Introduction
Due to hacker attacks, people, corporations and entire countries suffer every year. A cyberattack, in a narrow sense, is an attempt at the computer security of an information system (Kumar et al., 2021). In a broad sense, a cyberattack is considered as a search for solutions or methods, the ultimate goal of which is to gain control over a remote system in order to destabilize it (Tolani & Tolani, 2019). A cyberattack — or hacker attack — is a malicious interference in a company’s information system, hacking of websites and applications, personal accounts and devices. Its main goals are to benefit from using this data or blackmailing the owners. There are groups that hack websites, infrastructures and services; such attacks are comparable to terrorist ones. Cyberattacks can affect the information space of a computer in which information and materials of a physical or virtual device are stored. The attack usually affects a data carrier specially designed for keeping, processing and transmitting users’ personal information.
Cybercrime is a criminal activity aimed at the misuse of a computer, network, or device. Most crimes are committed by cybercriminals or hackers who make money from them. Cybercrime activities are performed by individuals or organizations. Some cybercriminals unite in organized groups, use advanced methods and have high technical qualifications; others are novice hackers. Cybercriminals rarely hack computers for reasons unrelated to making a profit, for example, for political or personal reasons (Kumar et al., 2021). The state of information security in the field of state and public security is characterized by a constant increase in complexity, an increase in scale and growth in the coordination of computer attacks on objects of critical information infrastructure. Threats of the use of information technologies in order to damage the sovereignty, territorial integrity, and political and social stability of countries around the world are also rising. This paper is devoted to the causes of cyber attacks, the types of cyber attacks that occur for each reason, and ways to prevent them.
Types of Cyber Attacks
DDoS Attacks
Distributed denial of service attacks is implemented by using several compromised computer systems as sources of attacking traffic. According to Kumar et al. (2021), in 2020, the number of DDoS attacks on American financial institutions almost doubled. These attacks are notable in that they include the first large-scale use of the Internet of Things. Internet video cameras and household routers are mainly involved in the attacks. These attacks clog systems with a large number of requests, as a result of which bandwidth is reduced, and systems become overloaded and inaccessible.
Fishing
The means of fishing fraud continue to grow every day, both quantitatively and qualitatively. Fishing attacks are based on the use of emails that can be disguised as legitimate messages from various companies. In such a fake message, attackers may offer to follow a link, download an infected file, or ask to transfer confidential user data – logins, passwords and bank card account numbers. These emails may look like messages from quite respectable sources such as trading companies or banks.
Brute-Force
Brute force attacks are a fairly simple method of penetrating the infrastructure and are guessing user accounts. Some attackers use applications and scripts as brute force tools that try many password combinations to bypass authentication processes. Such cyberattacks are usually based on weak passwords and careless network administration. If the password is weak, attackers will only need a few seconds, so the business should apply a strict password policy.
Bots
A bot is a software robot that mimics or replaces human behavior and performs simple tasks at a speed that exceeds user activity. Some bots are useful, and their actions are aimed at supporting users, but there are also malicious ones. For example, they are used to scan websites automatically, search for vulnerabilities, and perform simple cyber attacks (Al-Suwaidi et al., 2018). Such bots can cause serious damage to the web service.
Man-in-the-Middle
With this type of attack, the cybercriminal becomes the third party and passes all web traffic through them. This is a form of cyberattack in which methods are used to intercept data that allow infiltrating of an existing connection or communication process (Alhayani et al., 2021). The potential victim does not suspect anything, which leads to the fact that all the credentials for logging in to the systems end up with the attacker. After that, the information received can be used to steal corporate data or unauthorized transfers of funds.
Causes of Cyber Attacks
Numerous studies have revealed the main reasons why companies become victims of cyber attacks. For example, Alhayani et al. (2021), with reference to the survey data of Iron Mountain Incorporated. Analysts interviewed 10,000 employees of firms from ten European countries (Alhayani et al., 2021). It turned out that 35 percent of respondents use the same password on multiple platforms, 28 percent of respondents forget to close their laptop when leaving the workplace (Alhayani et al., 2021). Another 25 percent use public Wi-Fi, 19 percent keep a note with their password on the table, 12 percent of respondents said that they leave documents with sensitive data in a prominent place (Alhayani et al., 2021).
Earlier, it was reported that in the third quarter of 2020, the total number of DDoS attacks increased by almost a quarter (25 percent) compared to the same period last year (Kim et al., 2020). Kim et al. (2020) note that the number of advanced attacks, which are most often directed against a particular company, has also increased.
