A cyber-attack is a deliberate online invasion of a computer information system. It aims to steal private information on your device, for undue gain. People who engage in this act are called cyber criminals.
According to research carried out by cyber security firm: threat cloud, over 4 million attacks occur on a daily basis around the world. In this article, we will highlight and discuss common cyber attacks you may experience.
Attack 1: Malware
Malware or malicious software is a set of programs designed by cyber criminals to destroy computer systems, gain unauthorized access, and steal data from a system.
Malware can be classified into viruses, spyware, adware, worms, and Trojans. Let’s have a quick look at the types of malware:
Virus: A virus is a type of malware that causes harm to your computer system by slowing it down, and corrupting files.
Spyware: This refers to software that steals your private information, and sends it to a third party without your knowledge. Just like a spy, it’s hard to detect and transfers sensitive data to end users who can use it to defraud you.
Adware: Adware, also referred to as advertisement-supported software, displays unnecessary ads while you are surfing the internet. Adware is usually obtained when you unknowingly install a free app on your system that contains adware.
The ads popup so frequently that you can mistakenly click on them, and since some of them are laced with malicious links, you can mistakenly download a virus, without even knowing.
Worms: Once a worn finds its way into your device, it replicates itself with the aim to corrupt other computer systems. It is different from the virus as it doesn’t have to be attached to any software to cause damage.
Trojan: Trojan is a malicious software program that seems legitimate, but when installed, causes damage and data loss to the computer system. The National Information Technology Development Agency (NITDA) has discovered two recent malware in Nigeria: ‘Flubot Spyware’ and ‘Saint Bot Malware’.
Flubot Spyware targets Android devices and sends fake security updates or app installations in the form of SMS. Unsuspecting Android users who install the spyware have their bank login details stolen which leads to financial loss.
Also, Flubot gains access to the contacts of such phones and sends similar SMS to them.
Saint Bot Malware is sent to the mail with a .zip file that masquerades as a Bitcoin wallet but in reality, it is a PowerShell script. Once the file is opened, malware is downloaded into the system. NITDA advises as a precaution you should always download software from the official website of the company offering it.
Attack 2: Phishing Attack
Phishing is a cyber-attack whereby scammers pose as a credible organization to collect personal information from you.
This cyber attack could be in the form of a text, email, or phone call. Phishers compose enticing messages that convince you to disclose your personal information. A phishing attack must be well thought out to ensure its success.
Planning a phishing attack usually involves the cybercriminal conducting social engineering on you, to profile you and find out what you are interested in. The phishing process is as follows:
- Preparing the hook: preparing a fake website example a fake Facebook login page
- Baiting: sending the fake login page to you via a link in an email, and urging you to act urgently
- Redirecting: once you take the bait and try to login, your credentials are harvested by the cybercriminal and you are redirected to the original Facebook page, so you don’t suspect anything
Attack 3: Malvertising
Malvertising, also known as malware advertising, uses online advertising to spread malware to users of a website. The attackers create malicious ads with JavaScript embedded which makes it difficult to differentiate them from legitimate ads.
Such ads are displayed on your system like the real ones. They are usually composed in an enticing way to make you click on them. Investment scams are notorious for malvertising as cybercriminals pose as fund managers, stockbrokers and some even claim to be online forex brokers to lure you in with promises of trading on a mobile app with zero risk and huge returns.
The common scam ads is related to forex trading apps that promote in Nigeria without regulation.
There are only a few Tier-1 regulated brokers that offer their forex trading apps in Nigeria on mobile via iOS & Android. But many unregulated & offshore forex brokers promote their apps mostly via JavaScript ads on popular illegal websites visited by Nigerians, but these are unsafe for users.
While advertising is not bad, you should not take investment advice from random unsolicited popups.
Endeavour to visit the Securities and Exchange Commission (SEC) website to verify any investment you come across online before committing your funds.
Attack 4: DDoS Attacks
A Distributed Denial of Service (DDoS) attack is an attempt to slow down a server or network by bombarding it with traffic. Simply put, DDoS prevents a server from attending to its users by overloading it with excessive data. When a server is too congested, it results in denial-of-service to the real users.
DDoS attacks are carried out with computers and devices that have been infected with malware. The hacker sends an instruction to these compromised systems and devices, also known as a botnet.
The botnet attacks a targeted IP address when instructed and causes the server to lag. The targeted network would be unable to serve its legitimate users. It is always difficult to separate the attack traffic from the legitimate traffic since the botnet is a real internet device.
Attack 5: Man in the Middle (MITM) Attacks
Man in the middle (MITM) attack is a cyber attack in which an attacker interrupts an existing conversation or data transfer. The attacker either eavesdrops or pretends to be a legitimate party, and steals private information from the victim.
A MITM attack undergoes two phases: interception and decryption. An attacker creates a Wi-Fi hotspot without a password and waits for victims to join the network.
Anyone who joins such a network grants the attacker access to any data they share online. This is known as an interception. This interception can be done via DNS, IP, and ARP spoofing.
Once the attacker gets in the ‘middle’ of the victim and his destination site, he steals the victim’s data. The victim’s data is usually encrypted, so he has to decode the data in order to use it (decryption). This decryption is done via HTTPS spoofing, SSL high jacking, & SSL spoofing.
MITM attacks are done very quickly without the knowledge of the victim. The attackers use the data collected to defraud the victim, for example, wipe his bank account balance.
Attack 6: Drive by Download
Cybercriminals make use of this method to introduce further malware to their victim’s system. You may be unaware of the malicious download since you don’t have to download any program.
A drive-by download is unique because you don’t have to download any program or open any attachment for it to be activated. So how does drive-by download work?
The drive-by download takes advantage of unsecured and outdated apps, web browsers, and operating systems. You can be attacked by drive-by download in two ways:
- Authorization without complete information about an action: This happens when you either click a fake link or download a Trojan. You are ignorant about the consequences of such action thus, introducing drive-by download into your computer.
- No authorization and notification: Drive-by download creeps into your computer or mobile device without notification due to an outdated web browser or browsing on an infected website.
Attack 7: Password Attacks
A password attack is an attempt by cybercriminals to steal your password. According to research by cloud nine, 80% of breaches are connected with password issues.
Cybercriminals devise several techniques to steal legitimate passwords which include phishing, key logging, and dictionary password attacks among others.
Firstly, Key logging is a process in which a hacker records keystrokes made on your keyboard after he installs a key logger in your device. A key logger is malicious software that, when installed, captures your keystrokes and sends them to the hacker. A key logger can also be a hardware device connected to your USB port, so a routine inspection of your computer is in place.Â
Secondly, dictionary password attacks are carried out by guessing words and phrases that a user would likely use as passwords. Hackers have software that use every word in the dictionary, combined with phrases and numbers, to predict your password.
Attack 8: Rogue Security Software
Rogue security software is a malware that deceives its victims to think that they have a virus on their computer and offers a solution in the form of antivirus.
Unsuspecting victims pay and download the antivirus software. The ‘antivirus’ introduces malware into the system.
Protect your PC/Mobile Device
- Don’t open any attachments you are unsure of.
- Your password should include letters, numbers, and special characters in upper and lower case.
- Ensure that you update your apps and web browsers regularly.
- Use an ad blocker.
- Check email addresses to make sure they are from the right sources.
- Use internet security software on your devices.
- Add a password to your Wi-Fi hotspot.
Comments 6