Cyber attacks are a truly clear and present danger which we all face. Yesterday I wrote about Malware myths here:   https://ericcrichardson.com/2021/01/19/malware-myths/amp/. Today I will spend some time speaking about some of the various types of Malware and Attacks which could impact you.  It is quite possible to write books about just about any of these individually- 11 years ago was one of the most complex viruses ever created was unleashed.  It was likely created by a nation state (likely the US and Israel) to target a specific type of programmable logic controllers for centrifuges used in refining nuclear material.   It’s a fascinating read, here is link to an Arstechnica article about it if you wish to read more https://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/  Now the scope of this article is to educate about the breadth of types of attacks and not go into great detail.

Bad Actors Have Everyone in Their Sights

Malware

The Malware family are programs written by bad guys (i.e., “hackers” in popular parlance) to attack a computer to gain control of a computer or phone to either steal data or negatively impact you.  Below are some of the common categories you could potentially experience, all of them have can have extremely negative impacts on those impacted.

Spyware—This is a type of malicious software which gathers data about the user and send that information secretly to others for nefarious uses.  An example is spyware which gets installed and they copy ever key stroke you make, including passwords and user id’s on websites. This “key logger” then transmits the logs of all the keystrokes to bad guys who then try to identify the websites you are using and if they are successful, they can impersonate   you, think about the damage that could happen if someone gets access to your financial or healthcare records!

Ransomware—Has been in the news far too often lately, it is specifically malware which installs on your computer and then secretly encrypts your hard drive so you can’t use it. You then get a message saying you must pay money, or they will erase your hard drive.  If you back up your hard drive regularly you can reduce the damage, but the hackers sometimes threaten to dump your data to embarrass you as well.  We have seen ransomware used to target companies, oddly hospitals which has impacted patients being admitted and, in some cases, caused direct patient harm. Many high-profile companies have been impacted by Ransomware as well, you can look this up with ease.

Adware- This type of malware, when installed, pushes ads onto your web browser usually bundled with some sort of free download, it is the mechanism they seem to make money on free software. Good rule of thumb be incredibly careful when downloading free software.

Botnets— These are a type of malware which creates a net of internet connected devices which can be sued to steal data, send mass E-mailings, or steal data. The Stuxnet attack I mentioned above was a type of Botnet

Dangerous Macros – Macros are effectively ways to automate keystrokes or to do minor automation.  You see Macros often when using Word or Excel, most of the times they are useful.

Attacks

Malware must get on systems to impact them. This section will speak to the methods that the bad guys malware on our systems.

Phishing- Phishing (pronounced ‘Fishing’) is a type of attack which tries to catch as many people as possible with broad way to convince them to download malware. Very often it’s via a fake E-mail from a trusted institution (like a bank) that wants you to click on the E-mail to do something such as “reset a password” when in fact the link will start a download of malware.  It can be hard to spot but if you are on your guard you can see, usually by hovering over the link in the E-mail, that the link is not related to organization you think.  You often see this with banks. 

Spear Phishing– Spear Phising is a more refined version of Phising where an awfully specific organization or individual is targeted. The trick is the same but it’s much more targeted, there is a variant of this called “Whaling” which is going after someone very important within an organization.

DOS- A Denial of Service attack, or DOS, is an attack on something like a website or E-mail servers to simply overwhelm it thus shutting it down.  This is often done by sending websites far more data than they are expecting or badly formed data to trigger errors on the website’s back end software.  Many times, thousands and thousands of versions of the malware could be distributed via phishing attacks, so you have an attack distributed across the planet potentially. This variant is known as a Distributed Denial of Service attack (or DDOS).  

Website manipulation- Bad actors can also try to manipulate web site programming by doing things like passing commands into something like filling out a form. This is known as SQL injection. SQL is Structured Query Language which is the language database serves use and in some cases it’s possible to send in a set of database commands or  a SQL Query

Your best defense- Education!!! Do not click that click, be wary of anything even remotely out of the norm. Educate yourself on attacks and malware and new forms of attacks. Just like you have to lock your doors and windows at night for your house and your car, you need to be prudent for how you protect your computer, laptop, tablet, and phone.