Information With a Special Vulnerability
The key feature of a threat the information security is its ability to destabilize the state of information and, therefore, violate its status. The threat of protected information is a set of phenomena, factors and conditions that create a danger of violating the status of information. Threat manifestations include sources of destabilizing influence on information, that is, persons or programs from which the destabilizing influence emanates. Moreover, the types and methods of destabilizing influence on information, that is, its directions and techniques, pose a threat. Violation of the status of information means violation of its physical and structural integrity (deletion and modification), accessibility and violation of confidentiality (unauthorized access, disclosure). Tolani & Tolani (2019) believe that the violation of the status of information is due to its vulnerability. It means the inability of information to independently resist destabilizing influences to maintain its status under such influences.
Poor-Quality Network Administration
Many organizations have connected or want to connect their local networks to the Internet so that their users can access Internet services easily. Since the Internet as a whole is not secure, the machines in these LAN are vulnerable to unauthorized use and external attacks. As a result, unwanted traffic occurs, or the incoming traffic is directed to unreliable internal systems. Vulnerable systems remain in the public domain, which cannot be protected from attacks from the Internet in any other way. Information such as system names, network topology, network device types, and internal user IDs are visible.
Using Utilities for Remote Access
Employees often use utilities for remote access. The number of users facing cyber-attacks using programs for remote access to devices has increased by more than 50% since the end of February 2019 (Al-Suwaidi et al., 2018). If this is allowed by internal information security policies, then in the case when an attacker uses the same tools, it will be difficult to distinguish their illegitimate use from the legitimate one.
Weak Passwords
One of the main problems an information security specialist faces when starting work at an enterprise is the use of weak or standard passwords. Password brute force is the fastest attack vector that allows getting administrative privileges (Kumar et al., 2021). It is not difficult to choose a simple combination or use password brute force dictionaries of standard compromised passwords. Thus, an attacker can gain access to the account privileges and perform actions on behalf of the user.
Ways to Prevent Cyber Attacks
Use of Effective Technical Means of Protection
It is necessary to install the centralized update and patch management systems for the software used. To properly prioritize update plans, it is necessary to take into account information about current security threats. The most effective will be the use of antivirus software built on solutions from several manufacturers at the same time. It is important that the chosen solution allows one to check of files not only in real-time. It should also automatically analyze previously verified but not detected threats when updating signature databases.
SIEM solutions will allow timely detection of malicious activity, attempts to hack the infrastructure, and the presence of an attacker and take prompt measures to neutralize threats (Al-Suwaidi et al., 2018). Automated security analysis and vulnerability detection tools should also be installed in the software. Application-level firewalls are used as a preventive measure to protect web resources.
Deep network traffic analysis systems and specialized anti-DDoS services are necessary to detect complex targeted attacks both in real-time and in stored copies of traffic. This approach will significantly reduce the time of the intruder’s covert presence in the infrastructure, and thereby minimizing the risks of leakage of important data and disruption of business systems, reducing possible financial losses from the presence of intruders.
Data Protection
It is not recommended to store sensitive information in the open or in the public domain. It is necessary to regularly create backups of systems and store them on dedicated servers separately from the network segments of working systems. Effective technical means of protection include systems that provide centralized management of updates and patches for the software used, systematized antivirus protection with an integrated environment for dynamic file monitoring, and SIEM solutions that enable timely identification and elimination of information security problems. The same protection methods category includes automated security analysis tools, firewalls that block access to applications and web resources, and systems responsible for in-depth analysis of network traffic.
In order to ensure data protection, it is necessary to avoid storing sensitive information in open access. It is also recommended to regularly create backups of systems and store such copies on dedicated servers that are separated from the network elements of the working system. If possible, it is desirable to minimize user privileges (this aspect applies to both private visitors and services). Passwords used to access different sites, as well as accounts used to log in to resources, must be different. An effective method is a use of two–factor authentication in all possible zones.
Using Complex Passwords
Applying a password policy that provides strict requirements for the minimum length and complexity of passwords is necessary. It is also recommended to limit the period of use of passwords: to no more than 90 days for one password (Al-Suwaidi et al., 2018). Changing standard passwords to new ones that meet the strict password policy will also contribute to ensuring security against cyber attacks. The optimal password policy is one that excludes the fact of using simple and shortcodes, minimal in length. It is better to abandon standard combinations when creating passwords in favor of new ones which are original and more reliable.
System Security Control
System security control measures include timely updating of the software used as patches are released, checking staff awareness and increasing their competence in information security issues. It is also important to monitor the appearance of potentially dangerous resources in the network perimeter zone, systematically inventory resources that differ in availability for Internet connection, and analyze their security. Vulnerabilities should be eliminated in the software used. The effectiveness is proved by filtering traffic, conducting tests for penetration into the internal infrastructure, as well as tracking the number of requests to the resource for a certain, short period of time.
