Contact Support

If you are an existing client to get support call us on:

+44 (0)1483 412 042

OR

Login to the portal

Support portal

If you've been given a 6-digit support code

click here

Not an existing customer?

Contact us

An Introduction to Cyber Attacks

The only way to protect yourself form a threat is to know the threat that’s targeting you. This is essential for cybersecurity because businesses are attacked by hackers every single day. Yet despite this, only 32% of UK businesses identified an attack in the last six months. Cyber attacks haven’t slowed. They’ve become harder to detect. Which is why it’s more important now than ever to know the types of cyber attacks your business faces.

Types of cyber attack

Cyber attacks come in many forms and have any number of goals. Sometimes, the goal is a financial one, other times hackers are driven by political motives. Some hackers are just ambitious people who want to see if they can do it. Others may just have some petty grievance with a company and want to cause them indirect pain.

And pain is certainly what it causes. Beyond the financial impact (that has grown 72% in the last 5 years to almost £10 million a year), cyber attacks can cost reputations, disrupt families and even cost lives. It is a $6 trillion a year industry that’s showing no signs of slowing down.

But there are ways to fight it. The InfoSec industry is booming in response to the global need and software is becoming more and more adept at tackling threats before they appear.

The biggest threat to companies, however, remains to be education (or more specifically, the lack of it). So, to help you out, here are the most common cyber attacks your business is likely to face.

A list of common cyber attacks

  • Denial of Service Attacks
  • Malware
  • MitM Attacks
  • Phishing Attacks
  • SQL Injection

“There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.”

– John Chambers, Former Cisco CEO

Denial-of-service attack

A denial-of-service attack is designed to stop your networks from working. They can’t pull the plug on your systems, so instead they bombard them with requests and data.

For example, if you try to connect to your company server from your computer, a message is sent along your network, hits the server and the server responds. That message takes up a little bit of bandwidth. Bandwidth is like a pipe, as the analogy always goes.

Now imagine tens of thousands of messages being thrown down the pipe every second. The pipe gets blocked and the server is overwhelmed with messages. Anything you try and do just hits a backlog of requests and never reaches the server. That is a denial-of-service, or DoS, attack.

Attackers can also use multiple compromised devices to launch this attack. This is known as a distributed-denial-of-service (DDoS) attack.

How effective can these attacks be?

According to a 2017 report, by 2021, hackers will be able to send 1GB of data into your systems every second with ease.

In February 2018, GitHub, a popular developer platform, was hit with a DDoS attack that sent 1.35 terabits of data every second into their servers and systems.

According to GitHub, the traffic was traced back to “over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.”

What’s worse is that GitHub was not entirely unprepared for a DDoS attack—they simply had no way of knowing that an attack of this scale could be launched.

Impact

The impact of a DDoS attack can be hugely costly to your IT teams. Identifying a DoS attack can be challenging all on its own. Working out what’s going on requires sending requests to servers and networks, which can be slowed or blocked by the attack.

Once identified, you need to figure out how to block the spam traffic and allow normal service to resume. Eventually. You parse all the spam requests and those blocked pipes become free again.

The world’s biggest DDoS attack sent

1.35TB

of data every second to the target system

Malware

Malware is a blanket term for “malicious software”. This can include spyware, ransomware, viruses, and worms. In order to affect your business, malware needs an entry point. Most commonly, it is given an opening when someone on your network opens an unexpected email attachment. Other times, a hacker physically enters your site and uses a USB port to upload malware.

Once inside your system, malware can do some or all of the following:

  • Block access to key components of your network
  • Covertly obtain information by transmitting data out of your network
  • Disrupt components and render your system inoperable

How effect are malware attacks?

The most popular type of malware attack is ransomware. And while WannaCry and NotPetya received a lot of media attention, another piece of ransomware has been doing damage for years.  At its peak in early 2017, a ransomware known as Cerber accounted for 26% of all ransomware infections.

As we mentioned, cybercrime is a trillion dollar industry and Cerber is distributed as ransomware-as-a-service (RaaS). It has hit millions of users worldwide and even offers an affiliate program for cybercriminals.

Cerber targets users with an elaborate phishing campaign. Typically, the victim receives an email with an infected Microsoft Office document attached. Once opened, ransomware runs in the background, encrypting all your files. After the encryption, users will find ransom notes in encrypted folders and on their desktops.

Impact

Cerber usually demands $280 in Bitcoin. In might not seem like much, but there are 3 problems with paying ransom ware.

  1. Paying the ransom doesn’t guarantee recovery of your data
  2. Paying a ransom doesn’t protect you from future attacks
  3. Paying a ransom funds cybercrime at large

Being denied your data can be agonising, as the NHS knows all too well, but yielding to the demands will only cause you issues in the future. While most malware can be detected by modern firewalls, those that get through require a phishing element. This demonstrates the need for a better human firewall and company-wide cybersecurity training.

Man-in-the-middle attack

Man-in-the-middle (MitM) attacks, occur when attackers insert themselves into a data transaction. Between you and your online bank, for example.  Once the attacker interrupts the traffic, they can filter and steal data.

Two common points of entry for MitM attacks:

  1. Malware is inserted into a device direct. The traffic is then monitored and harvested. More sophisticated versions can lay dormant for months, until a very valuable piece of data appears.
  2. On unsecure public Wi-Fi, attackers can insert themselves between your device and the network. Without knowing, you pass all information through the attacker, rather than the coffee shop Wi-Fi.

 

 

How effective are MitM attacks?

