Introduction

In an age where digital security is crucial, understanding how cyber attacks operate is essential for protecting personal and corporate data. Here are five common cyber attacks explained, along with strategies to safeguard against them.

1. Remote Code Execution (RCE) and Ransomware

Remote Code Execution or RCE is a type of cyberattack allowing hackers to remotely execute malicious code on a victim's device. This usually targets out-of-date systems with known vulnerabilities. With RCE, attackers can deliver a payload in various ways, including websites, email, networks, and even USB ports. As an example, in 2017 the notorious WannaCry ransomware quickly impacted more than 200.000 computers with outdated Windows operating systems across 150 countries, exploiting a Windows vulnerability to gain access, encrypt all files and demanding a Bitcoin ransom for their release. Keeping your software and operating system updated is the simplest yet effective way to prevent such attacks.


2. 'Rubber Ducky' and BadUSB attacks

Devices like USB sticks can be disguised as harmless storage devices, but can be programmed to act as other USB devices, such as keyboards, that can input malicious commands within seconds. These attacks, referred to as ‘BadUSB’ attacks, only require a couple seconds of physical access to an unlocked device and to bypass traditional security measures. The best defense is to always lock your devices when unattended, use automatic screen-lock in cases you might forget it, and maintain a cautious approach towards unknown USB devices.


3. Man-in-the-Middle attacks (MitM)

Most websites use HTTPS these days, which is designed to secure your connection to any website. But due to bad configuration or improper enforcement by the browser, MitM attacks still occur.

When a hacker intercepts insecure communication between two parties, it’s possible to steal credentials, manipulate data, or inject malicious code. This can happen on any network, not only the insecure ones, where the hacker managed to gain access. Modern, up-to-date browsers contain many features to protect users from this behavior, so it’s essential to use an up-to-date browser to keep your connections safe. No VPN needed!


4. Data scraping from unencrypted devices

An attacker can physically remove a hard drive from a lost or stolen device to access unencrypted data. This is particularly easy if the device is left in public places like conferences or cars. Encrypting your storage drives through built-in settings like "Bitlocker" on Windows or "FileVault" on macOS ensures that your data remains secure, even if the hardware is compromised or stolen.


5. Password attacks

One of the most straightforward forms of cyberattacks is through password exploitation, which can be obtained from data breaches. For instance, major services like Hotmail and LinkedIn have experienced breaches where millions of passwords were leaked and sold online. Attackers can use these passwords across various platforms to gain unauthorized access. The solution? Use unique, complex passwords for different accounts and check if your email has been compromised on https://haveibeenpwned.com.


Key takeaways

By understanding the common cyber threats and implementing robust security measures, you can significantly enhance your digital safety and protect your sensitive information. Most essential measures for organizations to protect devices are:

  1. Keeping all software and devices up to date to patch vulnerabilities that could be exploited.
  2. Encrypting your data to protect it from unauthorized access, even if your device is compromised.
  3. Using a password manager to generate and store strong, unique passwords for each account.
  4. Always locking your device when it is unattended to prevent unauthorized physical access.