Cyber security can mean physical protection of physical computers and computer components. However, the term cyber security typically refers to the protection of data stored on computer networks.
Cyber security = protection of digital data.
Threats to cyber security can occur from a multitude of sources, including sophisticated targeted attacks or malware delivered to computer systems via phishing.
Phishing is a confidence trick that involves a cyber criminal sending communications to people in order to deceive them and gain sensitive information from them:
Phishing attempts to get data via communication replies or getting victims to download malware.
Phishing can be used to gain data or just to disable computer systems and harm data.
Phishing can be used on mass amounts of individuals at once or can be specifically targeting individuals and organizations.
In regards to cyber security, phishing is one of two large threats to organizations. The other being targeted attacks.
Cyber Security Attack: Malware Via Phishing
Malware is software that a cyber criminal places on an organization's computer system via the organization's Operating System.
Malware is a term used to describe all harmful computer software.
The malware can be designed to simply bypass cyber security to disrupt data systems or can allow the cyber criminal to spy on a network or have sole access to the network, preventing victim organization from being able to access the computer system and its data.
Cyber Security Attack: Types of Malware
Malware is a term used to describe all harmful computer software and there is a lot of software that fits this description. However, there are three common forms of malicious software:
Ransomware is malware that a cyber criminal places on an organization's computer system via the Operating System. The ransomware allows the cyber criminal to have sole access to the system's data, preventing the victim organization from being able to access the computer system and its data. The cyber criminal/ hacker will then request money in exchange for granting data access back to the victim organization.
Spyware is secretive malware that sends user information to a database. Spyware is downloaded on a computer system without the victim organization being aware. This covert download usually occurs when the employee of an organization visits a web page that forces the organization's computer system to covertly download the malware spyware program.
Spyware can also come secretly packaged with a program the victim organization voluntarily downloads.
Spyware can also be the entire program, secretly disguised as a safe program.
After the successful download of the spyware, the organization's data on the computer is recorded and sent to the owner of the spyware.
A computer virus is malware that acts like a biological virus: it spreads on its own to other computers. Many computer viruses are created to cause chaos and damage the software on computers.
How Does Malware Bypass Cyber Security?
Malware attacks weak points in the victim organization's Operating System:
An Operating System (OS) is the software that runs a computer or device. The OS manages the computer's memory and processing. The OS enables the user to operate the computer without knowing coding. Everything that is seen on the computer’s monitor is the OS.
OS examples: Apple iOS 14 and Android 10.
Malware is delivered to many computer networks via phishing email:
A phishing email is an email that has a downloadable attachment which is the malware.
The email will attempt to look innocent or similar to an email the victim organization is expecting. An employee will then download the attachment, thinking it is something else.
Malware Pop Up Ads
These are online ads where the links does not go to a product page but rather to a download of the malware.
Malware Via Bad Website
A bad website is a compromised website. This website secretly forces the user's computer network to download the malware.
Using Cyber Security to Fight Malware
There are three good ways to fight malware:
Use reputable and up to date anti-virus software.
Only download programs from trusted sources.
Not clicking online ads or email links and attachments.
Targeted Attacks Against An Organization's Cyber Security
Typically, the larger the organization, the more of a threat there is against targeted attacks. Two examples are backdoor attacks and denial of service attacks.
Backdoor Attack: A hacker bypasses proper login methods.
Data Locking: Access to the organization's data is disabled. This is usually the case with ransomware.
What Kind of Data is at Risk From Cyber Attack?
There is a lot of data an organization needs to protect, such as
Financial and banking information
About the Author
Peter Sandru is an Instructor & Co-Founder of NDIL with over 15 years as a Professional Investigator. Peter has spent more than a decade conducting investigations and security operations throughout the world, primarily for corporations, law firms, and government agencies. Peter has assisted in the creation of numerous investigative & security training programs in various capacities.