Types of Cyber attacks

What is a Cyber Attack?

A cyber attack is an assault launched by cybercriminals using one or more computers against a person or a company. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods to launch a cyber attack, including malware, phishing, ransomware, denial of service, among other methods. A cyber attack is also known as a computer network attack (CNA).

Common Types of Cybersecurity Attacks

1. Denial-of-Service (DoS) and Distributed Denial-of-Dervice (DDoS) attacks

This attack is similar to a traffic jam, making a service unavailable for users.

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. A DoS attack is characterized by using a single computer to launch the attack.

A distributed denial-of-service (DDoS) attack is a type of DoS attack that comes from many distributed sources, such as botnets(A large number of compromised computers).

DDoS attacks are often targeted at web servers of high-profile organizations such as trade organizations, government, media companies, commerce, and banking. Although these attacks don’t result in the loss or theft of vital information or other assets, they can cost a victim lots of money and time to mitigate. DDoS is often used in combination to distract from other network attacks.

2.SQL Injection

SQL injection, also known as SQLI, is a kind of attack that employs malicious code to manipulate backend databases to access information that was not intended for display. This may include numerous items including private customer details, user lists, or sensitive company data.SQLI can have devastating effects on a business. A successful SQLI attack can cause deletion of entire tables, unauthorized viewing of user lists, and in some cases, the attacker can gain administrative access to a database. These can be highly detrimental to a business. When calculating the probable cost of SQLI, you need to consider the loss of customer trust in case personal information like addresses, credit card details, and phone numbers are stolen.

3.Cross Site Scripting (XSS)

XSS attacks use third-party web resources to run scripts in the victim’s web browser or scriptable application. Specifically, the attacker injects a payload with malicious JavaScript into a website’s database. When the victim requests a page from the website, the website transmits the page, with the attacker’s payload as part of the HTML body, to the victim’s browser, which executes the malicious script. For example, it might send the victim’s cookie to the attacker’s server, and the attacker can extract it and use it for session hijacking. The most dangerous consequences occur when XSS is used to exploit additional vulnerabilities. These vulnerabilities can enable an attacker to not only steal cookies, but also log key strokes, capture screenshots, discover and collect network information, and remotely access and control the victim’s machine.

4.Password Attack

A password attack simply means an attempt to decrypt or obtain a user’s password with illegal intentions.

Because passwords are the most commonly used mechanism to authenticate users to an information system, obtaining passwords is a common and effective attack approach. Access to a person’s password can be obtained by looking around the person’s desk, ‘‘sniffing’’ the connection to the network to acquire unencrypted passwords, using social engineering, gaining access to a password database or outright guessing. The last approach can be done in either a random or systematic manner:

• Brute-force password guessing means using a random approach by trying different passwords and hoping that one works. Some logic can be applied by trying passwords related to the person’s name, job title, hobbies or similar items.
• In a dictionary attack, a dictionary of common passwords is used to attempt to gain access to a user’s computer and network. One approach is to copy an encrypted file that contains the passwords, apply the same encryption to a dictionary of commonly used passwords, and compare the results.

In order to protect yourself from dictionary or brute-force attacks, you need to have a strong password and implement an account lockout policy that will lock the account after a few invalid password attempts.

5.Man-in-the-Middle (MITM) Attacks

Man-in-the-middle (MITM) attacks are a type of cybersecurity breach that allows an attacker to eavesdrop a communication between two entities. The attack occurs between two legitimate communicating parties, enabling the attacker to intercept communication they should otherwise not be able to access. Thus the name “man-in-the-middle.” The attacker “listens” to the conversation by intercepting the public key message transmission and retransmits the message while interchanging the requested key with his own.

The two parties seem to communicate as usual, without knowing the message sender is an unknown perpetrator trying to modify and access the message before it is transmitted to the receiver. Thus, the intruder controls the whole communication.

