Contact Support

If you are an existing client to get support call us on:

+44 (0)1483 412 042

OR

Login to the portal

Support portal

If you've been given a 6-digit support code

click here

Not an existing customer?

Contact us

COVID-19 Update: Despite Covid-19 it is very much business as usual at ramsac. Our team are working remotely to continue to deliver the industry leading IT support and project work you expect from us. Please get in touch to find out how we can support your business or check out our Covid-19 resources.

An Introduction to Cyber Attacks

The only way to protect yourself from a threat is to know the threat that’s targeting you. This is essential for cybersecurity because businesses are attacked by hackers every single day. Yet despite this, only 32% of UK businesses identified an attack in the last six months. Cyber attacks haven’t slowed. They’ve become harder to detect. Which is why it’s more important now than ever to know the types of cyber attacks your business faces. That’s where our helpful introduction to cyber attacks comes in.

Types of cyber attack

Understanding that different types of cyber attacks come in many forms and have any number of goals is the first step. It’s important to recognise that cyber attacks will not always look the same.

Sometimes, the goal is a financial one, and other times hackers are driven by political motives. Some hackers are just ambitious people who want to see if they can do it. Others may just have some petty grievance with a company and want to cause them indirect pain. Find out more about how to think like a cybercriminal, to gain a better understanding of the different motives there could be.

Beyond the financial impact (that has grown 72% in the last 5 years to almost £10 million a year), cyber attacks can cost reputations, disrupt families and even cost lives. It is a $6 trillion a year industry that’s showing no signs of slowing down.

But there are ways to fight it. The InfoSec industry is booming in response to the global need and software is becoming more and more adept at tackling threats before they appear.

The biggest threat to companies, however, remains to be education (or more specifically, the lack of it). So, to help you out, here are the most common types of cyber attacks your business is likely to face.

Introduction to cyber attacks: a list of common types

  • Denial of Service Attacks
  • Malware
  • MitM Attacks
  • Phishing Attacks
  • SQL Injection

“There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.”

– John Chambers, Former Cisco CEO

Type of cyber attack: A denial-of-service

A denial-of-service attack is designed to stop your networks from working. They can’t pull the plug on your systems, so instead they bombard them with requests and data.

For example, if you try to connect to your company server from your computer, a message is sent along your network, hits the server and the server responds. That message takes up a little bit of bandwidth. Bandwidth is like a pipe, as the analogy always goes.

Now imagine tens of thousands of messages being thrown down the pipe every second. The pipe gets blocked and the server is overwhelmed with messages. Anything you try and do just hits a backlog of requests and never reaches the server. That is a denial-of-service, or DoS, attack.

Attackers can also use multiple compromised devices to launch this attack. This is known as a distributed-denial-of-service (DDoS) attack.

How effective can these attacks be?

According to a 2017 report, by 2021, hackers will be able to send 1GB of data into your systems every second with ease.

In February 2018, GitHub, a popular developer platform, was hit with a DDoS attack that sent 1.35 terabits of data every second into their servers and systems.

According to GitHub, the traffic was traced back to “over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.”

What’s worse is that GitHub was not entirely unprepared for a DDoS attack—they simply had no way of knowing that an attack of this scale could be launched.

Impact

The impact of a DoS attack can be hugely costly to your IT teams. Identifying a DoS attack can be challenging all on its own. Working out what’s going on requires sending requests to servers and networks, which can be slowed or blocked by the attack.

Once identified, you need to figure out how to block the spam traffic and allow normal service to resume. Eventually. You parse all the spam requests and those blocked pipes become free again.

The world’s biggest DDoS attack sent

1.35TB

of data every second to the target system

Type of cyber attack: Malware

Malware is a blanket term for “malicious software”. This can include spyware, ransomware, viruses, and worms. In order to affect your business, malware needs an entry point. Most commonly, it is given an opening when someone on your network opens an unexpected email attachment. Other times, a hacker physically enters your site and uses a USB port to upload malware.

Once inside your system, malware can do some or all of the following:

  • Block access to key components of your network
  • Covertly obtain information by transmitting data out of your network
  • Disrupt components and render your system inoperable

How effective are malware attacks?

