There’s no doubt that small businesses are under attack from hackers and cyber-criminals. Typically, small companies have less secure networks and looser security standards, making them easy targets.
The latest Threat Report from McAfee Labs details the types of attacks against small businesses. The chart shows the most common network attacks detected in Q1 2015.
Denial of service attacks – 37%
A denial of service (DOS) attack attempts to make a resource, such as a web server, unavailable to users. These attacks are very common, accounting for more than one-third of all network attacks reviewed in the report.
A common approach is to overload the resource with illegitimate requests for service. The resource cannot process the flood of requests and either slows or crashes.
Distributed denial of service (DDoS) attacks are popular today. This approach distributes the task to a number of computers.
Brute force – 25%
Some attacks look for a back way in, but a brute force attack tries to kick down the front door. It’s a trial-and-error attempt to guess a system’s password.
One in four network attacks is a brute-force attempt. Automated software is often used to guess hundreds or thousands of password combinations. There are many ways to defend against brute force attacks, but the simplest is to lock accounts after a number of failed login attempts.
Browser attacks – 9%
Browser-based attacks target end users who are browsing the Internet. The attacks may encourage them to download malware disguised as a fake software update or application.
One of the best ways to avoid browser-based network attacks is to regularly update web browsers and browser-related services such as Java and Flash. This helps ensure newly discovered security vulnerabilities are patched before they can be exploited.
SSL attacks – 6%
SSL attacks aim to intercept data that is sent over an encrypted connection. A successful attack enables access to the unencrypted information. SSL attacks were more popular in late 2014, but they remain prominent today, accounting for 6% of all network attacks analyzed.
Shellshock attacks – 7%
“Shellshock” refers to vulnerabilities found in Bash, a common command-line shell for Linux and Unix systems.
Backdoor attacks – 2%
A backdoor is a type of attack that bypasses normal authentication to allow remote access at will. Backdoors can be present in software by design. They can also be enabled by other programs or created by altering an existing program. Backdoors are less common and often used as part of targeted attacks.
Botnet attacks – 2%
A botnet is a group of hijacked computers that are controlled remotely by one or more malicious actors. Millions of computers can be caught in a botnet’s snare. The European Cybercrime Unit recently announced takedown of the Ramnit botnet, which infected more than 3.2 million Windows PCs.