Jul 14 21:04:13, 2023
Part 1: Common types of cyber attacks
Common types of cyber attacks against private users and ways to protect against them. Part 1
When hackers seek to steal money from the victim’s bank card or gain access to secret information, they use various types of attacks. For example, they may trick the user into revealing personal data with the help of phishing, spread malware or intercept the connection between the user computer and the server.
In this article, we will describe the types of cyber attacks that hackers use to steal information and money, and will discuss how to protect against hackers.
Phishing is a type of an online attack when hackers attempt to coax the victim into giving away his/her sensitive information.
The most common method of a phishing attack is to send fraudulent emails asking the user to disclose some information, download a file or follow a link. The attacker crafts an email or some other notification message so the user thinks it comes from a bank or another organization. Then the hacker pretends to represent that organization and requests some most confidential information from the user.
According to Symantec Internet Security Threat Report for 2021, some 0.5% of all URLs in web traffic are phishing URLs; 5.8% of all malicious URLs are phishing URLs.
There are several types of phishing attacks:
Spear phishing types of attacks are targeted at certain types of people, such as system administrators.
Whaling (CEO Fraud) types of attacks are targeted at top management.
In 2015, the tech firm Ubiquiti Networks lost 40 million dollars because of a cyber scam attack. The fraudsters did not even have to resort to hacking — they just sent a most common email in the name of a top manager to the company’s finance department requesting to send 40 million dollars to a specified bank account. The staff plainly sent the money without verifying the email’s authenticity.
Search engine phishing types of attacks involve creating a website and using search engine optimization (SEO) to bring it to the top of search results. Users tend to trust the website that appears at the top of their search, so they often lose their money or give away their personal information in this type of a cyber attack.
Vishing attacks are launched via voicemail.
The medical network company Spectrum Health System reported a vishing attack in September 2020. At that time, attackers called patients, posed as the clinic’s staff and attempted to defraud most of them of their personal data, as well as to steal money both from patients and the clinic’s staff members.
URL spoofing: another type of phishing attack
In this type of cyber attack, hackers create a phishing site that looks most identical to a real one. The URLs of these types of websites typically differ in just one character from the real sites’ URLs. The fake site’s address is shortened using a popular URL shortener service and distributed to unsuspecting users. Such links help to bypass the spam filters in email services and social networks. When a user clicks on such a phishing URL, it is difficult to spot the changed letter in it.
How to protect against phishing attacks
Do not trust strangers. If someone you don't know is trying to contact you, find out who they are and why they are writing to you. If the person attacks you verbally, pressures or threatens you, block him/her.
Do not trust people if they contact you and introduce themselves as a company’s employees, especially if they tell you there is some problem you need to address. In this case, it is better to contact that company and ask if there is indeed a problem.
Here is a list of some actions that give away fraudsters’ attacks:
They divert your attention to something. For example, they may say there has been a large money transfer made from your bank account, or you may be prosecuted if you do not pay a fine immediately.
They push you to act promptly, typically using such words as “fast”, “immediate”, “most urgent” etc. Alternatively, they may try to intimidate you verbally in a telephone conversation or voice messages.
They send you links with typos or tweaked characters. For example, there might be an ”I” in place of an “l”. You may overlook a changed letter if you have the font in your messenger or email client set to Calibri, Arial or similar. Also, they may send you a URL with dots instead of slashes, e.g. “www.example.com.login.transfer” in place of “www.example.com/login/transfer”, effectively creating subdomains.
They send links to websites with most dubious designs. Thus, if you receive an email with a link leading to a well-known site, but the site looks odd to you, check if the URL is correct and does not have any tweaked letters in it.
They send links to websites that do not use HTTPS. HTTPS is a regular HTTP with an added SSL certificate. This means that a hacker cannot tap into your connection with an HTTPS website and steal information. When you are accessing an HTTP site, that is possible.
Protect your computer and accounts. We talked about this in the article “Basic internet security rules”. Here is a list of actions:
Keep your personal and business internet security separate;
use strong passwords;
set up two-factor authentication;
do not share confidential information in chats.
Do not disclose your personal information on the internet. For your security, do not publish passport scans, do not fill out all personal fields in your social media profiles. For added security, use virtual phone numbers when you register on different websites. If you don’t use your personal phone number for signups, there will be less chances for attackers to sniff it out and call you.
