An Expert’s Guide to Recognising & Responding to A Cyber-Attack
Published on 17/07/2024
Cyber-attacks happen when you least expect them. Are you prepared for when they happen?
There are different types of cyber-attack, each with their own complexities and motivations. This blog provides guidance from SES Secure’s Senior Tester, Paul Fox, on how to identify and respond to a cyber-attack.
Cyber-attacks commonly fall under the following categories:
This type of attack is very common and can cause a person or organisation to face financial loss and/or damage to their reputation.
Phishing and Social Engineering attacks aim to manipulate a person’s trust. They usually involve the use of fraudulent calls or emails that have been designed to trick a recipient into providing sensitive information. Such information may include usernames, passwords, credit card details, or other personal details which can be used against the person/company.
Unsolicited Emails
If you receive an email from a suspicious or unknown source, ensure not to click on any links or attachments within the email. Additionally, if this type of email is received from a known source, verify the authenticity of the email by speaking to the sender in person or via phone.
Suspicious Calls
Never provide personal information when responding to an unsolicited call. Check the authenticity of the call by contacting an official phone number for the company that the caller claims to represent.
Be Aware of Social Engineering Tactics
In many cases, attackers often use psychological tactics to trick victims into handing over sensitive information. This often involves putting pressure on the victim and encouraging them to believe there is a time limit.
Attackers are likely to imply that an unfavourable outcome may happen if the information is not provided. They may also suggest that it would be of benefit to the victim to provide the requested information.
Padlock
Be aware if you see the symbol of a padlock showing an insecure connection after clicking on a website link. This means that it is likely that you are on an unsecure website.
Use Two Factor Authentication
If information such as passwords are provided to an attacker, with two factor authentication, there is still a level of protection. This helps with preventing the attacker from gaining access to your information.
In terms of what this attack is, it’s somewhat in the name. A spear phishing attack is similar to traditional phishing, but is more targeted and personalised.
Spear Phishing attackers may gather and use personal information with the intention of coming across as authentic and trustworthy. Such information may include the name of the recipient, names of colleagues, names of friends, job titles, and personal details. Attackers often impersonate someone who their target knows or trusts.
Suspicious Behaviour
With spear phishing being similar to traditional phishing, the methods of identifying suspicious behaviour and using multi factor authentication should be considered and applied.
Company Training
Ensuring that employees attend Cybersecurity training will equip them with a better ability to pick up on spear phishing tactics, including those that involve impersonation.
Be Aware of What You Post
Many attackers can gain personal information on you and your network through looking at what you’ve posted online. With this in mind, be aware of what you put out there, as it can be used against you and implemented into an attacker’s approach.
Remain Vigilant
Spear phishing attacks are more sophisticated and targeted than regular phishing attacks. This makes them harder to identify. Be wary of any unexpected or unusual requests from what seems to be a trusted source. Verify the authenticity of the request by directly speaking to the sender by phone or in person.
Credential stuffing involves using automated systems to obtain multiple username and password combinations with the aim of gaining unauthorised access to user accounts.
This type of attack usually involves attackers capitalising on data breaches.
Immediately change your password
It’s crucial that you change your login details as soon as you recognise that an attack has happened.
Use different passwords for different accounts
It’s common for people to use the same login details for different accounts. However, this increases the ability of an attacker to access multiple accounts.
Use Two Factor Authentication
As mentioned above, if a person’s details are obtained by an attacker, with two factor authentication, there is still a level of protection.
Malware/Ransomware
Malware refers to software designed to be malicious. Malware is usually designed to steal data, monitor the user's activity without their permission, delete data or encrypt data.
Ransomware is a specific type of malware which encrypts data and demands payment for the decryption.
Use Two Factor Authentication
If a password is compromised by malware, having two factor authentication provides an additional layer of protection to prevent access.
Email Safety
Links or attachments within emails can contain malware which can infect your computer. Be aware of suspicious emails containing links or attachments.
Avoid suspicious websites
Visiting and downloading content from suspicious websites can lead to malware infecting your computer.
A Man-In-The-Middle (MITM) attack involves the interception, alteration, and the relay of information. In this type of attack, the attacker may have the aim of stealing sensitive information such as login credentials, credit card numbers, or personal information.
Always use a Secure Wi-Fi connection
Unsecure Wi-Fi connections can provide an ideal environment for attackers to carry out an attack. Therefore, when connecting to Wi-Fi, ensure that the connection is secure.
Ensure you are using encrypted communications (HTTPS, VPNs)
Encrypted communications are essential for protecting sensitive information from cyber threats and unauthorised access.
Be cautious of emails containing suspicious or strange requests
Be aware of such emails, including those from trusted sources. To verify the requests, directly call the sender.
Be Aware of How You Pass Sensitive Information
Use encrypted connections, or pass information using multiple communication methods.
Despite remaining aware and vigilant, cyber-attacks can still happen. If this happens, here’s some guidance from SES Secure’s Senior Tester, Paul Fox:
Don’t Panic
Cyber-attacks can be scary, but it’s important to stay calm and take appropriate action.
Disconnect From the Internet/Network and Scan Your Device
If you’ve clicked on a suspicious link or downloaded an attachment, disconnect your computer from the network and internet to isolate the device.
Change Your Passwords
If you've entered your login credentials on a fake website, change your password immediately for that account and any other accounts that use the same login information.
Run an Antivirus Scan
Running a full Antivirus scan of the whole system will help to identify threats from viruses and programs.
Report the Attack
Report the attack to your IT department or security team to investigate.
Monitor Accounts
Following a cyber-attack, it’s important for you to monitor all your accounts for suspicious activity.
Educate Yourself
Unfortunately, most people will experience some kind of cyber-attack in their lifetime. When a cyber-attack happens, learn from this experience, and educate yourself on spotting attacks in the future.
If you have any further questions on the content of this blog, or on any of the services that we provide, please don’t hesitate with getting in touch. The SES Secure team are always at hand to provide guidance and support.