Modus Operandi of Cyber Attacks

The internet is ubiquitous. It has quickly become an essential utility like electricity and water. However, when the internet was built, it was designed with functionality in mind, not security.

Definitions

Cybercrime the term used to describe crimes directed at computers or other information communications technologies and crimes where computers or ICTs are an integral part of an offence.

Cyber security is the practice of defending computers, networks, servers, mobile devices, data from malicious attacks.

A Cyber-attack is an offensive manoeuvre to attempt to expose, alter, disable, destroy, steal or gain information through unauthorised access to or make unauthorised use of an asset.

Cybercrime has evolved into a sophisticated form of destruction and extortion, especially for Small to Medium Businesses (SMB’s). This is because cyber criminals have the technology as well as the ways and the means to easily:

• Seek out and isolate vulnerabilities in internet connected devices
• Gain illegal access to databases, files and devices
• Insert malware and obtain information or lock up data for ransom
• Extort large amounts of money that is untraceable (thanks to Bitcoin and seamless international borders)

The five levels of Cybercrime

1. Computer as a tool - Fraud, identity theft, phishing scams, spam, propagation of illegal material.
2. Computer as a target - Viruses, denial of service, malware.
3. Cyberterrorism - Government level attacks on foreign intelligence services and governments.
4. Cyberextortion - When a system is subjected to or threatened with repeated denial of service, ransomware or other attacks by malicious hackers.
5. Cyberwarfare - National-level attacks on other national-level agencies or infrastructure.

Unfortunately, many business owners think of cybercrime as only relating to levels 3, 4 or 5, and disregarding the possibility of their computer being a tool or a target. The statistics and occurrence tell us otherwise. This is like thinking “Robbers only go after big banks and large organisations” when in reality, robbers go after the easy hit, ie a corner shop or local service station.

According to the Australian Cyber Security Centre (ACSC), over the 2020–21 financial year, the ACSC received over 67,500 cybercrime reports at a value of A$33 billion, an increase of nearly 13 per cent from the previous financial year. This equates to one report of a cyber-attack every 8 minutes compared to one every 10 minutes last financial year. View the full report here.

The average amounts lost per cybercrime incident are:

• A$8,899.00 for small businesses
• A$33,442.00 for medium businesses
• A$19,306.00 for large businesses

The common types of cybercrime on small to medium businesses

Password – an attacker attempts to guess your password using automation and technology that can uncover passwords within hours or even minutes.

Ransomware – After accessing your systems and files, an attacker locks your data using encryption then asks for payment to unlock it.

Malware/viruses - Malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.

Active hacking – Automated or manual unauthorised access of a network or data.

Denial of Service (DoS) - Rendering a machine or network resource unavailable to its intended users.

Social engineering - A broad range of malicious activities accomplished through human interactions, such as a seemingly harmless email with a link to a harmful file or site; or a phone call from a seemingly friendly agency requesting your security details.

Malicious insider - Malicious insiders can be employees, former employees, contractors, or business associates who have legitimate access to your systems and data, but use that access to destroy data, steal data or sabotage your systems (intentionally or by mistake).

If you would like to learn more about cyber security and how you can protect your business, why not enrol in the Cyber Security Academy? It’s sponsored by the Federal Government, so it’s free.

You can also register here for a free one-on-one cyber security assessment, conducted by one of our specialists and overseen by Michael Trimblett, our very own Certified Ethical Hacker.