A Guide to identifying and preventing future cyber-attacks in organizations

What is a cyber-attack?

A cyber-attack is dangerous software launched by cyber criminals aiming to disrupt, harm, and exploit computer systems, networks, or electronic devices. Hackers can steal, modify, delete data, extortion, or damage the victims’ reputations through an attack.

Cyber-attacks Classification

Cyber Warfare

Cyberwarfare is an act of attacking one country’s information system and infrastructure by another country. Its main goal is crippling or otherwise disrupting communications or services. Organizations like NATO, CIA, NSA designated cyber-attacks as acts of war that could trigger a military response by the targeted governments.

Cyber Crime

Cybercrime is a malicious act involving computers and Internet connections to spread viruses, unlawful information, or illegitimate content.

Cyber Terrorism

Cyber terrorism describes illegal attacks and threats against computers, networks, and information. Cyberterrorists frequently target military, government, and corporate networks. It happens to instill terror in the civilian population and coax the government.

Top 10 most common types of cyber-attacks

Distributed Denial of Service (DDoS) attack

A DDoS attack makes a machine or network resource unavailable to its intended users. It temporarily or indefinitely disrupts or suspends the services of a host connected to the Internet. The current attack is accomplished by flooding the targeted machine or resource with constant requests to overload systems and prevent fulfilling legitimate requests.

Malware

Malware is any malicious software designed to damage or disable computers systems without the owner’s knowledge. However, there are different classifications for the current cyber-attack. They are:

Ransomeware

Ransomeware is malware that encrypts the victim’s data and then demands a ransom to decrypt it. Usually, the hacker asks to be paid in cryptocurrency, such as Bitcoin. There are three types of ransomware:

1. Ransomware worm: Ransomware worm attack spreads when sent to other devices using a network or Internet connection. It can infect hundreds of thousands of computers within hours and prove difficult to stop.
2. File-encrypting program: A File-encrypting program is also called executable. It is installed on a computer to scan data files, encrypt them and lock the system. The hacker unlocks the system and gives the data back when the user agrees to pay the ransom fee.
3. Remote Access Trojan: The Remote Access Trojan installs itself on a computer and sends copies of files back to the perpetrator’s server. Then the data are encrypted before being sent back for ransom.

Spyware attack

Spyware is software that captures or records the user’s activities without their knowledge. The cyber-attack can capture information such as keystrokes, screenshots, location, and passwords. In some instances, IT experts use it to monitor a device or user for security purposes.

Virus attack

Viruses are a type of malware that can infect computers, smartphones, and other devices. A virus is a tiny piece of code installed on your device to do something without your knowledge or permission. However, the virus cyber-attack works differently:

1. Displaying fake messages or opening pop-up windows to scare you. The creator can ask for money in exchange for solving the problem.
2. Changing your device’s settings to download more viruses into your computer automatically.
3. Stealing money by logging into your bank account.
4. Collect personal information about you, like passwords from social media or email accounts.
5. Take control of your computer so they can use it as botnets to attack other people’s computers.

Trojan horse attack

The trojan is typically delivered by email with a link or attachment desirable to the user. It can trick you into downloading, opening, or clicking on it. Once opened, the malware will download to the user’s system. The trojan horse can steal information, wipe out data, and even encrypt all data on the hard drive. As always, the author demands a ransom to decrypt them. This type of cyber attack allows hackers to get into your computer without you knowing.

Rootkit attack

A rootkit is a backdoor that allows an attacker to have long-term access to a system. This technic makes it hard to detect the attacker by simple security products and antivirus scans. They are hard to detect because hackers use them with legitimate programs, such as web browsers or file managers. Also, they can be installed through infected emails by malware or Trojans, fake software updates, and other ways.

Keylogger attack

Keyloggers are software applications that record every character a user types and others pieces of information. Sometimes, people use it for parental control and to see what people are typing on their computers. However, cybercriminals use it to discover the users’ credentials and register all their windows, applications, and websites visited.

Adware

Adware hijacks web browsers and stays host on websites. They do it to display ads to users while they browse the Internet and generate revenue. The user can install it on their computer through free programs. That’s why it’s crucial installing trusted applications only. You have to be cautious about what you download from the Internet or click on during an online browsing session.

Logic bombs attack

Logic bombs were initially designed to disrupt services and cause data loss. Still, they also have other uses, such as activating a denial of service attack on a competitor’s website.

Phishing attack

A phishing attack is sent through an email that appears to be from a trustworthy source. Phishing contains links or attachments where include the malicious program. It will be active when the user clicks on any of those links or attachments. The goal of Phishing is to get users to provide personal information such as credit card numbers, login credentials, and more. Users can identify this type of cyber-attacks because the email address does not match with the email body.

For example, the email body can talk about a big discount you can receive if you buy 50 new masks to protect yourself from covid. Then, you have to be attentive that the email address matches the store or company doing the promotion.

