Website Cyber Attacks: 59% Hacked Within Past 2 Years
According to The Tech, 59% of website cyber-attacks within the past two (2) years are from phishing attacks. 59% of total attacked companies were the victim of phishing attempts, 51% reported malware infections while other 49% said they have received a denial of service. Other attack types were recorded as well including SQL Injection (think code injections that are used to attack data-driven applications), etc.
As nearly half of the companies attacked were victims of phishing attempts, it is extremely important to educate your staff to recognize phishing attacks to safeguard your company data. We have conveniently listed phisher methods to spot for:
- Phishing scam type 1. A message that includes a malicious link or malicious attachment. The message will try to convince the victim to click on the link or open the attachment, thereby infecting their system with a Trojan capable of stealing additional information and granting an attacker backdoor access into the system. Having a SPAM filter, web-blocker or ad-blocker will help block some of these attacks. Malicious attachments can be almost any file type including Microsoft Office documents or Adobe PDF files. To be certain that these emails are legitimate, check the domain name.
- Phishing scam 2: credential phishing. An attacker attempts to get a user to divulge login or other sensitive information. Credential phishing can use fraudulent websites designed to look like webmail or other account logins. They can also simply request that users reply to an email with the requested information. Additionally, attackers might even use text messages or phone calls to attempt to get account or other sensitive information from users. Before clicking anything, perform research of the company or the individual through your web browser.
- Phishing scam 3: impersonating co-worker or close person. Scammers would impersonate as someone in your company and may even spoof the email so it looks exactly like the domain name. If the email looks suspicious, check the message headers of the email and see where the email is coming and/or contact your IT.
- Domain names that look legit but use similar looking letters. One example on Wikipedia: a person frequenting Citibank.com may be lured to click a link in which the Latin C is replaced with a Cyrillic С.
- Embedded images in emails. Even though viewing the phishing email alone is generally not enough to infect a system or compromise information, loading images embedded in emails can give attackers or advertisers information about whether the email address is legitimate, and whether you received and viewed an email. Best practices recommend that you do not load images embedded in emails from untrusted sources.
- Executable files inside a zip as a PDF or Office document.
- Macros in a specific document.
In addition to practicing the proper security tips, by choosing to host your website with Saalex Information Technology, LLC (SaalexIT) can add an extra layer of security and prevent cyber-attacks on your websites with the following services:
- Patch Management. This is an area of systems management that involves acquiring, testing, and installing appropriate patches to administered systems. Keeping your patches up-to-date will prevent attackers from breaching the vulnerabilities that hackers are trying to exploit.
- Firmware updates on network devices. Firmware is a type of software that provides control, monitoring and data manipulation of engineered products and systems. Keeping firmware up-to-date will also prevent attackers from breaching vulnerabilities.
- Firewall / Security Management. Prevent unauthorized visitors from accessing your resources.
- Monitoring and Auditing Logs. We will monitor activity on network such as on your website(s) or server(s) and check for suspicious behavior.
- Closing up your network ports as needed. The more ports your servers have open, the easier it is for attackers to connect to that server. In addition, the types of ports your server has open can give away a lot of information about it. One of the first things an attacker will do is monitor your network traffic to try to see which ports are in use. An important security implementation is to restrict which traffic is allowed into your network by allowing only traffic through certain ports on your firewall.
Don’t be a victim to cyberattacks!
Saalex Information Technology (SaalexIT) is a Managed Services Provider that can help protect your organization. Contact us at (800) 584-6844 or check out our website for a full list of our offered services.