Address

©2017 by CyberShelter. Proudly created with Wix.com

156 Brinkburn Street, Hoults Yard, Newcastle upon Tyne, United Kingdom, NE6 2AR

Contact

0330 223 4090

Follow

Glossary

Phishing Attack

Very common. An attacker will send an email designed to look genuine or even like it's from someone you know. The attachment is invariably bad news, designed to attack your computer in some way. Examples would be;

  1. An email from a courier company asking you open the attached invoice.

  2. An email from HMRC explaining you have a tax refund and can you 'please read the attached'.

The point of the attack is to persuade the user to surrender confidential information such as usernames, passwords, credit card details etc. 

If directed to a website via an email then it's always a good idea to look at the URL at the top of the page. For instance if directed to HMRC then you would expect to see something like taxclaim.hmrc.gov.uk and not hmrc.taxclaim.com

Further info can be found from clicking the following links;

How to avoid Phishing Attacks - National Centre for

   Cyber Security

Wikipedia - Phishing

Microsoft - How to recognise phishing emails and

   messages

Malware

Malware is usually installed from browsing around web sites although it can also be delivered via email. It usually needs be installed consciously, ie 'Click here to install Yahoo search into your toolbar' or 'Click here to install our AntiVirus software' are the more honest methods but it can also be secreted in a download link or as an email attachment. Malware is usually (but not always) harmless, being more of an irritant in making your web browser do things that you didn't actually ask it to do - using a non standard search engine for instance. Malware sweeps should be done regularly of course. Not all Malware is harmless, Ransomware attacks and keystroke recorders are both forms of Malware. The name is derived from the term 'Malicious Software' and is an umbrella for a variety of different types of intrusive software including viruses, worms, Trojan Horses, Spyware and Adware. Usually easily removed by using tools freely available on the internet (Malware Bytes for instance)

Further info can be found from the following links;

Wikipedia - Malware

Malware Bytes - Removal Software

​​​

SQL Injection Attack

SQL is the predominant database and database query language used today. There are known vulnerabilities with SQL which can be used to exploit a Database server into divulging Data it otherwise would not. The really dangerous point with an SQL injection attack is that unlike the methods mentioned above it is a targeted attack on a specific server. A hacker will typically use 1 type of attack and if that doesn't yeild results then they will move on to another type of attack. Sadly the internet allows hackers to share newly discovered vulnerabilities almost instantaneously. The best defence here is to keep SQL and the core operating system up to date with latest patches and fixes.

Cross Site Scripting

Cross Site Scripting (XSS) is again more dangerous in terms of a particular site being targeted. Rather than the actual site being the victim though the target of an XSS hack is actually the sites users or visitors. The attack can vary in complexity, the most simple, for example, being to hide a Javascript link in a Blog entry. More complex attack may actually compromise the sites actual html code. Although the actual site isn't the target the sites reputation can of course take serious damage should it become compromised.

RansomWare

Probably the most invasive of all current viruses and attacks. The first half of 2016 saw a threefold increase over the whole of 2015 and 2017 will see RansomWare attacks increase yet again. RansomWare, once installed, will usually encrypt the hard drive and lock the computer with a splash screen advising the data has been encrypted and demanding a payment (the ransom). Payments have in the past been inexpensive but there is no guarantee that once payment has been made the required decryption key will actually be sent. Payment is almost always by an untraceable Cryptocurrency (ie bitcoin but there are others). RansomWare almost always targets Windows operating systems but Mac and Linux variants have been reported. 

Wikipedia - RansomWare

Microsoft - RansomWare FAQ

National Cyber Secure Centre - Ransomware

Do you need to comply?

If the answer is YES to any one of the below questions then email or call us for free advice. 

  • Does the data you hold include basic identity information such as; name, address, ID numbers (passport, National Insurance etc.), social media details, medical information, biometric, racial, ethnic or financial data?

  • Do you use personal data for communications and/or marketing (remember that email addresses are seen as personal data)?

  • Are you a B2C provider?

Ensure that you comply and future proof your business.

Still unsure then call us anyway and we can advise you. We can also arrange for a chat and free consultation visit if needed.

Denial of Service Attack

Denial of Service (DoS) attacks aren't actually designed to steal Data. They are, however, extremely effective in denying access to a particular website. Websites are designed to service traffic requests, an attacker simply generates thousands of web requests and fires them off at the target site. The volume of requests denies service to genuine queries. A Dos attack can be effectively dealt with by programming the sites router to drop all traffic from the originator meaning the requests never actually reach the server. In response to this defence hackers developed the Distributed Denial of Service attack. The attackers code is distributed about the internet using malware. When the attack commences all infected computers send thousands of web requests to the target server. Because the traffic is coming from many more sources then filtration and thereby defence agains a DDoS attack is much more difficult.

​​​

Encryption Virus

This is one of the attacks that most people will have heard of, certainly one of the most invasive. Usually propagated via email attachment (although an un-patched internet facing server will also be vulnerable). Once infected the virus will firstly try to replicate across the local network and then proceed to encrypt data on the local drive and any other drive it has access to. 

The user sometimes gets a screen message advising the data has been encrypted with advice on methods of decryption, however there is actually no way to obtain a decryption key. Similar to ransomware but much worse in that once the data is encrypted there isn't actually a way to recover other than deletion and restore.

The attack is purely malicious.