As companies do more and more online, there is the risk of attacks. Employees should be aware of the types of attacks they could face online and the best way to keep their data and customers’ information safe from hackers.
Research has shown that 81% of online breaches are due to stolen or weak passwords, 43% attacks, such as phishing, result from a data breach, and 51% of data breaches involve a form of credential-stealing malware.
Below are five types of attacks your employees should know about:
1. Broad-based and Spear Phishing Campaigns
Phishing is a popular method of attack. A broad-based phishing campaign recognizes that attackers only need to access a few accounts or one admin account to compromise the organization. With a little social engineering and a list of email addresses, phishing attacks can compromise one out of 20 employees from a well-managed organization.
Phishing campaigns work by attackers acquiring email addresses and designing a phishing message. Attackers distribute phishing messages and wait to see who enters their credentials, and then attackers use credentials to access sensitive data.
Spear phishing involves more research with a targeted list and phishing message. Spear phishing often focuses on a smaller number of employees to evade automated filters
Spear phishing campaigns work by attackers picking targets carefully after doing extensive research. Then attackers will craft targeted phishing messaging using curiosity, reward, or fear. The victim is compelled to enter credentials and then attack users’ credentials to execute the next stage of an attack.
2. Account Takeover
An account takeover is a method of identity theft, where hackers illegally use bots to get access to a victim’s e-commerce site, bank, or any other type of accounts. A successful account takeover leads to fraudulent transactions, including unauthorized shopping.
The most common reason that fraudsters take over accounts is for monetary gains. Account takeover attacks can cause significant damage to a company’s reputation, which undermines customer’s trust and confidence.
Many approaches are being used to eliminate bot traffic and prevent account takeovers, such as limiting login attempts, a password manager for business, and IP blacklisting.
3. Credential Stuffing and Cracking
Credential stuffing is a form of force attack that takes advantage of people’s struggles to select unique passwords across various accounts. Attackers leveraging credential stuffing use compromised passwords on several other websites to test if login details are re-used.
Credential stuffing works by attackers acquiring credentials for website breach or password dump site, and attackers use automated tools to test credentials across different areas. When a successful login occurs, attackers execute the next stage of their attack.
Credential cracking, known as ‘brute-forcing,’ credential cracking is a way to identify valid credentials by trying different values for usernames and passwords, typically from lists of breached account credentials that were made public by malicious parties and hackers. Hackers will deploy bots to hack into customer’s accounts using the brute force approach and guessing attacks to identify valid login credentials. Credential cracking attacks include a sudden increase in failed login attempts and high numbers of account hijacking complaints from customers.
4. Password Spraying
Password spraying involves attackers taking advantage of people’s tendency to rely on common passwords, such as password01. Attackers will use a small list of commonly used passwords that match the complexity policy of the domain. Instead of trying multiple passwords for one user, the attackers use the same common password across numerous accounts, which helps avoid detection.
Password spraying works by attackers gathering a list of commonly-used passwords, and attackers try the same shared password across multiple accounts. Once the login is successful, attackers harvest the sensitive data.
5. Man-in-the-Middle (MitM) Attacks
Man-in-the-Middle Attacks on a company or organization is a highly targeted attack that can result in a full take of credentials and data-in-transit when executed correctly. Once intercepting a network connection, attackers take advantage of “session hijacking” that compromises the web session by stealing the session token.
Man-in-the-Middle attacks work by attackers intercepting an insecure network connection or creating an “Evil Twin” network that users’ devices unknowingly connect to. Attackers may also attempt to decrypt the traffic, and then the attack can steal the credentials directly for the session token.