The 4 Most Frequent Computer Attacks and How to Avoid Them | Antivirus

As well as new technologies, Internet-based computer threats have evolved over the decades, to the point that today they have become one of the main concerns of people and companies who need to keep their devices safe and protect information from diverse nature. In this regard, a study prepared by the consulting firm Kaspersky Lab on security risks in information technology (IT) in 2016, revealed that 82% of companies worldwide have suffered between one and five incidents of exposure, leakage, or data loss in the last 12 months. As a result of these kinds of incidents, 10% of them lost access to critical information for a week and 15% experienced outages that prevented them from doing business for more than seven days.

Precisely because of these latent risks,   information security has become a real priority for companies of all scale, with special emphasis on SMEs, organizations that are often more vulnerable to these attacks.

Therefore, here we detail the four most frequent computer attacks today and the prevention and correction measures recommended to face them.

1. Malware

The malware or software malware is a category of software designed to infiltrate and damage an information system without being detected. Although malware is used to refer in a general way to malicious software, there are different types of malware that respond to their own characteristics and different behaviors. Among the most used malware, the virus stands out, a malicious code that infects the files on the device in the form of an executable file (or .exe file), and that uses the ignorance of users to infect a computer.

Other known malware are worms ( software somewhat more sophisticated than the virus, which creates copies of itself in order to affect other computers), Trojans (programs designed to enter security systems and allow access to other malicious files ), spyware (programs that spy on a device to obtain private information and that can install other malicious software ) and the now-famous ransomware, which hijack the valuable information of a device, in order to request a transfer in cryptocurrency or digital currencies by way of rescue.

To minimize the risk of malware, it is important to have powerful antivirus and antimalware software. In the case of companies, the staff must also be trained so that they do not open email attachments from unknown or unreliable sources.

2. DDoS Attack

It is one of the most frequent attacks on the Internet. Also known as "denial of the distributed service" (which comes from the English " distributed denial of service"), it consists of blocking access to a site web and, simultaneously, the attack on the server by entering a large volume of junk information (for example, filling in forms with false data or sending requests). This causes saturation in the server flow, clogs the website, or determines the loss of connectivity in this space. Usually, these attacks are made through computers infected with Trojans.

A basic measure to take to avoid a  DDoS attack is to add the protection option against this type of attack to the firewall or to install an anti-DDoS system. Although the most advisable thing is to ask the Internet service provider to enable DDoS protection from your network since it has greater protection capacity and the attack is mitigated before consuming resources from the contracted Internet.

3. Phishing 

Phishing is a method used by attackers to impersonate a user or company by electronic communication (email, instant messaging, etc.), in order to obtain personal and banking data.

Although phishing is not a direct attack against a  website or its servers, this method seeks to divert the flow of customers, income, or searches to a fake portal. Although it focuses its attacks on stores or online sales portals, phishing is also frequent on sites that offer financial services or on those websites that maintain a constant flow of credit. A persistent way of forcing user confusion is by advertising the appearance of the fake site on the net and even paying to appear first in search engines.

To avoid falling into these types of attacks, it is important to verify that the sender of any email corresponds to the entity to which it claims to belong and that it does not contain strange letters or characters. Another way to identify these fake sites is to observe that the "safe site" label appears in the address bar and to be wary of links inserted in our e-mails.

4. Baiting

It consists of an attack aimed at infecting computers and networks from removable storage devices such as pen drives, SD cards, or external hard drives. Through these computers, attackers introduce files infected with malware. Being a malicious software that enters externally to the computer, the attack strategy is usually to place these external storage devices in the vicinity of the company, so that they are used and connected to corporate computers by staff.

Logically, the best way to avoid an attack of this type will be to make your collaborators aware of the importance of not connecting unknown storage devices and only using those inventoried by the company.

And you, have you suffered any computer threats in the last year?