Prepare for These Three Cyberattack Vectors

Cybercriminals are always looking for new ways to undermine your cybersecurity. To be successful, these attackers rely on your ignorance of common cyberattacks. This article will give you a high-level overview of three routine attack vectors that anyone who uses the internet can fall prey to.

DDoS

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. For example, a website can only serve its pages to a limited number of visitors at any given time. If there are more visitors than the website can serve pages to, then some visitors won’t be able to get into the website. A DDoS attack can send “fake” visitors to a website, preventing legitimate traffic from getting access.

You may recall that in the fall of 2016, a series of DDoS attacks caused widespread disruption of legitimate internet activity. Because the attacks targeted the Domain Name System (DNS) that ensures information requests on the internet are delivered to the right address, a lot of normal activities such as online shopping, social media interaction, and listening to music, were not possible for periods of time. This DDoS attack made it hard for some major websites to work properly, including Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, and the Playstation network. The DDoS attacks were made possible by the large number of unsecured internet-connected digital devices, such as home routers and surveillance cameras that were vulnerable and compromised.

Here are some quick facts about DDoS attacks:

  • As per TrendMicro Research, $150 can buy a week-long DDoS attack on the black market.
  • As per ATLAS Threat Report, more than 22000 daily DDoS Attacks are observed world-wide by Arbor Networks.
  • As per Verisign/Merril Research, 1/3 of all downtime incidents are attributed to DDoS attacks.

Data Breach

A data breach occurs when a cybercriminal successfully infiltrates a data source and extracts sensitive information. This can be done physically by accessing a computer or network to steal local files, or by bypassing network security remotely. The latter is often the method used to target companies. Data breaches are often one of the worst types of consequences to being compromised.

Here are some examples of the most popular data breaches that have occurred over the past several years.

Target

40 Million records lost including:

  • Customer names
  • Credit and debit card numbers
  • Card expiration dates
  • PIN numbers on the back of credit cards used at Target

Equifax

147 Million records lost including:

  • Names
  • Social Security numbers
  • Birth dates
  • Driver’s license information

Anthem Inc

80 Million records lost including:

  • Names
  • Social Security numbers
  • Birth dates
  • Email addresses
  • Employment information

Ashley Madison

37 Million records lost including:

  • Debit/Credit Cards
  • Users identities
  • 23GB of data on the Deep Web

Sonic Drive-In

  • Up to 5 million credit card numbers stolen
  • Attack surface/vector unknown
  • Credit Cards ended up for sale on dark web

Facebook

  • 87 million users affected
  • User names
  • Phone numbers
  • Email addresses
  • Info used to build psychological profiles

Phishing

Phishing is a method of trying to gather personal information using deceptive e-mails and websites. For example, an attacker may create an email that replicates a well-known institution’s email template, like a bank. That email may tell recipients that they need to reset their passwords by clicking a link. The recipient may click the link and be sent to a website that may look like the bank’s website but is actually a site that the attacker controls. If the recipient enters their login information, then they are effectively giving the attack access to their sensitive information. Even if the recipient fails to enter their information, just visiting the site may expose their computer to malware. The reason these types of attacks are on the rise is because they’re extremely profitable for perpetrators.

Here are some quick facts about phishing attacks:

  • The average cost of a phishing attack for mid-size companies is $1.6 million
  • 30% of phishing messages get opened by targeted users and 12% of those users click on the malicious attachment or link
  • 95% of all attacks on enterprise networks are the result of successful spear phishing
  • Nearly 1.5 million new phishing sites are created each month

Ingram Micro Offers Best-in-Class Cybersecurity

When cybercriminals strike, IT resellers and end users need a trusted source to turn to for guidance and leadership. Ingram Micro is the leader in the security space and has a security practice that is the best in the business. With our market leading portfolio, dedicated resources, and our Professional & Training Services – we have the right solutions and services to help our partners to reach trusted security advisor status. And with National Cyber Security Awareness Month in full swing, there is no better time for IT resellers to discuss security solutions with their customers.

Did you know that over 11,000 U.S. solution providers purchased security technologies from us in 2016, and that it is one of the highest growing categories in the business? This provides IT resellers with a great opportunity to drive security sales, retire cloud quotas, and attach Expert Services including:  penetrations tests, wireless network assessments, and ransomware preparedness tests.

Additional resources and collateral around our award-winning security practice can be found here:

https://us-new.ingrammicro.com/c/solution-security-services-home.aspx

http://www.ingrammicroadvisor.com/security

Contact us today to secure your personal and company information.