Cyber Breaches and Attacks
- Published: Wednesday, March 27, 2019
Cyber breaches and attacks are reported in the news every day. Are we becoming immune or disconnected from the reality of what these reports mean? These are real dangers and can affect your personal and professional life so we need to be vigilant.
Here is a break down of some of the types of breaches and attacks, what they mean, how they work, and how this affects you.
Credential stuffing attack: Dunkin’ Donuts was a recent recipient of this attack. Essentially, credential stuffing describes an attack where cyber crooks will take combinations of usernames and passwords obtained from other compromised sites and use these to get access on accounts at other sites.
ClickJacking Attacks: The hacker will hide the actual interface the user should click on and substitute their own malicious link. These links may be used to gather your personal information.
Bait and Switch: A hacker may purchase ad space on a website. When the user clicks on the ad, he might get directed to a page loaded with malware or a credential stealing login page.
Phishing: A wildly successful campaign used by attackers to implore the user to take an action in order to complete the phish. The action may include a login, transfer of money, download of malware or ransomware. Phishing is the #1 cause of a data breach.
Fake Wireless Access Points: Hackers will create a phony access point in public places. Once you connect to it they may have access to your personal information.
Denial of Service: DoS/DDoS This technique is designed to take down a site or server by flooding it with a lot of traffic, overwhelming the site and causing it to crash. The reasons for DoS attacks vary from political agendas or criminal activity in order to infiltrate and flood the local network with botnets and Trojans.
Keylogger: Software that will record the user’s keystrokes into a log. This log may contain sensitive information that can then be obtained by a hacker.
Credit Card Skimmers: These devices are placed over the top of legitimate card readers. When a credit or debit card is swiped through the skimmer the device will capture the details stored on the card. Crooks can then use this information to make fraudulent charges. See our recent blog about card skimmers.
How can you protect yourself? Follow security best practices when engaging in online activity and be aware of your physical surroundings. It can be more difficult once you put your information out on the web. Make sure to use strong and long passwords/passphrases. Don’t use the same password on multiple sites. Use a password manager to help you remember your passwords. Implement 2 factor authentication where possible.