Shielding Against Phishing and DoS Attacks

Suppose you're fishing. You throw your line into the water, hoping for a bite from a fish. Now, take this image and put it on the internet. Instead of fish, there are unknowing humans. In place of bait, there are fake emails or communications attempting to trick individuals.  

The term "phishing" refers to an attempt to steal sensitive information, generally in the form of usernames, passwords, credit card numbers, bank account information, or other significant data, in order to use or sell the obtained data. An attacker draws in the victim by imitating an authoritative source with an attractive request, similar to how a fisherman uses bait to catch a fish.

Phishing attacks come in various forms, but they can primarily be categorized into two main approaches:

General Phishing Attacks

These attacks aim for a broad audience, hoping that even if a small number of people fall for the bait, it'll be a win for the attacker.

Example: An attacker sends out an email to many employees, pretending to be from the IT department. The email asks everyone to complete an online IT security training. But, when an employee tries to do the training, they're tricked into giving their login details to the attacker. While this method might hook a few people, it also risks alerting the real IT team about the suspicious activity.

Spear Phishing Attacks

These are more precise attacks, focusing on specific individuals or groups. The attacker often spends time researching and getting to know their target to make their trap more convincing.

Example: Imagine there's a special project happening in a company. An attacker, knowing about this project, sends an email to the team involved. The email might have a title like "Notes from our recent meeting" and come from a fake address of someone the team trusts. Since the email seems real and relevant, team members might open any attachments without thinking. This way, the attacker gets deep inside the organization, sometimes even reaching high-level officials with access to critical information. The goal here is usually to steal specific data or get deep access to the company's network.

You may ask about the best ways to guard yourself against phishing schemes. Essential considerations to keep in mind when navigating emails and online communications can make all the difference between staying secure and becoming a victim. Here are some crucial steps to ensure your online safety:

• Check the sender's email address: Phishing scammers frequently disguise their emails by making them look to be from a reputable organization or someone you know. While the name may appear to be recognizable, the email address may contain unusual characters, misspellings, or unknown domains. Examine the email address carefully, especially if the message content appears odd or unexpected.
• Avoid clicking on unknown links: Cybercriminals are skilled at embedding malicious links in emails that can lead to phishing sites or download malware onto your device. If an email contains a link you weren't expecting or seems out of context, it's best to avoid clicking on it. For added security, manually enter the website's address into your browser rather than clicking on a link to ensure you're visiting a legitimate site.
• Look for spelling mistakes: For phishing scammers, attention to detail is frequently a weakness. Many phishing emails contain grammar mistakes, typos, or strange sentence patterns. While everyone makes mistakes occasionally, an abundance of typos in an email, especially one claiming to be from a professional organization, could indicate a scam. Always examine texts cautiously and be wary of anything that seems "off."

Denial of Service (DoS) attacks stand out in the vast world of cyber threats as especially disruptive operations meant to destroy systems, rendering them inaccessible for authorized users. But how do they function, and why are they that powerful?

The term "denial of service" refers to the ultimate goal of a type of cyber attack that aims to make a service unavailable. The most well-known DoS attacks are those launched against high-profile websites, as these are regularly announced in the media. Denial of service attacks can occur on any kind of system, including industrial control systems that support essential activities.

The visible effect of a DoS attack on a website depends on your point of view. The site appears to have simply stopped providing content to the ordinary user. For businesses, this could imply that the web services on which they rely have stopped responding. A DoS attack on industrial control systems may cause the inability to retrieve sensor data or control crucial processes.

Distributed Denial of Service (DDoS)

DoS attacks form a substantial danger to internet services and websites, frequently lasting for extended periods of time and occasionally targeting numerous sites or systems at the same time. A Distributed Denial of Service (DDoS) attack occurs when attackers use many hacked machines to magnify their attack. This multi-vector method allows for a significantly greater volume of malicious traffic, effectively overloading the target. Furthermore, DDoS attacks make identifying the original attackers more difficult because their attack originates from multiple sites, hiding the real origin and making preventative measures more difficult. Such attacks primarily target websites, taking advantage of their vulnerabilities and the significant harm potential they provide.

A Common DoS Attack

DoS events are often brought about by a service's underlying systems being overloaded. To demonstrate how overload-based DoS assaults work, consider a shopping website you frequent is under attack.

Ordinarily, when you visit an online shopping site, your requests pass through your Internet Service Provider's network, through one or more exchanges, and out onto other providers' networks. Your clicks are then sent through the shopping site's hosting service and subsequently to the site's own infrastructure.

A number of servers inside the shopping site will each handle a little portion of the work required to build the page you view. Database servers offer listings of products, application servers analyze that product information and web servers construct the pages you are browsing.

However, each server, like a human, can only accomplish so much work in a given time frame. As a result, if too many users request pages from the shopping site at the same time, the site's infrastructure or servers may be unable to handle all of the requests in a timely manner. Depending on how the shopping site is configured, this may prevent some or all users from visiting the site. To put it another way, they are denied access to the service.

Avoiding DoS

While there is no way to totally prevent being a target of a DoS or DDoS assault, administrators can take proactive efforts to mitigate the effects of an attack on their network.

• Enroll in a DoS protection service that identifies and redirects aberrant traffic flows away from your network. DoS traffic is screened out, and only clean traffic is routed through your network.
• Make a disaster recovery plan to enable effective communication, mitigation, and recovery in the case of an attack.

For more valuable insights on phishing attacks and DoS attacks, make sure to immerse yourself in our Introduction to Cybersecurity Online Training.