It is necessary to update the software used in a timely manner as patches are released. It is also recommended to check and raise awareness of employees in matters of information security. Monitoring the appearance of unsafe resources on the perimeter of the network and regularly taking inventory of resources available for connection from the Internet will reduce the likelihood of a cyber attack. It is necessary to analyze the security of such resources and eliminate vulnerabilities in the software used. It is a good practice to constantly monitor publications about new vulnerabilities: this allows us to quickly identify such vulnerabilities in the company’s resources and eliminate them in a timely manner. To neutralize typical attack scenarios (for example, TCP and UDP flooding or multiple database requests), it is necessary to monitor the number of requests to resources per second and manually configure the configuration of servers and network devices.
Customer Safety
It is necessary to raise the awareness of customers in matters of information security. Regular reminders to customers about the rules of safe work on the Internet, explanations of methods of attacks and ways to protect against them will help to protect both them and the company. Customers should be warned against entering credentials on suspicious web resources and, even more so, from communicating such information to anyone by email or during a telephone conversation. They also need to be aware of the procedure for dealing with suspected fraud and notified about events related to information security. The clientele should be warned that entering credentials on suspicious sites is dangerous, as well as providing relevant information by phone or e-mail.
The vendor’s product protection consists of applying the same protection measures recommended to ensure the organization’s security. The implementation of security processes throughout the software development cycle and regular security analysis of software and web applications, including source code analysis, will also be effective (Al-Suwaidi et al., 2018). The latest versions of web servers and DBMS should be used and the use of libraries and frameworks that have known vulnerabilities should be abandoned. It is dangerous to save on security: it is recommended to use only licensed software, effective anti-virus protection on all devices and timely update the software used as patches are released. The most important files need to be stored not only on the computer’s hard drive but also on removable media, external hard drives, or in cloud storage.
Simple passwords should not be used; it is recommended to give preference to complex ones consisting of insignificant combinations of letters, numbers and signs, at least 8 characters long. To create and store passwords, one can utilize a password manager, which is a secure repository with functions for generating new passwords. It is necessary to change all passwords at least once every six months, and preferably every two or three months (Kumar et al., 2021). Moreover, one cannot use the same password for different systems, for example, for websites and email.
Conclusion
Nowadays, the risks of cyber attacks on organizations have increased due to the massive transition to remote. Hacking employees’ home computers has become an important component of such incidents. Attackers are trying to find vulnerabilities in remote work software used by organizations. In particular, the number of attacks on VPN services through which employees use corporate programs is growing. The main types of threats to companies have remained the same: these are various types of phishing, ransomware attacks, as well as denial of service or DDoS attacks, in which the operation of the infrastructure is blocked by a large number of incoming requests. In addition to the increase in intensity, the hackers began using many previously little-used attack vectors.
To some extent, protective measures have to be applied even by the smallest organization. At the same time, it is important not only to know the procedure for eliminating the damage already committed by cybercriminals but also to draw up a plan to counter cyber attacks in advance. Preventive measures are the most reliable way to counter cyber threats. To date, there are many opportunities to ensure sufficient information security in the IT environment. To do this, it is enough for companies to find experts in the field of information security and use solutions that are suitable for this particular company. In the following years, cybercriminals will actively promote crime as a service. It should be recognized that the development of artificial intelligence in the global information space opens up new opportunities for the world’s leading corporations and criminals. In this regard, increased requirements will be imposed on new cyber defense tools in the upcoming years.
References
Al-Suwaidi, N., Nobanee, H., & Jabeen, F. (2018). Estimating causes of cybercrime: evidence from panel data FGLS estimator. International Journal of Cyber Criminology, 12(2), 392-407.
Alhayani, B., Abbas, S. T., Khutar, D. Z., & Mohammed, H. J. (2021). Best ways for computation intelligent to face cyber attacks. Materials Today: Proceedings, 6(7), 1-5.
Kim, S., Heo, G., Zio, E., Shin, J., & Song, J. G. (2020). Cyber attack taxonomy for the digital environment in nuclear power plants. Nuclear Engineering and Technology, 52(5), 995-1001.
Kumar, P., Gupta, G. P., & Tripathi, R. (2021). Toward the design of an intelligent cyber attack detection system using hybrid feature-reduced approach for IOT networks. Arabian Journal for Science and Engineering, 46(11), 3749-3778.
Tolani, M. G., & Tolani, H. G. (2019). Use of artificial intelligence in cyber defense. International Research Journal of Engineering and Technology, 6(7), 3084-3087.