Cybercriminals have many weapons in their arsenal to breach company security. Knowing how to identify how they did it can be a key factor when you are the victim of a security incident.
- Malicious code infections of systems, work equipment, or mobile devices. These types of incidents, mostly initiated through email, compromised or malicious web pages, SMS, or social networks, can also cause infected resources to become part of a botnet. To determine if this incident has occurred in your company, you can use our Antibotnet service.
- Intrusions or attempted intrusions caused by exploiting known vulnerabilities, such as those regularly posted in the Security Advisories section, exploit attacks, and credential breaches, leading to the compromise of accounts with or without administrator privileges and the compromise of applications or applications services. If the compromised service is the website, it can lead to incidents such as identity theft or malware distribution. This may also include incidents of theft due to unauthorized access to physical facilities.
- Availability failures through DoS (denial of service) attacks can affect different resources of the organization (networks, servers, work equipment, etc.) and make it impossible for them to function normally. This type of incident also includes those caused by sabotage or physical attacks on resources or infrastructure and other interruptions of unintentional external origin.
- Information is compromised due to unauthorized access to it or its modification (for example, through encryption by ransomware). To determine if this type of incident has occurred in your company, you can use our Ransomware Help service. These incidents also include those in which the result is the deletion, loss, or leakage of data and may be caused intentionally (through the theft or compromise of credentials) or by some failure of the devices that store them.
- Fraud is caused mainly by the impersonation of legitimate entities to deceive users to obtain financial benefits, or by phishing attacks to obtain private credentials to access means of payment. Incidents related to the unauthorized use of resources can also be found here to carry out fraudulent campaigns against other users, such as hosting phishing campaigns on the business web.
- Sending spam: Such as unsolicited emails where the recipient of the content has not given the authorization to receive such messages. These messages do not usually violate the company’s security since their purpose is usually to promote products or services. Still, in cases where there is a large volume of spam, it cannot be very pleasant for users.
- Network scanning ( scanning ) aims to discover technologies and systems used by the company. Scans are usually part of the stage where cybercriminals obtain as much information as possible about a victim before carrying out the attack.
Packet analysis ( sniffing ), to observe network traffic and analyze it to discover confidential information and tools used by the company.