Every time a cyberattack is widely reported, the topic of cybersecurity gets nearly as much attention as the attack itself. The recent NotPetya ransomware attack is no exception.
NotPetya was a ransomware attack that first struck infrastructure sites in Ukraine in late June, 2017. It encrypted not only data (as most ransomware attacks do), but also hard drives, giving it the power to shut down entire networks.
NotPetya also took advantage of improved worm capabilities to spread quickly after being introduced by phishing. Once the ransomware is in the system and has encrypted user data, it alerts the user and demands payment for a decryption key. Without this key, the data cannot be decrypted.
This particular attack is notable not just for the speed with which it spread, but also because there’s speculation that it was undertaken not for financial reasons, but for political ones. Reuter’s points out that the NotPetya attack may have been intended to install new malware and “plant the seeds of future sabotage.”
While ransomware attacks are potentially crippling for pretty much any individual or organization, they aren’t the only kind of cyberattack to watch for.
Below are some common types of attacks that hackers instigate for a variety of reasons:
Phishing/Spear Phishing
If you’ve been online for more than a week, you’ve received an email that looks reasonably legitimate asking for some kind of personal information, whether it’s confirmation of an email address or a bank account number. That’s an example of phishing.
Spear phishing is slightly more sophisticated. Spear phishing emails look like they’re coming from someone on your contact list and might have a message that sounds personal.
The goal is the same, though – they want you to click a link, send personal information or download some software.
Denial of Service
There are a few types of denial of service attacks (denial of service, distributed denial of service, and permanent denial of service), and they all operate in basically the same way – they overload a server or its firmware with traffic, rendering it unusable. The permanent denial of service attack does this in a way that permanently disables the server.
Advanced Persistent Threat Attack
Advanced persistent threat attacks are particularly sneaky. Their malware will break into a network, steal data without being detected, and then leave. Their goal is to steal data over a long period of time, and their targets are often large organizations with a great deal of intellectual property.
The Best Defense
Although some of these attacks can be quite harmful, there are many ways you can help keep your networks and computers safe on an individual and systemic level.
Don’t Open Attachments
Many of these attacks infiltrate a network after someone opens an attachment containing a malicious file that infects the individual machine. If the machine is part of a corporate network, other machines will most likely be infected.
If you’re unsure of the contents of a file, check with the sender to see if it’s legitimate. When sending a file, it’s also a good idea to notify the recipients that the file is okay. Including a note like, “Here’s that contact spreadsheet you asked for at lunch,” will help ensure the recipient that the file is clear.
Symantec says that 1 in every 131 emails contains malware, so it’s best to be cautious when clicking anything that appears in an email.
Use Secure Passwords
If your password is a 10-letter word that’s in the dictionary, a computer with the right software can probably crack it in under an hour. Add a capital letter in the middle of it, and it will take a month to decode. Add a symbol at the end, and you’re up to 97 years.
Making your password more complex is pretty simple, but it can have a huge security payoff. You can test the strength of your passwords here: https://howsecureismypassword.net/.
Note that if your password is “password,” the right software can crack it instantly and gain access to whatever data the password was protecting.
Update Firewall and Anti-Virus Software
Security companies regularly update their software to keep on top of the latest threats. If your software is out of date, you’re at risk from new attacks. Updating is an easy way to block known threats, and it’s a good practice to do it often.
Backup Your Data
Since many cyberattacks target your data, there is one step you can take that will minimize their impact if one gets past your defenses – backup your data. Whether you want a cloud backup or something on premises, there are many easy, automatic ways to do this. Setting up a regular backup will keep your data safe and personally accessible in the event of attack.
There’s no way to be 100% safe from cyberattacks, but adhering to security protocols and exercising a little vigilance can significantly reduce your risk.
Read what Monica Bush, Nintex Senior Manager, Security and Compliance, has to say about protecting your data.