There are many types of cyber attacks. They all have one malicious goal: steal sensitive information. Cyber attacks are estimated to cost the world $1 trillion in losses, around 1% of the world GDP. Cyber crime is a complex, modern issue. It can be easy to get lost. Start out small by knowing basic types of cyber crime. Below is a list of the types of cyber attacks that business reporters should be aware of.
According to the Federal Trade Commission (FTC), malware is viruses, spyware, ransomware and other unwanted software that is secretly installed onto a device to steal sensitive information, demand payment and more. Cisco, an American technology conglomerate, states that malware usually breaches a device when a user clicks a dangerous link or email attachment. CovidLock is ransomware that promises more information about the SARS-CoV-2 disease. However, it will instead encrypt data from Android devices and deny data access to victims. To gain access back, a user must pay $100 per CovidLock-infected device.
Cisco defines phishing as “the practice of sending fraudulent communications that appear to come from a reputable source, usually through email.” These emails usually pose as companies that you know and trust or say that there is a problem that needs to be fixed. The goal is to steal sensitive data or install malware onto a user’s machine. The FBI’s Internet Crime Complaint Center (IC3) published a report stating that people lost $57 million to phishing in 2019.
Man-in-the-Middle (MitM) attacks are where a user tries to communicate with a second party, but a third party, the “man in the middle,” intercepts the victim’s communications without being noticed. In one FTC case, Lenovo, a computer company, was unaware that an unknown ad-injecting software, the man in the middle, was put into the company’s new laptops which were sold to consumers, putting their personal information at risk.
The Cybersecurity and Infrastructure Security Agency (CISA) defines denial-of-service attacks as an occurrence where “legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.” An example of a DoS attack is when a malicious attacker overwhelms servers to a point where service cannot be attained. Reuters reported an instance in early June where more than 800 financial institutions experienced DoS attacks that disrupted service to customers.
Structured Query Language (SQL) Injection
PortSwigger, a software company that offers tools for web application security, describes an SQl injection as a vulnerability that allows an attacker to view data that they are not normally able to retrieve. A group called Team GhostShell stole 36,000 personal records belonging to students, faculty and staff of 53 universities through SQL injection. The group then published the acquired records.
Zero-day exploits are when hackers utilize recently discovered security vulnerabilities to attack systems. In 2020, hackers accessed a user’s PC remotely if they were running an older version of Windows. If the target was an administrator, the hacker could completely take over their machine and access all their files.
DNS tunneling involves DNS protocol. DNS, the Domain Name System, is where people access information online through domain names, like nytimes.com or espn.com. DNS tunneling is complex. Palo Alto Network states that DNS tunneling exploits the DNS protocol to tunnel malware and other data through a client-server model. Visit their website for a more in-depth explanation. The most well-known example of DNS tunneling is SUNBURST.
In order to report on cybersecurity, reporters should have a basic knowledge of cyber crimes like the ones above. It allows the reporter to understand the gravity of the situation while also helping deduce what type of crime occurred.
Want the best tips and story ideas from the Reynolds Center in your mailbox every month? Sign up for our monthly newsletter!