In simple terms there are 5 main types of attack:
This is where you are sent a fake logon link, usually by email, with a convincing reason to log on to the site. Here you are fooled into entering your live username and password. Now someone else has access to your details.
This is attempts to log on using known passwords from compromised lists or personal information. There are many sources of passwords online – predominantly from phishing attacks and harvested from data breaches before.
This is simply attempting to log on with as many variations as possible by trying known passwords then varying the characters. If the system allows, they can try thousands of passwords in a very short space of time.
This is where one of the programs running on your system has a weakness that can be exploited to essentially give someone high level access without needing an admin password. Quite often a lower level password is used to start the attack.
This is where you are fooled into downloading that latest free game or opening that important looking document that just won’t seem to load for some reason. In reality, a small program has been installed that can make a connection outbound and allow someone else back in.
So how can you stay safe?
Phishing and Trojan attacks rely on users unwittingly providing access. Being vigilant and checking the source of programs and emails you receive, and avoiding clicking on those tempting adverts for free goodies, or click-bait articles… “She took this picture and you won’t believe what happened next!” … will stand you in good stead for not getting caught out. Also never enter your logon credentials unless you are sure about the site, and of course never install any software that does not come from a reputable source.
Using reputable anti-virus software, email filtering and web filtering services will reduce the likelihood of you getting that fake email or web link in the first place
Keeping your machines up to date with anti-virus and patches will help protect against vulnerabilities being invoked, and there is still the software loaded on devices (firmware) that should also be periodically checked – especially on internet facing devices.
Password attacks are mitigated by ensuring you have a secure password for your services, and we recommend using different passwords for different services to reduce the risks.
At Tekkers we have an Essentials service level that we are applying to all clients, that includes anti-virus, patching, web filtering and email filtering as standard as we believe all clients should have these in place to help mitigate risk in their business as a minimum.