Structured Query Language (SQL) Injection cyber-attack

SQL Injection is a cyber-attack that involves inserting a string of SQL code into a web application’s input data. The purpose is to exploit a security vulnerability in the web application’s SQL query. The injection is successful when the cybercriminal can access all data from the database. Specifically, username and password hashes. In some cases, attackers can use SQL injection to disclose sensitive data, destroy data or entire databases.

Web programmers need to know how their programming language interacts with databases to block malicious code injections. In this way, programmers will help prevent security breaches by keeping their programming secure.

Password cracking attack

Password cracking tries to recover a password from one or more hashes. For this, hackers use brute force through an automated program to guess the user password. Most of the users register easy-to-remember passwords, and that is a big problem for them.

Some systems limit the number of attempts to enter the password before access is denied, preventing password cracking attacks. ​Other systems add additional bits to each password before hashing it. In this way, even if two users selected the same password, they would not.

Man-in-the-middle (MITM) attack

MITM attacks allow an attacker to eavesdrop on the data sent back and forth between two people, networks, or computers. The hacker positions in the “middle” or between the two parties trying to communicate to spy on their interaction. In a Man-in-the-middle attack, the two parties involved feel like they are communicating between them. The reality is the attacker accesses and modifies the message before it reaches its destination. Companies can protect themselves from MITM attacks by using strong encryption on access points or a virtual private network (VPN).

DNS Spoofing cyber-attack

With Domain Name System (DNS) spoofing, a hacker alters DNS records to send traffic to a fake or “spoofed” website. Once on the fraudulent site, the victim may enter sensitive information that the hacker can use or sell. The hacker may also construct a poor-quality site with derogatory content to make a competitor company look bad. In a DNS spoofing attack, the attacker takes advantage because the user thinks visiting the site is legitimate. Then the hacker is free to commit crimes in the name of an innocent company.

Attackers aim to exploit vulnerabilities in DNS servers. To prevent DNS spoofing cyber-attacks, companies should make sure those servers are kept up to date.

Eavesdropping cyber-attack

Hackers use an Eavesdropping attack to intercept sensitive data from the network. To do it, the attacker takes in a position where they can listen in on the communication between two parties. Eavesdropping attack is not easy to detect without specialized equipment to monitor what is happening on the network. Of course, it makes a complex problem for many organizations to tackle. However, data encryption remains the best protection against eavesdropping.

XSS cyber-attack

Cross-site scripting or XSS attack allows transmitting malicious scripts using clickable content. When the victim clicks on the content, the script is sent to the target’s browser. Because the user has already logged into a web application’s session, what they enter is legitimate by the web application. However, the attacker has altered the script executed, and they can modify the information that the user is submitting.

Companies can prevent XSS attacks using a whitelist of allowable entities. This way, anything other than approved entries will not be accepted by the web application. Also, organizations can use a sanitizing technique. The technique examines the data being entered, checking to see if it contains anything that can be harmful.

Birthday attack

In a birthday attack, an attacker exploits the hash algorithms. They are a security feature used to verify the authenticity of messages. If a hacker can create an identical hash to what the sender has appended, the hacker can replace the message with its own. The receiving device will accept it because it has the correct hash.

The birthday paradox is based on the fact that in a room of 23 people, there is more than a 50% chance that two of them have the same birthday. Hence, the paradox proves that hashes like birthdays are not as unique as many think.

To prevent birthday attacks, use longer hashes for verification. Each extra digit added to the hash makes that the odds of creating a matching one decrease significantly.

How to prevent cyber-attacks in organizations?

There is no one-size-fits-all solution to cyber-attack problems. Nevertheless, companies can take proactive measures to prevent cyber-attacks and protect their data and networks.

1. Install security updates and keep your operating system up to date.
2. Implement a firewall that blocks traffic on unused ports.
3. Establish antivirus software on all workstations connected to your network.
4. Include specific protection systems like HIDS (IDS/IPS).
5. Use secure protocols for transferring sensitive data (TLS/SSL).
6. Set up password policies using long passwords with complex patterns.
7. Never click on links in emails or even social media posts that seem odd.
8. Use a Virtual Private Network (VPN) to create a more secure connection.
9. Implement cloud-managed endpoint protection to assist in advanced monitoring and remote remediation.
10. Use anti-spyware software with active scanning and regular updates.
11. Back up data regularly so that you won’t lose them in case of cyber-attacks.

Hackers are becoming more intelligent and sophisticated in their attacks, and traditional antivirus software is not enough to detect them. However, companies can implement SIEM tools like UTMStack that include technologies capable of monitoring, detecting, prevent and responding to a cyber-attack in real-time. A SIEM can ease the companies protection because integrating IDS, IPS, cloud service, incident response, penetration testing, vulnerabilities assessment, and more. In addition, most SIEM tools offer SOC as a service to monitor the networks and respond immediately to an attack.