Website Security

7 Types of Cyber Security Attacks with Real-Life Examples

By |2021-09-16T09:51:52-04:00September 16th, 2021|Cyber Security Awareness, Infrastructure Security, IT Support, National Cyber Security Awareness Month, Website Security|

With every passing day, cyber crime is a continuingly increasing methodology in the criminal industry with no signs of slowing. Every day, there are new tools and strategies that allow cyber criminals to target you and your company’s data with increasing success rates. You may be asking yourself, Why do criminals want my data? As society continues to progress with technology, the data produced also increases in value drastically; which directly correlates to how much you integrate your daily life and/or corporate life with online tools and apps. With the above mentioned, sometimes it gets to a point where separation from their data, people and businesses cannot function; thus putting themselves at a severe disadvantage against their competitors. With the high and rising value of data, the risk of losing it increases as well. How? Cyber crime! Having no cyber security plan for you or your business is like a bank with an open vault. Knowing what kind of attack criminals can use is key to keeping you and/or your business from falling victim to these crimes.

Phishing example
Malware

Malware can be described as any malicious software that is installed on your device after a user may click on a dangerous link inadvertently or open an attachment. There are many forms that malware can take, with some of the most common being Viruses and Trojans. Viruses are coined after biological viruses, in that they replicate themselves, and can infect applications in the user’s device. Trojans, or Trojan horse malware term came from the ancient Greek story of the fall of the city of Troy due to the deceptive trojan horse. This malware spreads by pretending to be a useful software while secretly containing malicious instructions. In July 2016, a Japanese travel agency, JTB Corp, suffered a data breach compromising almost 93 million user records. The data breach was a result of an employee opening a malicious document which he received via a phishing email. The malicious document included a trojan horse, that is designed to steal user information. It was reported that 7.93 million user records from Japanese Travel Agency were compromised. 1

Ransomware Attacks

Ransomware specific type of malware that gains control of your system and blocks access to your files. It can infect your computer from an email attachment or through a bad website. Upon infection, a ‘ransom note’ pops up, offering to restore your system back to normal in exchange for compensation. With ransomware, we always recommend to never pay the ransom! Why? There is absolutely no guarantee that you’ll get your files back. You simply cannot trust a criminal to adhere to their promises. Secondly, you’ll be putting a target on your back. If you pay the ransom once, you’ll be flagged as a user who pays the ransom, and the criminals will be back to take advantage of you again.

wannacry ransomware attack

This is an example of Ransomware and this was called the WannaCry attack, and at the time it was the biggest ransomware attack ever. It hit earlier in 2017 in over 150 countries and over 200,000 organizations. How did this even happen? Well, the hackers found an exploit in older Windows operating systems that had already reached its end of life. When an operating system reaches its end of life, it means the company is no longer making security updates. Why is this important? A lot of people and companies continue to not update their systems. Its so important to update all your operating systems from your Samsung Galaxy, Windows desktop, iPad or iPhone and everything you use on a daily basis with critical updates to keep your systems protected.

Man in the Middle Attacks

The man in the middle attack is where a cyber criminal is intercepting your data or information while it is being sent from one location to another (ie. communications system to a server). This type of attack is very common with vulnerable Wi-Fi connections like at coffee shops, hotels, and restaurants. While your out in public, always be wary of open Wi-Fi networks. These can be set up as traps by cybercriminals to lure people into accessing websites with sensitive information, all the while they are snooping on your activity. In 2017, credit score company Equifax removed its apps from Google and Apple after a breach resulted in the leak of personal data. It was found that the attackers were intercepting data, in the form of a man in the middle attack, as users accessed their accounts. 2

equifax
Distributed Denial of Service (DDoS)

