Skip to main content

How to identify a cyberattack and protect your business from hackers

cyber attack
(Image credit: Pixabay.com)

We’re all familiar with the damage hackers can do to companies or even whole countries. But few individuals and business owners know enough about the tell-tale signs of a cybersecurity incident to spot and stop an attack.

The number of attacks has been steadily increasing for many years now, and businesses are among the major targets. It goes without saying that 2020 has presented hackers a great opportunity to take advantage of unprecedented circumstances to perform their attacks.

With the rise in remote working, an increased number of online transactions and the emotional strain of living in a pandemic, users around the world are naturally in more vulnerable positions and criminals are finding new ways to target both individuals and companies.

New cybersecurity dynamics and risks have been a blessing to digital hackers, with attacks including phishing, malware and blackmail. Earlier this year, a report by Barracuda Networks showed that phishing emails that took advantage of the widespread discussion of coronavirus spiked by over 600 percent in March, going from 137 in January to over 9,000 in just two months. Not even The World Health Organization (WHO) was immune to the attacks. In April, unknown attackers bombarded the organization in an attempt to access its digital systems. Some 450 active WHO email addresses and passwords were leaked, along with thousands belonging to others working on the novel coronavirus response.

At around the same period, another major attack targeted a health organization, this time Gilead Sciences. Iran-linked hackers performed phishing attacks against the pharmaceutical company, which had been working to develop and distribute treatments for Covid-19.

But the targets are not exclusive to health initiatives fighting to contain the virus and save lives. In May, nine million customers of EasyJet airlines had their data accessed by hackers, when a business email compromise scam by another group of cybercriminals tricked an employee into transferring $10 million from Norway’s state investment fund into an account controlled by the hackers.

Common threats

Personal data, in particular, is one of the most common thefts hackers tend to be looking for when cracking into a company or individual’s system. Frequently stolen information includes date of birth, email addresses, financial information and passwords. Usually, identity thieves sell illegally acquired information to criminal organizations to commit crimes such as tax fraud.

An alarming study from IBM, in fact, found that data breaches originating from a malicious cyberattack were not only the most common of the breaches studied but also the most expensive. And, with cybercriminals becoming savvier and more aggressive, the average time it takes for companies to discover a breach is now up to 206 days, with another 73 to solve the issue. The “long tail” of data breach indicates that the costs can be felt for months, sometimes years after the incident takes place.

Some of the most common types of cyberattacks include Malware, Phishing, Credential Stuffing and DDoS.

Malware

Malware is a term often used to describe a “malicious software” – think viruses, worms, spyware or ransomware. Usually, attackers gain access to a system when an individual clicks on a malicious link or email attachment that automatically downloads the malware. Once it breaches the network, it can, for instance, disrupt or block certain components of the network, making the system inoperable, or obtain data by collecting it from the hard drive. 

Phishing

Phishing occurs when attackers send fraudulent emails that pretend to be from reputable sources, mainly to steal sensitive information including credit card and passwords. Other criminal activities often associated with phishing are scams, blackmail and malware attacks.

Credential stuffing

If you reuse passwords across multiple accounts, you could be vulnerable to credential stuffing attacks. Whilst making your passwords less challenging to recall, you are also making them less challenging for hackers to steal. Login details that have been leaked or hacked on an account could be used to try to gain access to a different one.

DDoS

Last but not least, Distributed Denial of Service (DDoS) attacks aim to take down online services, websites or applications by overloading them with traffic from multiple source IPS. Depending on the size of the attack, the effects can vary from slow network performance to denial of access to network systems.

Ways to spot if you have been hacked

There are several ways to spot whether you or your business have been hacked, ranging from mysterious changes to your system registry to strange network behavior. If you can’t log in to your device or network account, for instance, it is likely that your credentials were compromised. Another sign that you’ve been hacked is if something unexpected happens when opening your web browser or applications – perhaps your bookmarks bar has disappeared, or your usual websites’ addresses and landing pages don’t look quite the way they should. Now, let’s say your device is acting strangely: it is remarkably slow and working at full capacity, even though there should be enough space left for it to run perfectly, or your mouse pointer is moving by itself and applications open and close suddenly.

All the above points to external interference in your system. However, it seems that the crisis we’re currently experiencing has also increased the challenges in identifying malicious behavior. Companies that use Artificial Intelligence to understand normal behavior and look for deviations have found it particularly hard to identify threats. Given the fact that things are nothing but normal at the moment, AI tools naturally struggle to learn what data is an anomaly and how to adapt. This tends to favor attackers.

Steps you can take to protect your business

There are a few steps you can take to protect your business from being hacked. First, I’d recommend storing and managing data through an SFTP hosting service rather than via email. Since hackers are often after company information and credential details, an SFTP hosting solution makes it easier and safer to send, receive and keep business information.

Having spam filters is also crucial, especially to prevent phishing attacks. And, if one of your employees falls victim to it, a Malware protection solution, along with regular anti-virus scans and system updates, can help minimize the damage and protect your servers. Nonetheless, if a cyberattack can potentially take down all your business operations, I’d say it’s imperative to use a Disaster Recovery solution, as it gives you the peace of mind that all your company data is kept safe, and you are able to resume activities almost immediately.

Most importantly, promote the culture of cybersecurity in your workplace. Train staff to recognize cyberattacks, make sure they use strong and secure passwords, and never open attachments from unrecognized sources.

Stay safe.

Jon Lucas, CEO and co-founder, Hyve Managed Hosting