7 Scary Cybersecurity Threats to Avoid this Halloween

Ghosts and ghouls are very spooky, but nothing is more frightening than realizing a cyberattack has targeted you. Be wary of these common tricks played by bad actors.

Malware

Malware is malicious software that includes spyware, ransomware, worms, and viruses. Often malware is activated when a user clicks a suspicious link that automatically installs harmful software. This malware, once activated, can block access to critical network components as ransomware, or it can install additional dangerous software. This includes spyware, which covertly obtains information by transmitting data from the hard drive.

Malware also can make the entire system inoperable by causing massive disruption to individual parts. An especially vicious piece of malware is called Emotet. Described by the Cybersecurity and Infrastructure Security Agency (CISA) as advanced and modular, this trojan functions as a downloader of other banking trojans and is among the most costly and destructive.

 

Phishing

Phishing attacks manipulate the human on the receiving machine by using fake communication, such as an email, to deceive the victim into carrying out the instructions inside the message. This could be a request to provide sensitive information, such as credit card or log-in credentials, or a click that automatically installs malware on the victim’s machine. There are many types of phishing attacks. The most basic is email phishing, where someone pretends to be an employer, relative, or good-be-doer with access to millions, and all they require is sensitive information.

Other phishing attacks it is judicious to familiarize yourself with include spear phishing, vishing (voice phishing), HTTPS phishing, pharming, pop-up phishing, evil twin phishing, whaling, search engine phishing, and clone phishing.

 

Data Breaches

A data breach is a security violation that can have far-reaching implications. Sensitive or protected data is copied, stolen, or inappropriately used by an unauthorized individual or group. This sort of breach is also called unintentional information disclosure or data spill. Data breaches can occur through accidental insider data exposure, a malevolent inside actor, lost devices, and criminal actions.

There are three main types of data breaches. The first is a physical breach, also known as corporate espionage, where equipment and physical documentation are stolen. An electronic breach is an unauthorized access or attack on a system where cardholder and sensitive data is processed, stored, or transmitted. Lastly, a skimming attack targets physical bank cards by capturing and recording the data off the magnetic strip on the back of credit cards, often done with an external device installed on a merchant’s Point of Sale system without their knowledge.

 

Denial-of-Service (DoS) & Distributed DoS (DDoS) Attacks

A Denial-of-Service (DoS) attack focuses on shutting down a machine, system, or network. DoS attacks accomplish this through the overwhelming transmission of traffic or information, overloading the target and triggering a crash. This causes legitimate users to be unable to access the targeted system, costing organizations time and money while their operations are down.

There are many methods for carrying out a DoS attack. Still, the most common is when a network server is flooded with traffic by illegitimate service requests with fabricated return addresses. This causes the server to be overwhelmed, prompting a DoS condition for legitimate users. DoS attacks can impact individual networks indirectly by attacking the network’s cloud service provider or internet service provider (ISP), resulting in a loss of service on the network. A distributed denial-of-service attack often leverages hijacked internet-connected devices to carry out attacks at a larger magnitude.

 

Credential Theft

Credential theft is the first step in a credential-based attack. Credentials are often stolen through phishing attacks or purchased on the dark web. More than 60% of cybersecurity breaches involve credentials that have been stolen. Interestingly, credential phishing often relies on human interaction to harvest credentials, while malware and viruses exploit system vulnerabilities successfully.

Credential theft can be limited through the deployment of identity access management (IAM) and privileged access management (PAM). Organizations that utilize IAM and PAM to authenticate user identities. It is important to note that effective monitoring of the Active Directory (AD) is critical for proper credential protection. Bad actors leverage AD to locate admin and privileged accounts to gain unfettered access to central systems.

 

Man in the Middle (MitM) Attack

A man-in-the-middle attack is an eavesdropping cyberattack in which communications or data being transmitted between two parties is intercepted. This cyber-attack is used to steal credentials, spy on unsuspecting parties, sabotage communication systems, and corrupt data. After inserting themselves “into the middle of” the transfer, the attacker impersonates both legitimate parties to send malicious links or information in a way that might be close to imperceptible to detect.

The attacker, the man in the middle, hijacks the session and inserts relays or proxies into the legitimate transfer or communication. This allows real-time exploitation to go undetected, enables interception of sensitive data, and allows the attacker to insert malicious data or links in a way that is indistinguishable from legitimate data. MitM involves a broad span of techniques and goals that vary based on the target. Familiarize yourself with SSL stripping, DNS spoofing, and Evil Twin attack methodology.

 

SQL Injection

SQL Injection is a web security vulnerability that enables an attacker to interfere with back-end calls an application makes to its database. A common web hacking technique, SQL injection literally injects an SQL query via the input data from the client to the application. This exploit is done to read sensitive data from the database and modify the data in the database, execute admin operations on the database and sometimes issue commands to the operating system.

This sort of backend database manipulation to access information allows the hacker access to information that was not intended to be displayed, including company or client data. The consequences of SQL injection on an organization are staggering in some instances where the attacker gains admin rights to a database. Websites are the most frequent targets of SQL injection attacks, while this vector can be used to attack any SQL database.

 

American Technology Services is a Managed Security Service Provider (MSSP) based in the Washington DC Metro and NYC. ATS offers comprehensive cybersecurity services, information security services, software development, and emerging tech R&D.