In this cyber attack, the criminals are basically trying to overload the system you would have in place, either it be a website, server, etc., with traffic. This will typically cause the system to crash or shutdown, resulting in downtime. These types of attacks typically do not result in stolen information. Most of the time, these attacks are a form of bombardment from the cyber criminal meant to shut your system down, resulting in lost revenue from downtime and recovering your files. On Sept. 9, 2021, there was a huge cyber attack on the Russian Tech powerhouse, Yandex, and is believed to be the biggest DDoS attack ever seen. Yandex reported that their “experts did manage to repel a record attack of nearly 22 million requests per second (RPS). This is the biggest known attack in the history of the internet.” 3

Password Attacks

This can be described as any attack designed to steal a user’s passwords or credentials. There are basic techniques that even non-hackers can use like manual guessing. This is where a bad actor can guess your password based on the information they learn from your social media. Or even basic shoulder surfing, where someone literally watches you as you type in your password, or even if you have a sticky note of your password on your desk. And there are more advanced techniques like a brute force attack. This is where a hacker has a program that can guess literally millions of passwords at a time. That’s why we say that having a weak password is like not having a password at all. They can even use programs that have key logging. This is when you’re on a malicious website or even if you’ve accidentally installed a key logging program, and now the hacker can see anything you type. They’re basically waiting till you go to your banking website or social media and type in your credentials.

Back in August of 2021, the Canada Revenue Agency was a victim of a password cyber attack, whereas their online systems were shut down for several days, and over 5000 accounts were compromised! This was due to the technique called credential stuffing. This is where the hackers buy or steal users’ passwords from other sources and data breaches, and they use those passwords to try to log into the CRA accounts. This can be a huge problem, especially if users use the same password across multiple platforms.

password cracked
Drive-By Download Attacks

Drive-by attacks happen when you’re surfing the internet and enter a website that has malware code on the page, and you inadvertently download the code. It is also one of the most common ways of spreading malware. All the hacker has to do is to plant code on the page. A common example of this is when you’re on a website and an ad pops up that has nothing to do with the site’s information. Most times, clicking the ad will result in malware being downloaded onto your computer. Unlike other cyber-attacks, a drive-by attack does not need you to do anything to enable the attack on your computing device.

A popular form of drive-by attack is cryptojacking. This is where there is code on a website that is stealing your device’s processing power to mine cryptocurrency. Mining cryptocurrency requires a lot of processing power, so this attack is not designed to steal any information from you, but rather steal your computer’s power. If you’ve read this post and you’re thinking you need help with keeping your network secure, contact us to get professional help!

What is the Dark Web? – Screenshots from the Dark Web

By |2021-04-20T08:05:30-04:00April 20th, 2021|Cyber Security Awareness, Dark Web Monitoring, National Cyber Security Awareness Month, Website Security|

With all of our seemingly trustworthy big businesses constantly getting attacked by cyber criminals, you may have wished upon a star for a place on the internet where you are untraceable – a place you can explore with complete anonymity. That virtual haven is known to its users as the Dark Web.

Although complete anonymity is nearly impossible, surfing the Dark Web is the closest you can get to it. But what is it? To understand the Dark Web, you must have a good understanding of how the internet works.

When we’re looking at the internet, a great analogy to use is the famous iceberg:

How the Internet works Iceberg

Looking at this iceberg – what the common user thinks the whole internet consists of is actually only the Surface Web. This is the portion of the World Wide Web that is readily available to the general public.

What it consists of is anything you can access for free, which is also why its called the Open Web. Most of the websites you can access on search engines like Google and Bing, these are all considered to be part of the Surface Web.

We are all familiar with this part of the internet since we use it to run businesses and connect with family, friends, and customers, and much more. But what’s crazy is that The Surface Web only consists of about 4% of the information that is on the internet.

Now as we start to move below the surface on our iceberg, an estimated 96 percent of the internet lives here in what is called the Deep Web. No one really knows how big the Deep Web really is, but it’s hundreds (or perhaps even thousands) of times bigger than the Surface Web.

What this part of the internet consists of is data that you won’t be able locate with a simple Google search and is not open to anyone to access. Most sites that require credentials to get into can be categorized as the Deep Web.

