The BEC section of the CPA exam requires you to understand the common types of cyber attacks and organizations can implement controls to prevent or detect these cyber attacks. Cybersecurity is the practice of protecting organizations from these cyber attacks. With the increasing reliance on systems and networks, the need for cybersecurity is more important than ever.

What are some key definitions related to cybersecurity?

Malware: Malware is basically the generic term that covers cyber attacks where the hacker plants malicious code in the network of a company or individual. Forms of malicious code include viruses, worms, spyware, etc.

Bots, zombies, and botnets: This is quite the sequence to understand. So basically, a hacker can take over a computer, which is referred to as a bot. So in step #1, the hacker then infects the bot with malware to transform the bot into a zombie. The hacker now has complete control over the computer and can instruct the zombie to carry out any task.

In step #2, the hacker can then take hundreds of zombies and create a botnet. The hacker now controls the botnet and can have hundreds of zombies all carry out a cyberattack all at once (see the various types below).

What are the different types of cyber attacks?

Below is a list of common cyber attacks that you should be familiar with.

1) Phishing attack: This is the most common type of cyber attack and this occurs when a hacker sends a fake email to consumers or organizations. The hacker will have the email mimic a company that consumers consider to be well-trusted. When the consumer opens the email, the hacker then has access to the consumers computer and will collect personal information and/or infect the computer with a virus. A phishing attack is very similar to a pharming attack, except a pharming attack redirects users to fake websites.

2) Pharming attack: A pharming attack occurs when a hacker redirects a consumer to fake website that mimics a real website that the consumer is attempting to access. For example, if the consumer attempts to go to universal.com, the hacker will redirect the user to a fake website and gain access to the consumers computer. Once the hacker has access, the hacker will steal personal information and/or infect the computer with a virus.

3) Smishing attack: A smishing attack is when a hacker attempts to gain access to a users phone by sending a text message will malicious code. If the user opens the text message, the hacker will be able to retrieve personal information that is on the phone.

4) Formjacking attack: A formjacking attack is when a hacker inserts malicious code into the online checkout of a valid website. Then, when a user completes the checkout on the valid website, the code will transmit credit card information back to the hacker.

5) Ransomware: Ransomware is an attack whereby the hacker inserts malicious code into a company network through a flaw in their security. The malicious code then begins to lock the company out of their own network. In order to unlock the network, the company must pay “ransom” or cash to the network (hence the term ransomware). If a company doesn’t have all of their data backed-up, then they will be forced to pay the ransom to the hacker to recover their data and network.

6) Spyware: Spyware is a cyber attack where the hacker inserts malicious code in a company’s network and then sits silently in the background. The malicious code will track all activity in the company’s network and send data and information back to the hacker. Unless the company detects the spyware, the company not identify that data and information was stolen by the hacker.

7) Supply chain attacks: A supply chain attack is when the hacker inserts malicious code into an application in the supply chain and then the malicious code spreads to other applications in the supply chain. Basically, the hacker targets a weakness in the network, implants the malicious code, and then lets the network spread the malicious code itself.

8) Distributed denial of service (DDoS) attack: A distributed denial of service attack is when a hacker send a large amount of website traffic or pings to a network to try and slow it down or completely shut it down. Every network has a threshold for web traffic that it can handle at a given time, and if the hacker can exceed that threshold, then they will successfully shut down the network.

9) Trojan malware: Trojan malware is intended to be disguised as legitimate software to the user. Since the software appears the legitimate, the user downloads the software, and then the hacker infects the users system with the malware. The hacker then retrieves data and information from the users system without the user knowing. It is called trojan malware because the Greeks used a trojan horse to infiltrate the city of Troy. All of the warriors hit inside the Trojan horse, and the city of Troy brought the horse inside the city walls.