Cyber Awareness: What You Need to Know
We recently held a Cyber Awareness training session for our staff and a few of our suppliers. What we learned was both intriguing and rather scary.
Cyber-attacks come in many different forms, and they can be large-scale, aimed at corporations, utilities, and government while small and medium-scale attacks target you, your family, and perhaps your business.
In this article, we will discuss a few different types of cyber-attacks, and what kind of people are conducting them. If you want to know how to prevent an attack on you or your business, or even what to do in the event you have been attacked, that will be discussed in our next article. Until then, keep reading.
What Do ‘Cybercriminals’ Want?
The first thing to note is not all cyber-attacks come from cyber criminals. In some cases, it could be from government agencies, but we will discuss that further down. Here are a few examples of what an attacker might be looking for:
- Small-Scale: Your information, banking details, or access to your contacts
- Corporate: Banking details, client information or industry secrets
- Government: Intelligence
One of the newest types of attacks is called “Cryptojacking.” In this case, it is a cybercriminal who installs malware onto your machine. This is done typically by getting you to install the file, often disguised, and then it runs in the background, often going unnoticed.
The goal for this malware is to use your device’s resources to mine cryptocurrencies like bitcoin, which can slow down your device, cost electricity as now your desktop constantly runs at full power, and it could lead to more serious attacks down the line.
Stuxnet: What Was it And What Did It Do?
Our first example of a cyber-attack must be Stuxnet, a complicated programme that showed what is possible when it comes to state-sponsored cyber operations.
Stuxnet was a cyber weapon developed primarily with the goal of sabotaging Iran’s nuclear programme. Found around 2010, Stuxnet was designed to target and disrupt the Siemens PLCs (Programmable Logic Controllers) used in Iran’s Natanz nuclear facility, where uranium enrichment centrifuges were spinning.
The malware infiltrated Iranian systems and subtly altered the functioning of the centrifuges, causing them to spin at speeds that would damage them over time, while simultaneously feeding normal readings to the monitoring systems.
This meant that Iranian engineers had no idea their equipment was malfunctioning until significant damage had been done. Stuxnet didn’t just destroy physical equipment, it also sowed confusion and mistrust within Iran’s nuclear programme.
If you think about it, this was genius. Instead of trying to force Iran to stop with their programme, Stuxnet slowly ensured that making any progress was slower, and almost impossible.
Stuxnet marked a significant escalation in cyber warfare, demonstrating how software could cause physical destruction without firing a single shot. It was one of the first known instances of a cyber-attack being used to achieve a major geopolitical objective, setting a precedent for cyber capabilities.
To get a better understanding of Stuxnet, check out the video below: your toughest supportability issues are handled with expert care, paving the way for unmatched efficiency and reliability.
What Methods Do Cybercriminals Use?
Attackers use multiple tricks. Phishing tops the list, think of it as digital bait-and-switch. An innocent-looking email lands in your inbox, and one click later, your data is in the hands of someone halfway across the globe. It’s easy, effective, and still catching people off guard every day.
You might receive an email that seems to come from Netflix, requesting that you make a payment. In the email will be a way for you to pay, and through this payment method, the attackers could save your banking details.
Ransomware is another favourite, where your files get hijacked, encrypted, and held for ransom. Attackers demand payment with a ticking clock: pay up or kiss your data goodbye. It’s a high-stakes game, and businesses are losing millions because of it.
Then there is malware, malicious software that sneaks into your system to spy, steal, or simply wreak havoc, like Stuxnet. Attackers use it to get behind your defences, often without you noticing.
What Is Social Engineering and How Does It Exploit People?
Social engineering is the art of manipulation, no code, just psychology. Attackers use it to trick people into handing over sensitive information or performing actions that compromise security.
The tactics vary but often start with a sense of urgency or authority. An email that looks like it is from your bank, a phone call pretending to be tech support, or a text from your “boss” demanding quick action. Attackers create scenarios that make you feel compelled to respond without thinking, exploiting trust, fear, or the impulse to help.
Scare tactics, impersonation, and simple charm are all part of the toolkit. It is low-tech but high-impact, and it works because it targets the one thing that can’t be programmed out: human nature. Social engineering thrives on errors we don’t even realise we’re making.
An attacker might even go as far as to do as much research on the target as possible by analysing their digital footprint. Doing this helps them craft a more believable scenario when contacting you.
At Quorum, we take cyber awareness seriously, and it is why we encourage our team members, including select suppliers to attend our training sessions. We have also implemented protocol to prevent any of our team members becoming a victim of a cyber-attack.
Elevate your logistics strategy. Contact Quorum today and let us transform your supportability engineering challenges into your strongest asset.
Book an informal chat with Shaun And let Quorum take care of your ILS needs, allowing you to focus on your core operations with complete peace of mind.