The most popular type of malware attack is ransomware, which is also one of the most common types of cyber attack. While WannaCry and NotPetya have received a lot of media attention, another piece of ransomware has been doing damage for years.  At its peak in early 2017, a ransomware known as Cerber accounted for 26% of all ransomware infections.

As we mentioned, cybercrime is a trillion dollar industry and Cerber is distributed as ransomware-as-a-service (RaaS). It has hit millions of users worldwide and even offers an affiliate program for cybercriminals.

Cerber targets users with an elaborate phishing campaign. Typically, the victim receives an email with an infected Microsoft Office document attached. Once opened, ransomware runs in the background, encrypting all your files. After the encryption, users will find ransom notes in encrypted folders and on their desktops.

Impact

Cerber usually demands $280 in Bitcoin. In might not seem like much, but there are 3 problems with paying ransom ware.

  1. Paying the ransom doesn’t guarantee recovery of your data
  2. Paying a ransom doesn’t protect you from future attacks
  3. Paying a ransom funds cybercrime at large

Being denied your data can be agonising, as the NHS knows all too well, but yielding to the demands will only cause issues in the future. While most malware can be detected by modern firewalls, those that get through require a phishing element. This demonstrates the need for a better human firewall and company-wide training in an introduction to cyber attacks and cybersecurity.

Type of cyber attack: man-in-the-middle

Man-in-the-middle (MitM) attacks, occur when attackers insert themselves into a data transaction. Between you and your online bank, for example.  Once the attacker interrupts the traffic, they can filter and steal data.

Two common points of entry for MitM attacks:

  1. Malware is inserted into a device directly. The traffic is then monitored and harvested. More sophisticated versions can lay dormant for months, until a very valuable piece of data appears.
  2. On unsecure public Wi-Fi, attackers can insert themselves between your device and the network. Without knowing, you pass all information through the attacker, rather than the coffee shop Wi-Fi.

 

 

How effective are MitM attacks?

Due to their nature, MitM attacks are hard to track or spot. In a benign way, this technique was used during World War II after the Enigma Code was cracked. Codebreakers would intercept messages, decode them and pass them along, recoded.

There is one case of a couple who lost £340,000 after hackers intercepted their emails to their solicitors during a property sale.

Impact

MitM attacks are all about intelligence gathering. As such, they are commonly used today as part of more elaborate phishing scams and corporate espionage. The best versions of these attacks happen without you noticing. You aren’t even the intended target, but hackers will use your information to exploit someone else.

Type of cyber attack: Phishing

Phishing comes from the word “fishing” and deploys the same tactics. Using the right kind of bait, an unsuspecting target can be caught.

By exploiting ignorance and human psychology, phishing scams create a situation where you feel comfortable letting your guard down. Typically, you receive an email from a trusted source, such as your boss or your bank. That email will include a link or a request for information. If you fail to spot the artifice, your data is stolen or your computer is hacked upon clicking the link.

 

How effective are phishing scams?

Phishing attacks vary in their demands and many companies like to keep their attacks out of the public eye. But, one estimate suggests that this type of cyber attack averagely costs to a medium-sized company $1.6 million per attack.

Of the 124 billion emails sent every day, more than 1,000 of them contain a phishing scam. Your spam box is probably full of them right now.

 

Impact

These days, phishing scams are easy to spot, but people still fall for them every day. More sophisticated phishing scams target specific people, like CEOs and CFOs. This is called ‘Whaling’ because targeting a powerful and influential person with a scam can be far more lucrative.

This is why it is so important to make sure that even board members receive cyber security training.

1 in 25 branded emails… is a phishing email

Type of cyber attack: SQL injection

An attacker can force a server to reveal information you would rather have safe by injecting queries using Structured Query Language (SQL).

What this means is that if your website isn’t built properly, hackers can use any field on your site to input code and trick your server into giving them information. Usually, this causes your server to reveal all your customer data, including passwords, names and bank information.

Impact

SQL injections are getting harder and harder to pull off. Modern website builds and the introduction of SSL certification is helping to encrypt and protect businesses from being exploited by faulty form fields. SQL injections have led to the rise of field validation, giving IT teams more control over the information that users are putting into their websites.

How effective are SQL injections?