A Man-in-the-Middle (MITM) attack is a type of a cyber attack when the fraudster taps into a connection between a server and a user computer. Essentially, the attacker becomes a third party eavesdropping on the communication between the user and the website and able to unobtrusively steal sensitive data being transmitted between the user and the website.
Attacks of this type often target HTTP sites as they don’t have protection against interception. If the user types his/her bank card details or internet banking password on such a site, an attacker may be able to intercept and steal that data once he/she has hacked into the internet connection.
In 2019, an Israeli startup lost 1 million dollars because of a MITM attack.
Hackers intercepted emails between the startup and a Chinese venture capital network fund, manipulated them and sent them to the recipient using a counterfeit domain. Neither party ever noticed they were in fact talking to scammers.
As a result, the venture capital network fund transferred $1 million to the scammers' account, thinking it was sending the money to their client.
How to protect against MITM attacks
Do not use public Wi-Fi networks. Most of such networks are not password protected and often get hacked, so hackers can intercept any information you are receiving from websites while connected to such a network.
Do not recycle your passwords. Suppose a hacker launches a MITM attack and finds out your password to an account. If you use different passwords for different accounts, the hacker will only gain access to only one of your accounts. However, if you use the same password for all of your accounts, the hacker will gain access to all of them at once.
Connect only to websites that have HTTPS/SSL encryption. Such sites on the network encrypt the communication between the user and the server. Hackers cannot attack by tapping into the communication channel and intercept information, as they can do with HTTP communication.
To avoid a MITM attack while browsing the web, ensure your security by using an antivirus — it will prevent you from visiting a HTTP website. Another option to avoid an attack is to use a browser that requires user consent before accessing an HTTP site, such as Google Chrome or Mozilla Firefox.
Use a VPN. A VPN protects your traffic with the help of encryption algorithms. If a hacker attempts a MITM attack, he/she will fail, because your traffic is encrypted. And to enhance your security even further, you can use a proxy along with a VPN.
In this case, VPN encrypts your traffic, and a proxy provides extra anonymization.
Cryptojacking is a type of an attack when hackers gain access to another party’s computing resources and use them to mine cryptocurrency.
When mining software runs stealthily on a computer, the users often don’t know or suspect that. However, there are two signs that can give away a running crypto mining program: computer slowdown and overheating because of the extra load on the CPU and/or GPU.
In the first 6 months of 2022, the volume of global cryptojacking amounted to 66.7 million, which is a 30% rise over the first half of 2021, as reported by the US cyber security company SonicWall.
How to protect against cryptojacking attacks
Protection of your security against a cryptojacking attack is based on the same principles as protection against malware and SQL injections:
always use an antivirus;
do not follow suspicious links;
do not visit websites that do not have HTTPS/SSL encryption.
Also, it is a good habit to keep track of your computer's resources. If you notice that your computer has become slower after you have visited a certain website or clicked on an advertisement banner, the chances are that you have been infected with crypto mining malware.
To check that, go to Task Manager and check the CPU and GPU load.
You can access Task Manager in Windows by pressing Ctrl + Shift + Esc. Alternatively, you can right click on Start and select Task Manager.
This Task Manager screen shows your PC’s current load. Note the numbers in brackets next to Google Chrome — this is the number of open tabs. If you expand this description, you will see which tab consumes more PC resources.
Apart from CPU, it is also important to see your GPU load. If the GPU is not being used and the website is not putting any load on it, GPU usage must be low. If any tab is putting heavy load on your CPU or GPU, try closing it. There may be cryptocurrency being mined there.
To enable GPU load display, go to the Processes tab in the Task Manager, right-click on any column header and check the GPU line.
As for RAM usage, it can be high even if a website looks simple on the face of it. No reason to worry here.
In macOS, you can use Activity Monitor similar to Task Manager in Windows. For it, go to Finder → Applications → Utilities. Alternatively, you can access Activity Monitor via Spotlight. For that, click on the search icon in the menu string on the right and enter “Activity Monitor”.
If your computer has indeed become part of a malicious network and is being used for mining a cryptocurrency without your knowledge, the GPU load can be 10%, 20% or 100%, depending on the malware types and whether the hacker put a load limit on the hidden mining malware.
Also, you should always keep your software up to date so that vulnerabilities in older versions of software cannot be exploited to install mining malware from the network.
In the next article, we will tell you about malware and how hackers use it to steal millions of dollars from regular users.