People assume that hackers are specifically targeting their company’s data for something similar to WikiLeaks. This is not the focus for most hackers–the main reason they want access to your environment is to lock down your data and have you pay them ransom money.
How do they get in your network in the first place? The most common ways a hacker can access your network are the following:
- Phishing – good old social engineering at its best!
The most common way to access your network is through your employees, and hackers are getting smarter. Some are using LinkedIn to connect with your employees and sending them hyperlinks to malicious websites. Others are using their standard phishing emails. The new trend for these attacks is encrypted emails. Cyber criminals have been able to send an encrypted message that appears to be from a legitimate contact (they do their research) and then your employee unencrypts it, which is where the malicious activity begins.
- Buffer Overflow
Your website forms. Yes, they can basically hack your website forms to steal data, cause damage, or access your network.
- Password Hacking
Still using default passwords for your computer, modem, or Wi-Fi router? Well sorry to tell you the hackers can get it. Most of the default passwords for any hardware are available to the most amateur hackers. So make sure you change your default passwords and then change your passwords regularly.
- Downloading Free Software
Anything free is good right? Not! Cyber criminals make fake free software websites and downloads just so you can be lured to them and download their malicious files.
- Fault Injection
Cyber hackers basically infiltrate your software’s code and implant their own to see if they can crash the system. For example, a cyber hacker could use a database query that would erase the content, or type in a web URL that delivers a worm into your network.
If you learn the behavior of a cyber hacker and know the common tricks that they play to try to get you to pay, you could potentially avoid being the victim.
If you want to learn more about how to protect yourself against ransomware check out our Ransomware Blog Series every month or contact us our Security Services at firstname.lastname@example.org or 630.832.0075 for a complimentary consultation.