Check out part 1, where we shed light on phishing/smishing attacks, ransomware, man-in-the-middle schemes and SQL injections. Let’s dive into four other prevalent attacks and how you can prevent risk.

1. Denial-of-Service- A DoS attack is a type of cyberattack where the attacker aims to render a machine or network inaccessible to its intended users by flooding the targeted machine with requests until normal traffic cannot be processed. This, in turn, results in denial of service to intended users.
   
   Prevention Tip: To protect against DoS attacks, many companies have benefited from establishing firewalls and installing and maintaining antivirus software. Additionally, you can utilize an intrusion detection system to monitor, analyze and manage unwanted traffic.
   
   
2. DNS Spoofing- In a Domain Name System (DNS) spoof, a hacker manipulates known vulnerabilities in the system in order to direct a user to a malicious website that closely resembles the user’s intended destination. Since the fake site looks real, hackers are often able to use them to trick users into sharing sensitive information.
   
   Prevention Tip: Many companies set up DNS Security Extensions (DNSSEC). The DNSSEC system helps validate responses to domain name queries, preventing attackers from directing users to malicious sites. You can also perform DNS traffic filtering to help identify an attack.
   
   It is wise to regularly apply patches to DNS servers and to always look for the padlock symbol next to the address bar when opening a website—called the secure connection symbol.
   
   
3. Cross-Site Scripting (xss)- Cross site scripting involves hackers entering malicious code (written in JavaScript or PHP) into a web form or URL. The attacker can then pilfer sensitive information like login credentials or vandalize the website you’re trying to access.
   
   Prevention Tip: Something called “HTML sanitization” can remove potentially hazardous scripts or components from user-generated HTML. Additionally, output encoding can help ensure that user-provided content is treated as text rather than code. You can also set the HTTPOnly flag on cookies to prevent access by Javascript and ensure cookies are only sent over secure connections.
   
4. Zero-Day Exploits- Zero-day exploits are attacks that target software vulnerabilities unknown to software or antivirus vendors. Once the attacker finds the vulnerability, they can quickly create an exploit and use it for an attack, well before anyone can mitigate it since defenses are not in place.
   
   Prevention Tip: Conduct regular vulnerability scans of your systems to find weaknesses and patch as necessary. It is also wise to install next gen antivirus software (NGAV) which establishes routine behavior and patterns of users and systems which help automatically block processes once a threat is identified.

Wondering if your systems are equipped to fight cyberattacks? We can help. Contact us