Malware is an umbrella term to define any piece of software whose intent is to do harm to your computer or phone. Most all cyber threats floating around the internet today are considered malware. Viruses, adware, spyware, rootkits, cryptojacking and ransomware are all examples of types of Malware.
Cyber criminals would use Malware for: Data loss (deleting your company files), Data theft (stealing financial information, proprietary designs, business plans, etc..), Data corruption (purposely corrupting your files to prevent you from doing business), Cryptomining (using your company computers without you knowing to mine from cryptocurrency), eavesdropping on your network traffic (scanning your traffic to know what websites you visit and gain access to your website accounts like banking) and holding your data hostage. These are just a few examples of the most common, but all depends on how crafty the cyber criminal is. Your legal team, marketing team, accounting team, engineering team and even the warehouse team are all susceptible to malware attacks.
In 2018, the US Department of Justice indicted nine Iranian hackers for attacking more than 300 US universities. They store 31 Terabytes of data worth close to $3 Billion dollars. They used carefully crafted emails to trick professors and other staff members to enter network login credentials. They gained access to 8,000 accounts.
According to Wired.com 2018 Worst Breaches
Ransomware is a subset of Malware, but one of the most wide-spread attacks. It's a type of malware that prevents you from accessing your files by displaying a full screen warning message threating to lock your files using encryption or even erase your computer unless you pay the cyber attacker a predefined amount of money. These warning messages could imitate the FBI, US DOJ or they will proudly display their hackers group. One of the most well known Ransomware's out there is known as WannaCry.
Imagine you walk into the office, turn on your computer and find that a message is displayed saying you have 1 hour to pay $1,000 to unlock your files, or lose them forever. If this was a computer that belongs to an intern, it wouldn't be the most devistating loss, but if this belonged to your legal team, accounting supervisor or worse, the CEO, the loss could be devastating. More often than not, after you pay the ransom fee via Bitcoin so you can't trace the cyber criminal, they will not release your files from the encryption and you'll be out of money and data. Best case they release your files, but the cyber criminal could have tampered with your computer and anti-malware software to bypass your security protocols and keep undetected access to your machine.
Missouri based Blue Springs Family Care got attacked by ransomware that effected a computer containing roughly 45,000 patient records. The cost of this breach was $408 per patient record, or approx. $18.3 million dollars.
Source: Healthcare IT News
Data theft (also known as a Data Breach) is stealing information in the form of files (data) stored on company servers, workplace computers and even cell phones. Usually done by taking advantage of operating system exploits, email scams, applications with secret intentions or malicious intent by an employee.
Every company stores valuable information on their servers ranging from private customer data to employee records. This data is what fuels your company. You could have proprietary engineering documents and drawings that differentiate your company from your competitors or something smaller such as your exclusive vendor list. If information like that was stolen from your company and sold to your competitor to gain an advantage over you, that would hurt your business in the long run. If customer data was stolen and sold off on the dark web, you lose the customer trust your company worked so hard over the years to build. If your company is public, news like this could cause a massive sell-off of your stock, whiping out enormous amounts of valuation.
Yahoo, eBay, Uber, Ashley Madison, Target, Home Depot and Sony Pictures. Those are just a few of the biggest data theft breaches in history and are all very much memorable. Credit card numbers, health records, social security, emails and billions of dollars were stolen.
Phishing is one of the most effective and dangerous types of cyber attacks, yet it's the simplest of them all. It's the attempt to fool someone into sharing private information, most common being your username/password to sensitive accounts by imitating a website such as your bank or favorite social network. Fake emails that look like your credit card bill or cell phone bill with a button that takes you to a fake website is also extremely common. Other tactics are fake social media accounts with names of people that you know to try and persuade you to help by transferring money or giving access to your home. A perfect example: Are you familiar with the longest running phishing scam, the "Nigerian Prince" that wants to give you his inheritance?
Your employee could get an email from the company bank saying that there has recently been an error with your account and that they need to update the bank records within the next 12 hours or the account will be frozen. The email would have a button that says "Update Now", so they would click on the button and a website would open that looks like just your company's bank. After they enter the username and password to login, another screen opens to enter in account numbers and routing numbers, along with another button that says "Save". Immediately after a two potential things could happen. 1: Username and password was just stolen, which could be used to gain unauthorized access to your account, or 2: Checking and Routing numbers were stolen, which could be used wire transfer money out of your account that same instant. This could be devastating to your company.
Between 2013 and 2017, the accounting departments of Google and Facebook were tricked into wiring approx. $100 million to a cyber criminal in Lithuania. The criminal used fake invoices, emails and corporate stamps to impersonate a large computer parts supplier.
Impersonation fraud attacks, subset of Phishing, are clever attemps to fool you into thinking you're speaking with your CEO, vendors, financial advisor, accounting, etc... These sorts of attacks are typically done through email and will almost always end in requesting a wire transfer of money or private data on employees (such as a W2 or 1099). The FBI has reported in 2016 that American companies have lost more than $1.8 Billion.
A cyber attacker could very easily take over a vendor's email address, scan through their inbox/sent mails for recent transactions and fool you. You could receive an email from a vendor telling you that their banking information has changed and that you should send the upcoming payment to the new bank. The hacker would provide you with new bank wire instructions while monitoring the vendors email to delete any response from you confirming it, leaving no trace of this communication. After you send the payment to your vendor, your money is gone and the vendor would not have gotten paid, leaving you at a loss. Another effect could be a fake email from your CEO requesting the W2 forms for all employees ASAP, giving the cyber attacker a bundle of stolen social security numbers leaving your employees suspectible to Identity Theft.
Mattel, one of the largest toy manufacturers in the world, lost $3 million in 2015 due to a CEO fraud email scam orchestrated by chinese cyber criminals.
Source: CBS News
Hackers is the name of a rouge computer programmer, commonly known as a Black-hat, who has the skillset to modify computer software or hardware for their benefit and your loss. Most hackers are fueled by money, power and ego and will hack for financial gain, political agendas, or more often than not, just for fun.
Every cyber criminal is a type of Hacker, but in general, the effects of a hack could be disasterous. Hackers could destroy your network, computers, infrastructure, prevent access to your website or even go so far as preventing employees from entering your corporate office. Hackers could also install programs to monitor your every digital move and use it to threaten you. Corporate espionage is a huge business and the financial gain behind it will continue to fuel it for years to come.
Marriott, the global hotel chain, in 2018 was hacked and had 500 Billion customer records stolen.
Source: Fast Company
It will never end. As more and more companies turn to hardware solutions such as Firewalls and Real-time file scanning to protect their assets, less are investing in the one most powerful tool to prevent attacks, the employees. There are so many new attacks being crafted every day to circumvent security protocols by hackers and cyber criminals. Hacks that involve your smart phone, smart security systems, smart assistant devices, even the webcam on your laptop.
Supplement your cyber security plan by training your most powerful asset, your employees who use the computers, servers and handle the data on a daily basis. The more they know about cyber attacks, the safer your network could be.