In reality, most of us use the Deep Web everyday without even realizing it with things like email, online banking, and pretty much everything that requires a username and password to access.

There’s a flip side of the Deep Web that’s a lot murkier, and sometimes darker. This is why it’s known as the Dark Web. That is represented by the bottom portion of the iceberg.

In the Dark Web, the users really do intentionally bury data. Often, these parts of the Web are accessible only if you use special browser software. You won’t be able to get the dark web websites with Google Chrome, Mozilla Firefox or Internet Explorer. The most common dark web browser is called the Tor Browser, and what the Tor browser does is it makes the user anonymous, so it becomes extremely safe for criminals.

Tor Browser Logo

However, the dark web isn’t all bad; it’s used for an array of purposes of everyday people. For example, journalists use the dark web to help protect their sources, there are social media websites, and the government may also use it in whistle blower situations.

But unfortunately, the dark web carries a notorious reputation as the haven of criminals, terrorists, nefarious sites, and everything in-between. It is a huge marketplace for stolen data and personal information. After a data breach or hacking incident, personal information is often bought and sold on the dark web by identity thieves looking to make money off your good name.

The Dark Web attracts all types of crime, simply because of the anonymity of it. In fact, it’s estimated that 50% of all Dark Web sites are used for criminal activity. This criminal activity can include the selling of narcotics, illegal weapons and firearms, hired assassins, child pornography, malware, and anything else cyber criminals can do over a wired connection.

How does this cyber criminal underworld affect you?

When data breaches occur to big corporations, the credentials, SIN, banking info, etc. – it all starts to get sold all over the Dark Web. That stolen data is then used to steal your identity, your money, and further spread the computer diseases to your friends and colleagues.

Just to show you how legitimate the sites are on the dark web, we’ve taken some screenshots to share with you!
Clone Card Crew Dark Web Website

This dark web website is called the Clone Card Crew, and it’s a criminal website where you can buy and sell real credit cards. The selling of Credit or Debit card information is very popular on the dark web, with this site selling information from $5-$110.

What they’re selling is a “full” package purchase for the fraudsters: including the stolen name, SIN, birth date, account numbers… really anything you need to use the card effectively. Sites like this will even discreetly mail you the card, so your neighbors have no idea what you are up too! And to ensure the validity and trustworthiness in the purchase, buyers can even leave reviews for sites like these, similarly to how someone would leave your company a google review!

300 Fullz on the Dark Web

This is an example of a post on the dark web were a cyber criminal is selling 300 “Fullz” of Californian business owners. The word fullz is a slang term used by credit card hackers and data resellers meaning full packages of individuals’ identifying information. Fullz usually contain an individual’s name, SSN or SIN, birth date, account numbers and most other data. With this post in particular, the price was extremely low; for only 15 euros, you can steal the identity of 300 people and possibly ruin their lives. As we can see, it was so popular that it sold out.

How can you stay protected from the Dark Web?

Here’s a step by step process to ensure greater security:

1 – Knowledge is Power:
With our Dark Web Monitoring, you can receive up to the minute alerts as to when your business credentials are being sold on the dark web. This is one of the best ways to stop cyber attacks towards your business before they happen.

Register for a free domain check to see if you or your organizations credentials are being sold over the Dark Web.

2 – Password Protection is key:
About 80% of people will use the same password or a derivation of the same password for multiple different services [2]. This makes it extremely easy for hackers to gain access to multiple services if they buy only one on the Dark Web. “P@ssw0rd1!” is not hard to crack – check out our password tips to become more secure.

3 – Use multi-layered security solutions for your services:
This is great protection in the event that a cyber criminal gets access to your credentials and is actively trying to log into your accounts. Wherever possible, enable 2-Factor Authentication or Multi-Factor Authentication.

For example; you can set most of the popular social media websites to send you a verification text message every time your account is signed into, to ensure that it’s actually you signing in. This extra layer could be the difference between safety and a huge cyber attack.

