks in 2017. It is made more difficult to track because they often request payment in virtually untraceable cryptocurrencies such as Bitcoin.

The recent explosion in value of these currencies has made ransom attacks all the more popular. Many attacks use social engineering to deceive users into opening an attachment which executes a program to encrypt files on their network. The ransomer has the only key, which they request payment for in order to unencrypt a user’s data. The average ransom is $2,000-$10,000. One ransom demand is often the first demand in a string of requests for money, especially if the ransom is paid. Ransomers have become even more creative in the way they use this data to incentivize payment.  Some recent examples include the leaking of the new season of Orange is the New Black, chapters of Game of Thrones and Taylor Swift’s sixth album.

How to protect yourself

Your antivirus and malware software is up to date in order to protect yourself or your business from ransomware attacks. Security awareness for yourself and employees is critical as well. All employees should know the risks of suspicious emails and be cautious when opening emails or attachments from strangers. Backing up data regularly is another must for businesses. The data should also be stored separately from the original data so that it cannot be corrupted.

Summary

It’s becoming more important than ever to have a comprehensive online security strategy for your business. This strategy should include these growing threats as well as traditional virus and malware, physical security and user management. There are new threats being created every day so staying vigilant and up-to-date on what these threats are is the first step.

Sources:

  1. Radware Global Application & Network Security Report 2016-2017, 2017-2018
  2. (https://www.verisign.com/en_US/security-services/ddos-protection/how-does-a-ddos-attack-work/index.xhtml)
  3. https://digitalguardian.com/blog/ransomware-protection-attacks
  4. https://www.nexusguard.com/under-attack

Want more information about how enTouch Business can help?