Due to their nature, MitM attacks are hard to track or spot. In a benign way, this technique was used during World War II after the Enigma Code was cracked. Codebreakers would intercept messages, decode them and pass them along, recoded.

There is one case of a couple who lost £340,000 after hackers intercepted their emails to their solicitors during a property sale.

Impact

MitM attacks are all about intelligence gathering. As such, they are more commonly used today as part of more elaborate phishing scams and corporate espionage. The best versions of these attacks happen without you noticing. You aren’t even the intended target, but hackers will use your information to exploit someone else.

Phishing

Phishing comes from the word “fishing” and deploys the same tactics. Using the right kind of bait, an unsuspecting target can be caught.

By exploiting ignorance and human psychology, phishing scams create a situation where you feel comfortable letting your guard down. Typically, you receive an email from a trusted source, such as your boss or your bank. That email will include a link or a request for information. If you fail to spot the artifice, your data is stolen or your computer is hacked.

 

How effective are phishing scams?

Phishing attacks vary in their demands and many companies like to keep their attacks out of the public eye. But, one estimate suggests that the average cost to a medium-sized company is $1.6 million per attack.

Of the 124 billion emails sent every day, more than 1,000 of them contain a phishing scam. Your spam box is probably full of them right now.

 

Impact

These days, phishing scams are easy to spot, but people still fall for them every day. More sophisticated phishing scams target specific people, like CEOs and CFOs. This is called ‘Whaling’ because targeting a powerful and influential person with a scam can be far more lucrative.

This is why it is so important to make sure that even board members receive cyber security training.

1 in 25 branded emails

is a phishing email

SQL injection

An attacker can force a server to reveal information you would rather have safe by injecting queries using Structured Query Language (SQL).

What this means is that if your website isn’t built properly, hackers can use any field on your site to input code and trick your server into giving them information. Usually, this causes your server to reveal all your customer data, including passwords, names and bank information.

Impact

SQL injections are getting harder and harder to pull off. Modern website builds and the introduction of SSL certification is helping to encrypt and protect businesses from being exploited by faulty form fields. SQL injections have led to the rise of field validation, giving IT teams more control over the information that users are putting into their websites.

How effective are SQL injections?

In October 2015, Talk Talk revealed that they were being extorted for the return of data stolen by hackers who had used an SQL injection. The attack, which was launched on a system that belonged to a company Talk Talk had just bought, allowed the hackers to burrow their way into the valuable customer records and hold the telecoms giant to ransom.

In addition to a £400,000 fine levied from the Information Commissioner’s Office, the company lost millions in reputation damage, employee hours and lost service.

 

When it comes to cyber attacks, knowledge is power

Not all cybercrime can be prevented with tech alone. Your people are your human firewall and you need to provide them with the skills and awareness to help keep your organisation safe.

The ramsac phishing awareness subscription is a great way of increasing awareness. We help you test which of your employees can spot a phishing email and which are fooled by them. Get in touch for more information.

 

Get in touch
Registration No. 26980136
Terms and Conditions | Privacy Notice
The HR Services Partnership
The HR Services Partnership
17:59 16 Jan 20
We have worked with Ramsac since 2015. They offer a truly winning formula. We have been delighted by their support at all three levels: our network consultant (Colin) understands our set up and is great when we need to upgrade our infrastructure; we have ready access to our account manager who has been great with supporting our growth; and the helpdesk is always so patient for the day-to-day glitches. Very professional and supportive – thank you team ramsac!
Zoe Brooks
Zoe Brooks
13:02 16 Jan 20
Sam on the support desk is extremely knowledgeable and helpful. Every time I have rung with an issue and she has helped the problem has always been rectified smoothly and quickly!
Sarah-Jane Calloway
Sarah-Jane Calloway
16:02 06 Jan 20
Ed spent two days with us following an office reshuffle. He worked to a very high standard and was very helpful, courteous and happy to sort out anything we asked of him!
Luke Hoey
Luke Hoey
14:20 07 Nov 19
Always very helpful and will work hard to resolve any issues you have.
Richard Renson
Richard Renson
16:54 10 Dec 18
Great, helpful IT Kings and Queens
Andrew Worth
Andrew Worth
12:37 30 Aug 18
fine bunch
Colin Warner
Colin Warner
08:46 06 Dec 17
Excellent managed service provider.
Selom B
Selom B
11:58 10 Dec 16
First Class!! Responsive, knowledgeable, professional and very easy to work with - Ramsac have been a fantastic strategic IT partner for the last few years and I'm sure will continue to be for many years going forward. I would highly recommend them!
Ian Windle - Inspiring Leadership
Ian Windle - Inspiring Leadership
08:53 04 Jul 16
Great IT business, with a powerful management team. Could not recommend them more highly.
Patrick O'Luanaigh
Patrick O'Luanaigh
10:55 01 Jul 16
A truly fantastic IT support company - I can't speak highly enough about them.
Sarah Whitemore
Sarah Whitemore
11:59 20 Jun 16
I have known Dan May and Ramsac for 5 or 6 years now. Dan is such a great guy and really helpful with strategic advice and input on all things IT. He's so approachable and doesn't baffle you with IT jargon. If you are looking to outsource your IT or you have a problem you need help with Dan is definitely the one to ask.
Jonathan Richards
Jonathan Richards
12:14 31 May 16
I've worked with Ramsac for many years and whole heartedly recommend their services. They are always professional, approachable and have the rare skill of making IT understandable. Their can do attitude leaves you feeling that you are in safe hands.
See All Reviews
© 2020 ramsac. All rights reserved.