4 – Keep your software up to date: In 2017, the infamous Wannacry ransomware ran rampant throughout the world whereas over 150 countries and over 200,000 organizations were impacted. This was simply because the hackers found an exploit in older Windows operating systems. Security updates can seem mundane, but they’re there for an ever-important reason.

Antivirus services are constantly finding new threats and updating their procedures. Make sure to update your software so you are protected from the newest and more sophisticated threats.

5 – If you’re breached, call in the experts:
When you deal with cyber crime, it’s especially hard to fight back without the help of an expert. Not everyone or every organization can spend all day thinking about security, but there are experts like E-Tech who do.

Feel free to Contact Us for more information.

[WEBINAR RECORDING]: THE DARK WEB IS REAL: HOW TO PROTECT YOURSELF FROM DIGITAL RISK

By |2024-01-23T15:03:16-05:00September 14th, 2020|Cyber Security Awareness, Dark Web Monitoring, Uncategorized, Webinars, Website Security|

Date And Time: Thursday, September 10, 2020 @ 2PM-3PM EST

You may have heard of it before or wished upon a star for a place on the internet where you are untraceable – a place you can explore with complete anonymity. That virtual haven is known to its users as the Dark Web. Although complete anonymity is nearly impossible, surfing the Dark Web is the closest you can get to it. But what is it and how does it affect me? On September 10, 2020 from 2PM-3PM EST, we took a deep dive into the Dark Web and looked at your digital risk and how to protect your most important asset.

The reality is, once you’re exposed on the Dark Web, your information can never be completely removed or hidden. You can’t file a complaint or contact a support line to demand your data be removed.

Your company should immediately start taking appropriate steps and measures to correct or minimize the risks and potential damages associated with this exposed data. Identify, understand and learn from past mistakes or failures, and adopt a more proactive and preventative approach to your business’ cybersecurity strategies moving forward.

Talking Points:

  • The newest alarming data breaches and compromises happening in 2020
  • What are Phishing and Ransomware Attacks and how they are on the rise
  • Ways that your employees’ work credentials can lead to a breach
  • How to practice good email hygiene
  • Non-profit and Small Business weakness stats
  • What the difference is between the ‘Deep Web’ and the ‘Dark Web’
  • A look into the Dark Web and its virtual black markets
  • How your data goes for sale on the dark web
  • How credentials are compromised
  • How hackers use your credentials
  • Protecting against compromises and how to stay proactive
  • How the human factor is key
  • How Cyber Security Awareness Training is the #1 tool for employees
  • Dark Web Monitoring if your credentials have been exposed in a breach

Speakers:

Ian Evans
President and CEO

Corey Evans
Business Development Associate

Simmer Principio
Cyber Security Analyst

These 5 major companies have recently fallen victim to gigantic cyber attacks!

By |2020-06-15T23:48:36-04:00June 15th, 2020|Business Continuity Solutions, Cyber Security Awareness, Dark Web Monitoring, Infrastructure Security, Uncategorized, Website Security|

The year 2020 is 100% the year of cyber crime as it continues to be the safest, most profitable and most common way for criminals to make money. It’s not a surprise that seemingly everyday there is another major company that has fallen victim to some sort of cyber attack. Whether the hackers are using phishing emails, social engineering, ransomware, or malware, you can be sure that every company needs to start paying attention to the huge cyber security threat. Just recently, we have discovered 5 major Canadian and American companies that have fallen victim to gigantic cyber attacks.

  1. LifeLabs [1]

LifeLabs is Canada’s largest medical laboratory serving the majority of Canadians. In fact, nearing the end of 2019, Lifelabs experienced a data breach that affected approximately 40% of ALL Canadians – upwards of 15 million people. Former privacy commissioner of Ontario, Ann Cavoukian, detailed the breach as the “most sensitive of information.” What was compromised? Reportedly, the health card numbers, names, email addresses, login, passwords and dates of birth have all been exposed. In an attempt to ease their costumers, Lifelabs has offered all those affected free Dark Web Monitoring and Identity Theft Insurance.

