The managers of SMEs and VSEs too often perceive the issue of cybersecurity as a technical and IT subject. The human factor is at the heart of almost all cyberattacks.
Ransomware is software that takes your data hostage and paralyzes your system while waiting for a ransom, most often in cryptocurrency.
Often attackers threaten to disclose certain personal data publicly. Attackers seek to create a sense of urgency and panic by issuing an injunction and sometimes a ransom that increases over time.
Intrusion Into Your Information System (IS)
In this attack, the attackers manage to break into your IS to alter its operation or steal data to resell it. In the first case, we are faced with a desire for destabilization or sabotage. In the second, it is more akin to espionage or theft.
Most of the time, a human error is at the origin of this intrusion which occurs via an email containing an attachment, a visit to a corrupted site, or a connection from an unsecured public network.
Account takeover is taking control of an account from its owner. From then on, the attackers can access all the functionalities and information this account is entitled to. It can be an email account or social networks but also access to an intranet or management tools.
Most often, the attackers only had to force a password that was too simple or send a phishing email asking you to enter your password. Sometimes, they may use spyware capable of recording letters typed on a keyboard.
Historically, it was about taking a person’s identity to carry out fraudulent actions. Today, criminals prefer to impersonate companies to trick their customers, place large orders or take out loans.
To do this, they do not hesitate to recreate a complete digital identity with email addresses and mirror sites similar to their victims. Some falsify purchase orders and invoices and even go so far as to register with the commercial register.
Phishing, or Phishing in English, is not an attack but rather a way to prepare for future attacks such as account hacking, intrusion, or even Ransomware.
This involves pretending in an email to be a reliable and trustworthy source to deceive the victims and thus obtain confidential information, such as access codes, or encourage them to act: click on a malicious site, open an attachment, install software, enter a form, etc.
Denial of Service Attack or DDOS Attack
A denial of service attack aims to make an online site or service unavailable by saturating bandwidth or mobilizing system resources. This artificial peak in stress considerably slows down the operation. It can go as far as causing a breakdown and, therefore, a system shutdown with the consequences that can be imagined in the case of a merchant site, for example.
It also happens that this type of attack serves as a diversion for intrusions or data theft.
Wire transfer fraud is a variant of identity theft that often uses the technique of Phishing. It consists of contacting an accounting department employee and obtaining from him that he “voluntarily” makes a transfer.
To do this, the attackers can pretend to be a supplier awaiting payment whose bank details have changed. Some even go so far as to pretend to be employees who have changed banks and thus have their wages paid. It can sometimes take several months before the company realizes the deception.
A variant of this type of attack consists of contacting the accounting department, pretending to be the manager or one of his representatives, and asking to execute transfers to accounts abroad urgently. The scenarios have often been very carefully studied to make them believable and create a sense of urgency.
Disfiguration is a deliberately very visible and sometimes publicized attack that aims to damage the image and credibility of a company by modifying the appearance and content of its website or its accounts on the networks. Most often, the motivations are political or ideological. However, it is not uncommon for this type of attack to be identified as former employees acting out of revenge or on behalf of competitors.