Cyber Attack Defense
A cyber attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods to launch a cyber attack, including malware, phishing, ransomware, denial of service, among other methods.
Cyber attacks hit businesses every day. Former Cisco CEO John Chambers once said, “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.” According to the Cisco Annual Cybersecurity Report, the total volume of events has increased almost fourfold between January 2016 and October 2017.
Cybercrime has increased every year as people try to benefit from vulnerable business systems. Often, attackers are looking for ransom: 53 percent of cyber attacks resulted in damages of $500,000 or more. Cyberthreats can also be launched with ulterior motives. Some attackers look to obliterate systems and data as a form of “hacktivism.”
A botnet is a network of devices that has been infected with malicious software, such as a virus. Attackers can control a botnet as a group without the owner’s knowledge with the goal of increasing the magnitude of their attacks. Often, a botnet is used to overwhelm systems in a distributed-denial-of-service attack (DDoS) attack.
To be clear: it does not matter which platform your website is built on. They all have vulnerabilities and are being targeted every single day. We can’t guarantee that your site won’t fall victim to a cyber attack… in fact, it probably will at some time. Especially if that attack is indifferent of the technology your website is built with.
It can be difficult to determine when your website is under attack or compromised… but usually, a sure sign is an uninvited change to your website. Common examples are when the site gets redirected somewhere else or when you receive an unexpected server timeout (this may indicate the site is experiencing unusually high traffic).
When a cyber attack is detected, we immediately troubleshoot where it’s coming from by monitoring the IP addresses in the traffic logs. This allows us to determine if the site is imploding due to malware or if an external attack is in progress. When the site isn’t actually infiltrated, we can block access to the attackers.
However, the job is much more difficult if the site is already infected because there are thousands of files and rows in the database that need to be analyzed. The fastest and safest remedy is usually to restore a previous backup. When that’s not an option, it’s best to quarantine the site and locate the source. These options are not guaranteed to return the site to working order because some viruses are designed to be hidden, capable of re-injection, or destructive towards backups.
While we successfully deflect 99% of all cyber attacks, it’s called “defense” for a reason… the ramifications of a highly advanced and targeted attack can be irreversible. In the worst-case scenario, the sad truth is that the site should be replaced by a completely new build – especially if it can’t be determined when the malware was first introduced.