  1. Chartered Professional Accountants of Canada (CPA) [2]

The Chartered Professional Accountants of Canada says that a recent cyber attack on its website affected upwards of 330 000 of its members and stakeholders. What was compromised? It was reported that first names, last names, employer names, emails, and addresses of their members and stakeholders was stolen. Always a threat are the passwords and credit card numbers, but due to encryption, they were safe this time from the bad actors. The CPA warns that the data stolen could and will be used for identity theft, so their users should remain vigilant for fraudulent emails.

  1. Grubman Shire Meiselas & Sacks (Entertainment & Media Lawyers) [3]

The Grubman law firm is a leader in its industry. They represent major entertainment stars like J-Lo, David Letterman, Robert DeNiro, Barbra Streisand, Maria Carey, Rod Steward, Bruce Springsteen, Elton John, the Kardashian sisters & family, Madonna, Tom Cruise, Dwayne Johnson and many more major artists. Grubman was hit by a ransomware attack this May that demanded 21 MILLION to decrypt the data. What was compromised? The leaked files include contracts, phone numbers, emails, agreements and more. When the full ransom demands were not met, some documents were released to the public for Lady Gaga and the hackers posted an updated demand of $42 million, 2 times the original amount. Now, the hackers are threatening to leak info related to President Trump. Although Grubman says they never worked directly with Trump, they say they have some dirty laundry on Trump that could hurt his re-election.

  1. Diebold Nixdorf (ATM Manufacturer & Retailer) [4]

Diebold Nixdorf is currently the largest ATM provider in the US, and they fell victim to a ransomware attack this April. The company reported that they only experienced only a “limited IT systems outage” and that ATM machines were not affected. While the company’s IT and security teams did a good job in containing the extent of the ransomware, the ransomware attack affected services for about 100 of its customers. The form of ransomware was reported to be a strain called PwndLocker, famous for demanding funds upwards of $660 000 dollars as a ransom payment. Thankfully, Diebold did not reward the cyber criminals by paying the ransom.

  1. The Beer Store [5]

Amid the global pandemic of COVID-19, some of Ontario’s 450 industry-owned retail beer outlets known as The Beer Store have been forced to accept only cash for sales after a cyber attack in March. Over twitter, the Beer Store released the statement “Overnight, we were subjected to a cyber attack and are following internal response protocols. Some of our locations are operating with cash only.” However, it is unclear if the cyber attack was successful, or what was attacked like the Point of Sale system of the website. Hacks like this are increasing. Hackers are commonly infiltrating web pages and e-commerce transaction providers to insert code and skim off payment card numbers.

Cyber attacks are ever prevalent, and the threat to your business is constant. How can a business be better secure against cyber attacks? Consider the 3 Pillars of Cyber Security: People, Process, & Technology.

People are, and will always be, the weakest link in the cyber security chain. Cyber Security Awareness Training remains the best tool to educate staff on today’s cyber threats and enables them to fight against cyber attacks everyday.

Company Processes should be revisited every quarter. It is always recommended to have an up to date Business Continuity and Disaster Recovery plan. In the event of a cyber attack or a natural disaster, (ie. COVID-19), you should always have a plan to keep your business afloat.

Lastly, the Technology should always be current, up to date, and strong. Enable your users and staff with proper Network Security and Dark Web Monitoring. When all three of these pillars of cyber security are at its strongest, you can be sure that you’re protected from cyber attacks.

Please reach out to us about the products we’ve mentioned: Cyber Security Awareness Training, Business Continuity, Dark Web Monitoring & Network Security.

>

Title

ABOUT US

201 Consumers Road
Suite 204
Toronto, Ontario
M2J 4G8
(647) 361-8191

EXPERTISE

HELPFUL LINKS

E-Tech. All Rights Reserved 2024.

Accessibility by WAH
Go to Top