As technology improves and more people gain access to the internet, cyber attacks on businesses are unfortunately becoming more and more frequent.
Criminals use sophisticated techniques to compromise systems in order to gain access to vulnerable files that allow them to leverage valuable assets and essentially hold companies to ransom. In this article we will outline a few common techniques that criminals use to attack businesses, as well as what you can do to try and avoid becoming a victim..
Denial of Service (DoS/DDoS) attack
This sort of attack is relatively simple to perform from the criminals point of view. Most DDoS attacks are performed using a computer or computers that have been in some way compromised with malware. A denial of service attack subjects the target website with a massive amount of Internet traffic. Which in turn causes the server that hosts the website to become overwhelmed and crash.
These attacks can be prevented by:
- Rate limiting your web server's router, this is something that your hosting company will be able to do for you.
- Set aggressive timeouts on connections. Again this is very straightforward and your hosting provider should be able to do this.
- Using firewalls with Denial of Service protection, If you work with a decent hosting company they will be able to do this, aside from that they are various companies that offer these firewalls as stand alone products.
SQL Injection attack
SQL Injection attacks are by far the most common hacking technique used by criminals looking to exploit a website. Most modern websites use Structured Query Language (SQL) in order to interact with their databases. SQL allows a website to create, manage, and delete database records. It is used for virtually every task, from user logins, data storage and e Commerce transactions. So a you can imagine it's rather vital.
An SQL injection attack is performed by placing SQL onto a websites contact form in order to get the web application to attempt to run it. Criminals will sometimes use software and automated tools in order to perform SQL injections on scale. These tools allow them to scan thousands of websites at a time, attempting to perform hundreds of attacks until they are eventually successful.
Structured Query Language injection attacks can be prevented by correctly managing and filtering user input i.e specify what people can or can't input into your forms. Most programming languages have functions that are designed to safely handle user input, this is likely something that the company that manages your website will be able to implement and manage for you.
Cross Site Scripting (XSS) attack
Cross Site Scripting attacks are hard to protect against, this is because they are mainly caused by someone clicking on a link that contains malicious Javascript, often embedded in a web form or social media site. Once the link has been clicked the users computer becomes infected with malware and this can allow the hacker to steal personal information, change settings and alter web sessions.
Some of the biggest businesses in the world have be attacked in this way, with successful XSS attacks having been conducted on both Microsoft and Google.
Educating your employees to the threats of this sort of attack is the best way to protect your business against it. And if all else fails, employ common sense.
