Risks from a cyber attack

Lately, a lot of people ask me about the risks from a cyber attack, and should they worry about being a victim of a malicious hacker attack. In this paper I will present some of the most commonly used attacks and how they could affect you.

One of the oldest but still one of the most commonly used techniques is SQL Injection. It uses a vulnerable form or other field in a web application that directly communicates with the database. Attack is performed by injecting SQL code into queries sent to the database. In case of invalid filtering of the input, the database executes the SQL statement and provides the hacker with the ability to retrieve, replace, or delete all data. This attack could affect any web application / site that works with a database and is incorrectly configured. The attack could seriously harm you, especially in the context of the new GDPR requirements. If your information is leaked publicly and is not protected by encryption methods or other mechanisms, hackers can access sensitive information, accounts, passwords, and more. This type of attack can be detected by running a web application security test, and security can be achieved by correcting the programming code or using security products for protection (IPS, WAF, etc.).

Attacks through social engineering and malware are common. Probably everyone has encountered emails that ask the victim to visit a fake copy of a legitimate website to enter our authentication data or open an app without knowing its origin. Typically, by opening the attachment, we install malware on our machine, which in most cases gives the attacker access to our system or the ability to track our activity (including passwords used). It can often happen that our machine is used as a pivot point from which an attack to other systems is launched. Using email is just one of the options for doing this type of attack. The risk consists of loss of access to accounts, malicious use of financial assets, and complete compromise of our personal information. Protection is made by better awareness of how to detect similar attacks and by using security solutions (including anti-virus software).

Ransomware attacks are part of our everyday life. The attacker manages to encrypt the information of our systems, usually requiring a ransom to decrypt it. These types of attacks are difficult to prevent, and are usually dictated by people’s poor awareness of how to recognize similar attacks. It is extremely important to always back up the information in order for it to be easily restored. In the event that we become a victim of such an attack and we do not have a backup, our salvation is to turn to specialists to look for part of the encryption key in the system memory immediately after the attack is detected or to attempt to search for a key , published on the Internet by another victim.

DDoS – In these attacks, the purpose of hackers is not to steal information, but to make your systems inaccessible to your customers, thus stopping your business from running. They are usually done by overflowing the resources of your systems with unnecessary traffic or requests. Fortunately, there are affordable market solutions that provide a high level of protection against such attacks. Free solutions are also available for companies with few systems that are not critical.

MITM (Man In The Middle) – Man-In-The-Middle attacks typically occur when data is not transferred in encrypted form. Most often, they are conducted by publicly accessible networks, the purpose of hackers being to capture traffic with sensitive information, including usernames and passwords. Often, such attacks are performed to falsifie invoices and make a payment to the hacker’s bank account instead of the legitimate provider. In order to prevent such attacks, it is necessary to use encryption mechanisms in the transmission of information and, in GDPR aspect it is a good practice to encrypt the information even when it is stored in databases, log files, backups, transfer to file servers, sending email communication, working with web applications, and more.

Another serious problem is the use of weak authentication policies. Most people use the same passwords for most websites they visit. If any of the websites are compromised and hackers get access to the passwords in your site, they will also have your password for all other websites. On the other hand, people often use easy-to-guess passwords, which allows them to be easily broken using brute-force and dictionary attacks. This is quite dangerous in corporate conditions, as it could provide malicious users with access to ERP, CRM, HR, CMS, MAP, PIM, and other systems. Fortunately, solutions are available that allow us to easily create and manage complex passwords for access to various systems.