Data Protection, Technology and Cybersecurity Area
Cybersecurity
Types of attack
To be prepared to defend against a cyber attack, it is important for organizations to know the methods most commonly used by criminals.
In general, they vary depending on the criminal’s purpose, which can be diverse, such as gaining access to personal data or paralyzing the organization’s operations.
Social engineering
These are techniques that aim to trick the user so that he ends up helping the criminal, whether by downloading malicious software or delivering sensitive information, for example. For this, the criminal seeks to gain the user's trust, especially if he has privileges to access data.
The most common social engineering attacks are phishing and spear phishing. In the first one, malicious mail is usually sent to several people, so that one of the recipients is deceived by its appearance of legitimacy, and ends up installing malware or giving the criminal access to the organization’s systems. Spear phishing works in a similar way, but it has a specific target, about whom the criminal has private information, which makes it easier for them to believe the scam. Employees’ lack of knowledge about cybersecurity is the main factor that makes this type of attack successful.
Brute force
The criminal enters the organization’s system through successive attempts to guess the access password. It is a trial-and-error basis. In general, programs are used that speed up the process. This type of attack is facilitated when the organization does not have a policy of using strong passwords and multiple authentication factors.
Denial of service
Distributed denial of service (DDoS) aims to render a system inoperable due to excessive data traffic. For this, criminals usually install malware on multiple computers that are remotely controlled to attack the system at the same time. To minimize the effects of this type of attack, it is important that the organization has a plan to continue operating if one or more of its systems are down.