With all the talk about cyber-attacks and data breaches, GDPR and more, it can get even more confusing when people throw around words like Phishing and Malware. We’re here to help and will detail the difference between the types of data breaches.
A data breach is a security incident in which sensitive, protected and confidential data is either copied, viewed, stolen, transmitted or used by an individual unauthorized to do so. The majority of data breaches are where valuable data such as files, documents and other sensitive information are exposed or are threatened to be exposed.
Below are five different types of malware that could lead to data breaches, including their definitions.
Malware is a software which is designed to damage, disrupt or gain authorisation access to a computer system. Examples of Malware are:
- The Trojan
Viruses attach themselves to an existing program and either replicate themselves when the program is run or modify a program in some way. There are over 1 million viruses in existence which makes it hard to tackle them on an individual basis.
Trojan is one of the most dangerous types of Malware. It can deceive users of its real intent and can disguise itself as a legitimate piece of software. Trojan can then be activated by cyber-criminals to gain entrance to a computer and steal sensitive data.
A computer Worm is an independent, self-contained computer program that can replicate itself to spread to other files on a computer system or other computers within the same network.
Adware is the most common type of Malware, it downloads and displays adverts that redirect the user to the websites of the advertiser.
The malware which is hardest to detect is Rootkit, in addition to gaining privileged access to the compromised device, rootkit malware conceals its activities within the computer
Password attacks are an attempt to obtain a user’s password for illegal use. This can be through three different means:
- Cracking programs
- Dictionary attacks
- Password sniffers
Cracking programs is the process of gaining passwords from the data that is stored within the computer system or through the data transmitted by a computer system.
Dictionary attacks is the process of gaining access to a computer system by using a very large set of words to generate potential passwords.
Password sniffers is a program that scans and records passwords that are used or broadcasted on a computer. Password sniffers listen to all incoming and outgoing network traffic in order to obtain the password.
Ransomware is software designed to block access to a computer system until a sum of money is paid. There are two main types of Ransomware:
- Locker Ransomware
- Crypto Ransomware
Locker Ransomware is where the whole computer or device is locked down where as Crypto Ransomware is where the program prevents access to files or data, using encryption.
Phishing is where a perpetrator sends fraudulent emails saying they are from respectable companies to convince individuals to reveal personal information such as passwords or credit card details.
A Denial-of-service attack is a malicious interruption to services such as those offered by a website, WAN link, or web server.
As you can see there are many types of malware, so its important to stay vigilant and be aware if you think you are being attacked. Read one of our previous blogs “What You Should do if You Suspect a Data Breach” to see what steps you should take if you suspect malware is present.
Another step to better prepare for data breaches is achieving the UK Government recognised Cyber Essentials Certification, which is an accreditation that allows businesses to demonstrate to their customers, suppliers, investors and insurers that they have implemented essential security controls to manage their cyber risk. Cyber Essentials can reduce businesses risk of attack up to 80% and is available through Capital Network Solutions: the UK’s leading Cyber Essentials certification body.
If you suspect a data breach or would like to get accredited with Cyber Essentials, contact us on 0345 305 4118