Cyber attacks are usually impossible to stop. As such, we can only share preventive measures. While there is no surefire way to eradicate cyber attacks, having a robust cybersecurity infrastructure will make it difficult for a breach to occur.
By Michael Akuchie
Since the first cyber attack in 1834, when criminals stole sensitive financial market data from the French telegraph system, cyber attacks have grown into a global phenomenon. Today, these computer-based onslaughts have gotten bolder, smarter, and more sophisticated, as perpetrators find new ways to outwit the victim’s line of defense. The most common objective of a cyber attack is to steal vital information for malicious gain. This information could be traded for cash or other benefits into prohibited places such as the dark web, or used by criminals to cause untold damage to the target.
Cyber attacks are usually impossible to stop. As such, we can only share preventive measures. While there is no surefire way to eradicate cyber attacks,having a robust cybersecurity infrastructure will make it difficult for a breach to occur. Kaspersky, a global cybersecurity service and antivirus provider, defines cybersecurity as “the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.” Other common monikers for cybersecurity are information technology security and electronic information security.
In this article, I highlight eight common cyber attacks that individuals, government agencies, and companies will likely encounter regularly, explaining how they operate, with tips on how they can be prevented.
Malware or malicious software refers to any program or code that is highly dangerous to a computer system. While known to affect computers, malware can also infiltrate mobile devices like smartphones and tablets. Cybercriminals can use malware for various reasons, including extortion from the victim, to make a political or cultural statement, or to prevent a victim from working on the affected system.
One of the common ways to encounter malware is by downloading cracked or pirated versions of software, such as Adobe PhotoShop and Adobe Premiere Pro, instead of patronising the official sites. Since the software is quite expensive to purchase, it is common for graphic and motion designers to flood YouTube in search of tutorials on how to find free versions online. Unfortunately, downloading them from unlicensed sites increases the risk of malware entering the system through the installation process. Thankfully, there are a couple of ways to tell if malware is in your system. If a system suddenly slows down and struggles to open programmes, this could be a problem. Also, if the screen is suddenly overwhelmed by annoying pop-up ads. Finally, if the antivirus stops working, thereby exposing you to other threats, then it might be worth checking out to see if there’s been a malware infection.
To prevent malware infection and the potential damages that it could cause, avoid downloading software from unlicensed sites. Always visit the official store. Another preventive strategy is to use multi-factor authentication on all devices and desist from clicking pop-up ads on the screen.
Phishing is when criminals disguise themselves as representatives of a reputable organisation or business to steal sensitive information from the victim. Although we’ve discussed this in a previous article, it is a popular cyber attack worth highlighting. Phishing can occur via texts, phone calls, and even emails. The information obtained from the target could be personal or financial, depending on the criminal’s style.
Sadly, scammers launch thousands of phishing attacks, meaning that it is possible to encounter at least one a day. To avoid being a victim of this attack, consider using multi-factor authentication to protect your information, especially bank details. Download the latest security update when available to keep your device ready to ward off any threats. Be wary of emails that use generic greetings and urge you to click suspicious links. Delete such messages upon getting them.
Distributed denial-of-service (DDoS)
This is a sophisticated cyber attack whereby a large volume of internet traffic is channelled to a server or network, in a bid to overwhelm it and cause it to not function properly. A DDoS attack looks like a highway cramped with several vehicles. DDoS attacks are usually launched at companies and small business owners, however, they can affect everyday services like electronic banking or bill payment.
A few months ago, the Kenyan government was targeted by a hacktivist group called Anonymous Sudan. Many services that the government had digitised were disrupted due to the attack. Visa applications, rail ticket purchases, and business registrations could not go on. Furthermore, citizens could not buy electricity tokens and businesses could not process transactions through M-Pesa, one of the country’s biggest mobile money service providers. Usually, hacktivists use these computer-based techniques to orchestrate cyber attacks for a political or social cause.
To prevent these attacks, governments and companies must invest in real-time threat monitoring to stay one step ahead of the criminals. Being able to tell the difference between normal and abnormal traffic will play a great role in protecting a server or network.
(Read also – Blockchain and the Potential for its Adoption in Africa)
Ransomware prevents victims from accessing their files or systems unless an amount of money is paid. It is similar to hostage situations where individuals are held until a certain amount of money is paid to secure their release. In the 1980s, ransomware payments were sent via snail mail. Today crypto currency and credit cards are two of the most common ways of receiving ransomware payments.
A ransomware attack usually occurs when the criminal has gained access to the victim’s system. For this to happen, they used strategies like social engineering (phishing), malvertising, and malspam. Malvertising is using online advertising to distribute malware, while malspam involves the distribution of spam emails with malware embedded in attachment links to unsuspecting victims. To avoid being a victim of this, ensure that the latest security software is installed on your device. Also consider doing a cloud backup of vital files like photos, videos, and documents.
Spoofing is a social engineering attack whereby criminals pretend to be somebody who the potential victim knows, in a bid to steal money and data or spread malware to their system. To launch a successful spoofing attack, the perpetrators create a fake email and then send it to the victim. Usually, the email address name is made to imitate the authentic one. Unless the target closely examines the email, they may not suspect a thing. While spoofing is similar to phishing, as they both prey on human nature, phishing involves fake websites along with fake emails. Spoofing attacks typically alter the address of a trusted source to look like they sent the email.
When examining emails, check for things like spelling, grammar, and the sender’s email address. Be wary of suspicious links. Always verify before clicking. Also, make sure that your spam filter is turned on as it is a great way of detecting and preventing many spoofed emails from entering the main inbox.
This kind of cyber attack involves efforts to steal the digital identity of individuals or organisations. For this to occur, the criminals target identity-based data of potential victims such as login credentials, domain names, and password data. Upon acquiring the above data, the criminals gain unauthorised access to the victim’s network.
Perpetrators can impersonate individuals to commit identity theft crimes like credit card fraud. Not only does this jeopardise the individual’s image, but it could land them in jail. It is worth mentioning that this can happen to anyone, so here are some tips for avoiding this: give your data an extra level of security by activating multi-factor authentication; companies should ensure their software is up to date and that they get a business password manager; and organising seminars on cyber attacks should instil a sense of security in the employees.
(Read also – How Technology is Redefining the Work Culture in Africa)
Similar to identity attacks, password attacks are attempts by a criminal to steal the passwords of a potential victim. The criminal can use multiple techniques to expose the login credentials, depending on how strong the password is. Victims with weak passwords are the most likely to succumb to this attack. If successful, a password attack can cause varying degrees of damage to the victim. Other crimes like DDoS or financial fraud can be committed, too.
To keep your account information – particularly passwords – safe from cybercriminals, you should consider creating strong passwords by mixing numbers with words and special characters. Also, consider using different passwords for multiple sites. You can also use a password manager plus multi-factor authentication to be on the safe side.
A URL Interpretation attack is when a criminal modifies and creates a variation of an authentic URL address in an attempt to access and possibly manipulate the personal and financial information of a website’s visitors. This is a highly sophisticated attack as the criminal must know the order in which a website’s URL information should be filled. Upon discovering how this works, they then find a way into the backend.
The goal is to acquire sensitive data about the site’s visitors. They can then choose to steal, delete, or modify the data depending on their needs. To keep this from occurring, website administrators can deploy secure authentication methods like multi-factor authentication or a password that comprises letters, numbers, and special characters.
Michael Akuchie is a tech journalist with four years of experience covering cybersecurity, AI, automotive trends, and startups. He reads human-angle stories in his spare time. He’s on X (fka Twitter) as @Michael_Akuchie & michael_akuchie on Instagram.
Cover Photo: Education Week