In October 2015, Talk Talk revealed that they were being extorted for the return of data stolen by hackers who had used an SQL injection. The attack, which was launched on a system that belonged to a company Talk Talk had just bought, allowed the hackers to burrow their way into the valuable customer records and hold the telecoms giant to ransom.

In addition to a £400,000 fine levied from the Information Commissioner’s Office, the company lost millions in reputation damage, employee hours and lost service. Learn more about the average cost of a data breach.

 

When it comes to cyber attacks, knowledge is power

Not all cybercrime can be prevented with tech alone. Your people are your human firewall and you need to provide them with the skills and awareness to help keep your organisation safe.

The ramsac phishing awareness subscription is a great way of increasing awareness. We help you test which of your employees can spot a phishing email and which are fooled by them. Get in touch for more information.

 

Get in touch
Registration No. 26980136
Terms and Conditions | Privacy Notice
GBH Law
GBH Law
11:29 22 May 20
Changing IT support providers, like changing lawyers, is not a decision any business takes lightly or frequently. The decision is fraught with numerous questions such as whether the new team will understand my business needs, will it cause teething problems, and more importantly, will the reality match the sales pitch! We took that decision to move to Ramsac in January after ten years with another provider and we have not regretted that choice for a moment. Ramsac are simply great! From the get go we have been very well supported from the front line very helpful telephone support team right up to our relationship manager. We feel that the Ramsac team are very much an integral part of us . What however has driven us to write this review is the fabulous support we have received following a cyber attack this week. Something no business wants to happen but is increasingly a sad factor of modern cyber life. The Ramsac cyber support team were superb and really gave us first class support and guidance through what was frankly a horrible experience. Thank you Dan! Denise Herrington
The HR Services Partnership
The HR Services Partnership
17:59 16 Jan 20
We have worked with Ramsac since 2015. They offer a truly winning formula. We have been delighted by their support at all three levels: our network consultant (Colin) understands our set up and is great when we need to upgrade our infrastructure; we have ready access to our account manager who has been great with supporting our growth; and the helpdesk is always so patient for the day-to-day glitches. Very professional and supportive – thank you team ramsac!
Zoe Brooks
Zoe Brooks
13:02 16 Jan 20
Sam on the support desk is extremely knowledgeable and helpful. Every time I have rung with an issue and she has helped the problem has always been rectified smoothly and quickly!
Sarah-Jane Calloway
Sarah-Jane Calloway
16:02 06 Jan 20
Ed spent two days with us following an office reshuffle. He worked to a very high standard and was very helpful, courteous and happy to sort out anything we asked of him!
Luke Hoey
Luke Hoey
14:20 07 Nov 19
Always very helpful and will work hard to resolve any issues you have.
Richard Renson
Richard Renson
16:54 10 Dec 18
Great, helpful IT Kings and Queens
Andrew Worth
Andrew Worth
12:37 30 Aug 18
fine bunch
Colin Warner
Colin Warner
08:46 06 Dec 17
Excellent managed service provider.
Selom B
Selom B
11:58 10 Dec 16
First Class!! Responsive, knowledgeable, professional and very easy to work with - Ramsac have been a fantastic strategic IT partner for the last few years and I'm sure will continue to be for many years going forward. I would highly recommend them!
Ian Windle - Inspiring Leadership
Ian Windle - Inspiring Leadership
08:53 04 Jul 16
Great IT business, with a powerful management team. Could not recommend them more highly.
Patrick O'Luanaigh
Patrick O'Luanaigh
10:55 01 Jul 16
A truly fantastic IT support company - I can't speak highly enough about them.
Sarah Whitemore
Sarah Whitemore
11:59 20 Jun 16
I have known Dan May and Ramsac for 5 or 6 years now. Dan is such a great guy and really helpful with strategic advice and input on all things IT. He's so approachable and doesn't baffle you with IT jargon. If you are looking to outsource your IT or you have a problem you need help with Dan is definitely the one to ask.
Jonathan Richards
Jonathan Richards
12:14 31 May 16
I've worked with Ramsac for many years and whole heartedly recommend their services. They are always professional, approachable and have the rare skill of making IT understandable. Their can do attitude leaves you feeling that you are in safe hands.
See All Reviews
© 2020 ramsac. All rights reserved.