6.Eavesdropping Attack

An eavesdropping attack, also known as a sniffing or snooping attack, is a theft of information as it is transmitted over a network by a computer, smartphone, or another connected device.The attack takes advantage of unsecured network communications to access data as it is being sent or received by its user.

An eavesdropping attack can be difficult to detect because the network transmissions will appear to be operating normally.

To be successful, an eavesdropping attack requires a weakened connection between a client and a server that the attacker can exploit to reroute network traffic. The attacker installs network monitoring software, the “sniffer,” on a computer or a server to intercept data as it is transmitted.Any device in the network between the transmitting device and the receiving device is a point of weakness, as are the initial and terminal devices themselves.

7.Insider Threats

Not every network attack is performed by someone outside an organization.

Inside attacks are malicious attacks performed on a computer system or network by an individual authorized to access the system. Insiders that carry out these attacks have the edge over external attackers since they have authorized system access. They may also understand the system policies and network architecture. Furthermore, there is less security against insider attacks since most organizations focus on defending against external attacks.

Insider threats can affect all elements of computer security and range from injecting viruses to stealing sensitive data from a network or system. The attackers may also affect the system availability by overloading the network or computer processing capacity or computer storage, resulting in system crashes.

8.AI-Powered Attacks

The concept of a computer program learning by itself, building knowledge, and getting more sophisticated may be scary.

Artificial intelligence can be easily dismissed as another tech buzzword. However, it is already being employed in everyday applications through an algorithmic process referred to as machine learning. Machine learning software is aimed at training a computer to perform particular tasks on its own. They are taught to accomplish tasks by doing them repeatedly while learning about certain obstacles that could hinder them.

AI can be used to hack into many systems including autonomous vehicles and drones, converting them into potential weapons. AI makes cyber attacks such as identity theft, password cracking, and denial-of-service attacks, automated, more powerful and efficient. It can also be used to kill or injure people, steal money, or cause emotional harm. Larger attacks can as well be used to affect national security, shut down hospitals, and cut power supplies to entire regions.

9.Social engineering

Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

Social engineering attacks happen in one or more steps.

A perpetrator first investigates the intended victim to gather necessary background information, such as potential points of entry and weak security protocols, needed to proceed with the attack. Then, the attacker moves to gain the victim’s trust and provide stimuli for subsequent actions that break security practices, such as revealing sensitive information or granting access to critical resources.

Social Engineering Attack Lifecycle

What makes social engineering dangerous is that it relies on human error, rather than vulnerabilities in software and operating systems. Mistakes made by legitimate users are much less predictable, making them harder to identify and thwart than a malware-based intrusion.

10.Malware Attacks

A malware(malicious software) is any piece of software that was written with the intent of damaging devices, stealing data, and generally causing a mess.

A malware attack is when cybercriminals create malicious software that’s installed on someone else’s device without their knowledge to gain access to personal information or to damage the device, usually for financial gain. Different types of malware include viruses, spyware, ransomware, and Trojan horses.

Malware attacks can occur on all sorts of devices and operating systems, including Microsoft Windows, macOS, Android, and iOS.

11.Drive-by Attack

A drive-by attack is a common method of distributing malware.

Drive-by downloads can happen when visiting a website or viewing an email message or a pop-up window. Unlike many other types of cyber security attacks, a drive-by doesn’t rely on a user to do anything to actively enable the attack — you don’t have to click a download button or open a malicious email attachment to become infected. A drive-by download can take advantage of an app, operating system or web browser that contains security flaws due to unsuccessful updates or lack of updates.

12.Ransomware

Ransomware is a form of malware that encrypts a victim’s files and asks for a ransom (Money). It blocks access to a victim’s data, typically threatening to delete the files if the ransom is not paid. There is no guarantee that paying a ransom will regain access to the data.Users are shown instructions on how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.

Some organizations are tempting targets because they seem more likely to pay a ransom quickly. For instance, government agencies or medical facilities often need immediate access to their files. Law firms and other organizations with sensitive data may be willing to pay to keep news of a compromise quiet and these organizations may be uniquely sensitive to leakware attacks.

