Your IT Department

The Most Common IT Security Threats

There are numerous threats to the security of your IT infrastructure but do you understand the difference between Malware and Ransomware? Would you be aware if you were suffering from a Virus or a DDoS attack?

Whilst some of these terms have now become familiar do you actually understand them, and do you need to?

As a business owner, you don’t need to be an IT security expert but it’s useful to know what the most common threats are, and how they get into systems, so you can ensure that you or your IT Support Provider are taking the correct precautions to keep your IT safe.

This is our guide to some of the most common terms used when talking about Cyber Attacks, the most common attacks, how to recognise them and what to do about them.

Malware

Malicious Software, usually shortened to simply Malware is a term used to describe a variety of forms of hostile, intrusive, or annoying software or program code. So Malware is a collective term for things like Viruses, Ransomware, Trojan Horses etc. that we look at in more detail below.

Viruses

People often use the term ‘virus’ as a catch-all for software that causes problems with your computer. However, a Virus is just one type of security threat.

A virus is normally a program that is sent as either an email attachment or a download. Simply visiting a malicious website can start the automatic download of a virus.

The reason for the name ‘virus’ is that these types of attack are often highly infectious, spreading throughout networks and connected computers and also using email to spread to other networks.

A virus might do various types of damage such as corrupting, stealing, or deleting data on the infected machine – they can even erase everything on a hard drive. They could also be used to scan and find personal information such as passwords, hijack your web browser or disable security settings.

A good quality Anti-Virus programme will protect you from the majority of virus threats, however, they are constantly changing so there remains a risk.

If you notice that it is taking a long time for your computer to start, it restarts on its own or it doesn’t start at all these might all be signs you have a virus. Other signs to look out for are disappearing files, data or programmes, consistent ‘crashes’ or the homepage on your web browser changing unexpectedly.

If you suspect you have a virus make sure your virus protection is up-to-date and run a scan. If the scan finds nothing it may be time to refer to an IT Engineer.

Ransomware

Currently the most infamous of security threats Ransomware has been used in high profile recent attacks such as the WannaCry attack on the NHS in 2017.

Ransomware locks files, restricting access to them and displaying a message that demands payment for the files to be unlocked. This message may indicate that the computer has been locked by the police, FBI or some other official department and that the payment requested is a fine that will enable you to avoid prosecution. Ransomware is most often delivered via emails with malicious attachments, whilst website pop-ups are another favoured delivery method.

You will definitely know if you have Ransomware as the message will be obvious. The threat will be that files will be permanently locked or deleted if the ransom is not paid.

The first piece of advice is DO NOT PAY THE RANSOM. Even if you pay the likelihood is that the files will remain encrypted.

It is unlikely you’ll be able to remove ransomware yourself using the standard Anti-Virus tools, so you’ll need to get in touch with an IT engineer. In some cases, the ransomware can be removed, the data recovered, and the machine repaired.

However, in most cases you’ll be relying on your back-up to recover from a Ransomware attack so it’s important you are backing up regularly, testing your back-ups and have in place a recovery plan.

Trojan Horse

A Trojan Horse is so called because it is a malicious program that is either disguised as legitimate software or is hidden within it. Once you’ve downloaded the file the Trojan will install itself and run automatically.

Once on your system, the Trojan can cause all sorts of issues. Some of the most common types of Trojan include:

Backdoor – this gives malicious users remote control over the device. This gives full access and can allow them to send, receive, launch or delete files, steal sensitive data and change documents.

Key Loggers – Often the worst effects of a trojan is ‘key logging’. This tracks what you type and can record usernames, passwords, and personal information including credit card and bank account numbers.

DDoS – A DDoS attack sends multiple requests from your computer and several other infected computers to a targeted website –overwhelming the target address, leading to a denial of service.

Remote Access – A Remote Access Trojan (RAT) allows the criminal to take over the users webcam to carry out covert surveillance. In other words, someone is watching you via your own computer.

Phishing

We’ve previously posted a blog about Phishing – https://www.your-itdepartment.co.uk/news/beware-the-phishermen/ . Phishing targets individuals by phone, email or text seemingly from a legitimate organisation such as a bank. The individual targeted is tricked into providing sensitive data such as personally identifiable information, bank details, passwords etc. Any information gleaned can then be used to access accounts, and successful phishing attacks often lead to significant financial loss.

Spear Phishing is a version of Phishing where the criminal poses as a colleague or customer to persuade the victim to visit a malicious website where malicious software is downloaded to the victims’ computer. Another version of Spear Phishing is CEO Fraud, where the attacker will impersonate and executive and target an individual within a business that has authority to make payments. They’ll try to trick the target into wiring money or sending confidential information. For further details on the dangers of CEO Fraud please see this BBC report from January 2016.

Social Engineering

Social engineering is a non-technical strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking security practices. It is now recognised as one of the greatest security threats facing businesses.

Social engineering often relies on the goodwill of people and their willingness to help others. One common tactic is to pass something off as requiring urgent attention to reduce the victims thinking time and create panic, forcing quick decisions and actions.

Social engineers have also been known to appeal to vanity, authority, greed, or other information gleaned from eavesdropping or online sleuthing, often via social media.

Insider Threat

Firewalls, Anti-Virus, Email Filtering and various other perimeter controls are designed to keep threats out. However, the biggest threat may come from inside the organisation.

Internal threats can come in many different forms:

Malicious Users – This is generally an unhappy or disgruntled employ. They may have an axe to grind against the company for some reason and this is their motive for wanting to steal data or sabotage systems. They may also have been approached by a rival and are trying to pass sensitive data or customer details to the competition.

Accidental Loss / User error – An email sent to the wrong person or visiting a website or clicking a link that the user shouldn’t, a lost or stolen laptop or USB drive or poor processes when disposing of redundant equipment there are a number of accidental ways that a company can lose data through accidental loss or user error.

Malfunction – Very occasionally a system fault could cause some data loss.

Duped User – This describes an individual who is tricked into disclosing company information.

Unfortunately, there is no silver bullet which is going to eradicate these threats. You need to ensure that staff understand the threats and are comfortable reporting anything they are unsure about, whether that’s internally or externally to your IT Support Provider.

These are just some of the common terms you’ll come across when you encounter cybersecurity issues and hopefully you’ve got a little bit more information on what they mean, how to guard against them and how to recover.

Whilst nobody can provide 100% guaranteed protection against Cyber Attacks we provide a fully managed, multi-layered defence as part of our fully managed IT support packages. Whether you’re a new customer or an existing one looking to upgrade your protection please give us a call to discuss your options.

If it all sounds a bit daunting get some help!

If you’d like to talk to us about any element of cybersecurity or book a FREE cyber security assessment then please give us a call on 0115 822 0200 or fill in the contact form.