ICFE eNEWS #19-13 - April 4th 2019
Cyber Attacks: More Than Phishings
Cyber security attacks have become common in our everyday lives.
The news is full of reports of identity theft, breaches, and the
damage caused to companies and individuals who have fallen
Most of us think of cybercrime in terms of phishing emails or
credit card theft, but cybercrime comes in many forms. It is
important to understand how to identify them and protect
yourself from falling victim.
• Every 39 seconds there is a cyber attack
• 95% of cybersecurity breaches are due to human error
• Globally, the estimated cost of cybercrime in 2018 was $1
A cyber attack is any attempt to expose, alter, disable,
destroy, steal or gain unauthorized access to or make
unauthorized use of a computer and/or computer networks.
Cybersecurity practitioners anticipate that attacks will
intensify as our reliance on technology continues to increase.
From accessing email on mobile devices to Wi-Fi connected light
bulbs and appliances, people are accepting more and more risk,
increasing the opportunities for cyber attackers to access our
Below is an overview of some known types of cyber attacks and
ways to protect yourself and your family against them:
Commonly known types of cyber attacks:
Attacker uses a tool to attempt every combination of letters and
numbers with the hope of eventually guessing the password and
gaining access to an account, website, or computer.
How to prevent Brute-force?
Reset passwords on a regular basis. If available, set up login
notifications from untrusted devices.
Attacker deploys malicious software that is designed to cause
damage to and operate on a computer system without the user’s
knowledge or consent.
How to prevent Malware?
Install anti-virus/malware software on your devices. Keep
anti-virus software up to date and run regularly scheduled
scans. Think before you click.
Attacker secretly interferes and possibly alters communication
between two parties who believe they are communicating directly
with each other.
How to prevent Man-in-the-Middle?
Connect only to trusted Wi-Fi networks; such as work or home
networks. Use caution if on a public network. Do not log in to
websites that have certificate errors reported by your web
browser or are not using encryption (https).
Attacker attempts to steal information, often by asking the
recipient to provide login credentials, such as usernames and
passwords, that would allow access to secure systems or
accounts, usually made through email.
How to prevent Phishing?
If you receive an email with any request that seems out of the
ordinary, no matter who it’s from, check with the sender to
confirm it is legitimate. Hover over the linked-text to view the
URL and confirm it directs you to a trusted site. If it is not
familiar, don’t click. Check email for proper grammar and
punctuation. Review and set up spam filters for maximum
Attacker prevents or disrupts a legitimate user from accessing a
website, application, or computer.
How to prevent Denial-of-service?
It is very difficult to defend against a DoS attack launched by
a sophisticated attacker. Typically, victims will have to
coordinate their response with the internet service provider
that provides network access.
Attacker holds a website and/or files hostage by encrypting or
deleting them, demanding payment in exchange for their return.
How to prevent Ransomware?
Never provide personal information when answering an email,
unsolicited phone call, text message or instant message. Use
only reputable antivirus software and firewalls. Back up files
Attacker creates an exact replica of a website with the
expectation that an unsuspecting visitor will interact with the
fake website and provide protected information.
How to prevent Defacement?
Verify the websites you visit are correct by reviewing the full
URL. Look for incorrect spelling, formatting, and any other
irregularities. If anything appears suspicious, leave the site
Less commonly known types of cyber-attacks:
Cross-site scripting (XSS)
Attacker deploys malicious script onto a website, which an
unsuspecting user visits, triggering the attacker’s malicious
script to load and execute. This leads to theft of sensitive
data, session hijacking, or worse compromises.
Attacker targets a specific recipient or group and with
detailed, specific messaging, in hopes of receiving information
or gaining access to something protected. Whaling is the same as
spear phishing, but targets individuals in positions of power
and/or wealthy people or groups.
Perpetrators of cybercrime are smart, sophisticated, and
persistent in their attempts to steal information. They do not
only target large companies like LabCorp and Covance; they seek
to gain access to an individual’s information as well. We must
remain alert and vigilant to the signs and know what action to
take to remain safe.
Visit the OIS mission:SAFE Resource Repository to learn more
about cyber-attacks and cyber safety. If you have any questions,
contact OIS mission:SAFE.
Resource: OIS mission:SAFE
P. William (Pete) Zivanchev
Covance Market Access Services
10300 Campus Point Drive, Suite 225
San Diego, CA 92121-1511