13.What is Malvertising?

Malvertising combines the words “malicious advertising” to describe “the practice of using advertisements to distribute malware.” We’ve been subjected to the most obvious forms of malvertising for just almost as long as we’ve used the internet. We’re accustomed to recognizing it in pop-ups, or ads in the margins begging us to click, offering a surprise, and distracting us from an otherwise pleasant game of Tetris.

14. Birthday attack

Birthday attacks are made against hash algorithms that are used to verify the integrity of a message, software or digital signature. A message processed by a hash function produces a message digest (MD) of fixed length, independent of the length of the input message; this MD uniquely characterizes the message. The birthday attack refers to the probability of finding two random messages that generate the same MD when processed by a hash function. If an attacker calculates same MD for his message as the user has, he can safely replace the user’s message with his, and the receiver will not be able to detect the replacement even if he compares MDs.

15.Phishing Attacks

Phishing is a type of social engineering usually employed to steal user data such as credit card numbers and login credentials. It happens when an attacker, posing as a trusted individual, tricks the victim to open a text message, email, or instant message. The victim is then deceived to open a malicious link that can cause the freezing of a system as part of a ransomware attack, revealing sensitive information, or installation of malware.

This breach can have disastrous results. For an individual, this includes identity theft, stealing of funds, or unauthorized purchases.

This is often used to obtain a foothold in governmental or corporate networks as part of a more significant plot such as an advanced persistent threat (APT). In such a case, employees are compromised to gain privileged access to secured data, distribute malware in a closed environment, and to bypass security parameters.

Common Features of Phishing Emails

1. Too Good To Be True — Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. For instance, many claim that you have won an iPhone, a lottery, or some other lavish prize. Just don’t click on any suspicious emails.
2. Sense of Urgency — A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time. Some of them will even tell you that you have only a few minutes to respond. When you come across these kinds of emails, it’s best to just ignore them. Sometimes, they will tell you that your account will be suspended unless you update your personal details immediately. Most reliable organizations give ample time before they terminate an account and they never ask patrons to update personal details over the Internet. When in doubt, visit the source directly rather than clicking a link in an email.
3. Hyperlinks — A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling, for instance www.bankofarnerica.com — the ‘m’ is actually an ‘r’ and an ’n’, so look carefully.
4. Attachments — If you see an attachment in an email you weren’t expecting or that doesn’t make sense, don’t open it! They often contain payloads like ransomware or other viruses. The only file type that is always safe to click on is a .txt file.
5. Unusual Sender — Whether it looks like it’s from someone you don’t know or someone you do know, if anything seems out of the ordinary, unexpected, out of character or just suspicious in general don’t click on it!

Spear Phishing Attacks

Remote Access Trojan (RAT)

Spear phishing is an email aimed at a particular individual or organization, desiring unauthorized access to crucial information. These hacks are not executed by random attackers but are most likely done by individuals out for trade secrets, financial gain, or military intelligence.

Spear phishing emails appear to originate from an individual within the recipient’s own organization or someone the target knows personally. Quite often, government-sponsored hacktivists and hackers perform these activities. Cybercriminals also carry out these attacks with the aim of reselling confidential data to private companies and governments. These attackers employ social engineering and individually-designed approaches to effectively personalize websites and messages.

Whale Phishing Attack

A whale phishing attack is a type of phishing that centers on high-profile employees such as the CFO or CEO. It is aimed at stealing vital information since those holding higher positions in a company have unlimited access to sensitive information. Most whaling instances manipulate the victim into permitting high-worth wire transfers to the attacker.

The term whaling signifies the size of the attack, and whales are targeted depending on their position within the organization. Since they are highly targeted, whaling attacks are more difficult to notice compared to the standard phishing attacks.

In a company, system security administrators can lessen the effectiveness of such a hack by encouraging the corporate management staff to attend security awareness training.