Your Ask Joey ™ Answer

What is cybersecurity and what are the different types of cyber attacks?

The BEC section of the CPA exam requires you to understand the common types of cyber attacks and organizations can implement controls to prevent or detect these cyber attacks. Cybersecurity is the practice of protecting organizations from these cyber attacks. With the increasing reliance on systems and networks, the need for cybersecurity is more important than ever.

What are some key definitions related to cybersecurity?

Malware: Malware is basically the generic term that covers cyber attacks where the hacker plants malicious code in the network of a company or individual. Forms of malicious code include viruses, worms, spyware, etc.

Bots, zombies, and botnets: This is quite the sequence to understand. So basically, a hacker can take over a computer, which is referred to as a bot. So in step #1, the hacker then infects the bot with malware to transform the bot into a zombie. The hacker now has complete control over the computer and can instruct the zombie to carry out any task.

In step #2, the hacker can then take hundreds of zombies and create a botnet. The hacker now controls the botnet and can have hundreds of zombies all carry out a cyberattack all at once (see the various types below).

What are the different types of cyber attacks?

Below is a list of common cyber attacks that you should be familiar with.

1) Phishing attack: This is the most common type of cyber attack and this occurs when a hacker sends a fake email to consumers or organizations. The hacker will have the email mimic a company that consumers consider to be well-trusted. When the consumer opens the email, the hacker then has access to the consumers computer and will collect personal information and/or infect the computer with a virus. A phishing attack is very similar to a pharming attack, except a pharming attack redirects users to fake websites.

2) Pharming attack: A pharming attack occurs when a hacker redirects a consumer to fake website that mimics a real website that the consumer is attempting to access. For example, if the consumer attempts to go to universal.com, the hacker will redirect the user to a fake website and gain access to the consumers computer. Once the hacker has access, the hacker will steal personal information and/or infect the computer with a virus.

3) Smishing attack: A smishing attack is when a hacker attempts to gain access to a users phone by sending a text message will malicious code. If the user opens the text message, the hacker will be able to retrieve personal information that is on the phone.

4) Formjacking attack: A formjacking attack is when a hacker inserts malicious code into the online checkout of a valid website. Then, when a user completes the checkout on the valid website, the code will transmit credit card information back to the hacker.

5) Ransomware: Ransomware is an attack whereby the hacker inserts malicious code into a company network through a flaw in their security. The malicious code then begins to lock the company out of their own network. In order to unlock the network, the company must pay “ransom” or cash to the network (hence the term ransomware). If a company doesn’t have all of their data backed-up, then they will be forced to pay the ransom to the hacker to recover their data and network.

6) Spyware: Spyware is a cyber attack where the hacker inserts malicious code in a company’s network and then sits silently in the background. The malicious code will track all activity in the company’s network and send data and information back to the hacker. Unless the company detects the spyware, the company not identify that data and information was stolen by the hacker.

7) Supply chain attacks: A supply chain attack is when the hacker inserts malicious code into an application in the supply chain and then the malicious code spreads to other applications in the supply chain. Basically, the hacker targets a weakness in the network, implants the malicious code, and then lets the network spread the malicious code itself.

8) Distributed denial of service (DDoS) attack: A distributed denial of service attack is when a hacker send a large amount of website traffic or pings to a network to try and slow it down or completely shut it down. Every network has a threshold for web traffic that it can handle at a given time, and if the hacker can exceed that threshold, then they will successfully shut down the network.

9) Trojan malware: Trojan malware is intended to be disguised as legitimate software to the user. Since the software appears the legitimate, the user downloads the software, and then the hacker infects the users system with the malware. The hacker then retrieves data and information from the users system without the user knowing. It is called trojan malware because the Greeks used a trojan horse to infiltrate the city of Troy. All of the warriors hit inside the Trojan horse, and the city of Troy brought the horse inside the city walls.


Back To All Questions

You might also be interested in...

  • Three Reasons to Become an Accountant

    If you’re someone who is intrigued by numbers, enjoys problem-solving and wants to help others, then accounting might be the perfect career for you. While some people may be put off by its unalluring reputation, accounting is an excellent career choice that has many benefits. In this article, we look at three of the reasons...

  • Qualified Retirement Planning: Tax Advantages & Disadvantages

    Home Advantages and Disadvantages of Tax-Free and Deferred-Tax Retirement Plans What are “qualified retirement plans” and how can they be effective for tax planning? Well, there are plenty of tax savings advantages to individuals contributing to tax-free retirement accounts, as well as tax-deferred retirement accounts. However, this doesn’t necessarily mean that there are no disadvantages...

  • CPA Evolution Survival Guide

    Download Your eBook by selecting the download icon in the top right-hand corner