Cyber Attack Number 13/15: Cryptojacking Attacks
/
This is an interesting one! Whilst a lot of the buzz around Cryptocurrency has died down in recent times, the threat of this sort of attack is still very real.
Read More
Cyber Attack Number 12/15: Inside Attack & Data Breaches
/
A common misconception is that Cybersecurity is all about securing a business from outside threats. The reality is that a large percentage of threats are from insiders, whether intentional or unintentional.
Read MoreCyber Attack Number 11/15: Distributed Denial of Service (DDoS) Attack
/
Just like our last post on DoS attacks, the hacker tries to shut down a machine or network, with the intention of making the resource unavailable to the user(s). It involves flooding the bandwidth or resources of a targeted system or web server(s).
Read MoreCyber Attack Number 10/15: Denial of Service (DoS) Attack
/One of the most common types of attacks, the intention of a hacker is to shut down a machine or network, with the intention of making the resource unavailable to the user(s).
Example: Hackers often target websites to overwhelm them with requests, and essentially cause them to crash. Some famous examples of successful DoS attacks were Hong Kong's Occupy Central, GitHub, CloudFlare, U.S. Banks.
In Australia alone, there are roughly 200-300 DoS attacks per day, or 8-13 per hour.
Risk Mitigation: There are measures you can put in place to not only reduce your risk, but also to recover if it does happen. These include but are not exclusive to:
- Develop a DoS response Plan for when it does happen
- Securing and maintaining your network infrastructure: some firewalls have inbuilt protection to common DoS attack methods
- Buy more bandwidth: a good reason to leverage the cloud
- Understand the warning signs: having detection/monitoring software in place
- DDos-as-a-service: there are 3rd party hosted protection services available.
- Having redundancy in place
Cyber Attack Number 9/15: Password Attacks
/There are a number of different types of password attacks. Three such types are: brute force, dictionary, and keylogger. Brute force and dictionary are similar, in that they both involve a script and a password list to attempt to authenticate against a site or service. Keylogger is usually a trojan installed on an unsuspecting computer logging keystrokes in order to gain access.
Example: On top of randomly created lists, actual password lists from breached sites are a sought after prize for hackers. In some cases, the breaches result in stolen email and password combinations, but sometimes it's just passwords on their own that are stolen. Either way, it's the most poignant reason not to use the same password across multiple sites.
Risk Mitigation: A password manager is the best way to generate and store your passwords. If you insist on creating your own, examples of strong passwords would be four random words, or a longer sentence that means something to you. If you want to check whether your email(s) or your password(s) have been involved in a breach, there is a site you can check.
Some recommended password managers are:
