INSIDE JOB: HOW DO HACKERS AND CYBER CRIMINALS OPERATE?
Businesses and individuals are always being reminded of the rising risk of cyber crime, either as a safety precaution from their bank and their insurance broker, or simply from the steady stream of high profile businesses whose encounters with hackers have made the news.
But what are we actually up against with cyber crime? Independent Insurance Bureau Ltd looks behind the screens to highlight just a few ways in which cyber criminals make their mark:
Social Engineering
This is where the “con artists” of the cyber world make their gains. Social engineering involved tactics to trick people out of their personal data, bank details, passwords and other important information that you wouldn’t want to see in the wrong hands.
Examples of social engineering include phishing emails, which either seek to convince the recipient to part with bank details or other important data, or encourage them open an attachment or click a link that contains a virus.
Pretexting is a another common form of social engineering, such as when a hacker pretends to be affiliated with a source you trust, your own bank for example, and ask for the kind of information your actual bank would never ask you to divulge.
Bots
A bot is a type of malware that allows hackers to take control of many computers at a time. They can then use this network of “zombie” computers to spread viruses further, and create spam quicker in greater volumes.
This malware infects vulnerable and unprotected computers and uses them without the owner’s knowledge to surreptitiously carry out any number of illegal activities, such as stealing personal data, bank details, click fraud or denial of service.
Denial of Service
Imagine a website that has so much traffic constantly flowing through it, that to take it offline even for a respectively short period of time, would amount to a huge financial disaster for that company.
Such sites are a prime target for cyber criminals, who may use a technique called distribution denial of service (DDOS), to do just that.
Those planning a DDOS will effectively recruit a number of unprotected computers to create a “botnet” to carry out the attack.
In a controlled test run of DDOS, BBC technology programme Click’s presenter, Spencer Kelly, and Jacques Erasmus of security firm Prevx found that it took only 60 computers to simulate a website crash that took Prevx’s replica site offline.
But to what end? The website owner knows that blocks to their high traffic website could result in a substantial loss of business, and it’s this concern that cyber criminals use to their advantage. They will often threaten the website owners with a DDOS, so that the business has no choice but to pay up or run the risk of losing much more through lost business.
Warning signs
Social Engineering – If you receive an email that isn’t addressed directly to you, names a company which doesn’t match the email address, or is from a source you don’t normally deal with, be wary. If a message looks and sounds like your bank but is asking for your pin number, it’s not your bank. They would never ask you for this.
Bots – If your computer becomes infected by a bot it may slow down, display unusual messages, or crash altogether.
DDOS – Your website becomes increasingly slow over a period of time before crashing completely, despite a healthy internet connection.
What to do
Once you know in part what you and your computer or IT systems are up against, you can take measures protect against it.
Anti-virus software, secure wi-fi networks and strong passwords offer some defence but if in spite of these measures the warning signs still appear, a Cyber Liability Insurance policy can help repair the damage caused by a cyber attack.
Call 01530 415271 or email info@iibinsurance.co.uk to find out more about how Independent Insurance Bureau Ltd can help with Cyber Liability Insurance.