Types Of Cybersecurity Attacks
A cyberattack is a deliberate attempt to breach the information system of an individual or an organization. Below we describe some of the most common types of cyberattacks.
Man-in-the-middle (MitM) attacks
This type of attack occurs each time a hacker gets fraudulent access to a client-server or other private communication. The most common types of man-in-the-middle attacks are the following.
Session hijacking occurs when an attacker hijacks a session between a trusted client and a server. The attacking device will replace its IP address with the one of the trusted client. If the server continues the session, the attack is successfully executed.
IP spoofing is utilized to disguise the attacker’s IP, usually with randomized numbers. IP stands for Internet Protocol, which is the set of rules governing the format of data sent via the internet or local network. The IP address is the identifier that allows data to be sent between devices on a network: they contain location information and make devices accessible for communication.
To prevent such attacks, organizations rely on deep packet inspection (DPI) solutions, which utilize granular analysis of all headers not just the IP address.
A replay attack occurs every time a hacker intercepts and saves old communication and then reopens a discussion, impersonating one of the participants.
To counter such attacks, IT security teams utilize session timestamps and a cryptographic nonce “number only used once” which is a random number that can be used just once in a cryptographic communication.
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
A denial-of-service attack overwhelms a system so that it cannot respond to service requests. Similarly, a DDoS attack targets the system’s resources, but it is launched from several host machines controlled by the perpetrator.
Unlike cyberattacks that are designed to penetrate a system to get unauthorized access, DoS attacks do not provide direct benefits for attackers. However, if the targeted resource belongs to a competitor, then the benefit to the attacker can be measured.
A DoS attack can also be used to take a system offline to facilitate a different kind of attack.
There are several types of DoS attacks, such as teardrop attacks, botnets, etc.
Drive-by download attacks
Generally, the drive-by download attack is utilized for spreading malware. Hackers often look for insecure websites and exploitable vulnerabilities to include malicious scripts into HTTP or PHP code on some of the pages. These scripts might easily install malware directly onto the victim’s device if she/he visits the website, or it might redirect the victim to a second website controlled by the hackers.
A drive-by download will target an app or a web browser that is vulnerable due to lack of updates.
To protect your organization against such attacks, you should keep your browsers and operating systems up to date and avoid loading unsecure, suspicious websites.
Phishing & spear phishing attacks
Unfortunately, phishing attacks are increasingly popular among hackers. This type of cyberattack usually involves sending emails that appear to be from trusted sources with the goal of gaining personal information or influencing victims into taking certain action.
Such an attack combines social engineering and technical methods. It could be an email attachment or a link to an illegitimate website that can trick you into downloading malware or disclosing personal information.
Spear phishing is a targeted type of phishing activity. Attackers closely investigate their targets and create messages that are personal and relevant. Therefore, spear phishing can be very hard to identify and even harder to defend against.
Hackers usually utilize email spoofing for conducting spear phishing attacks. Basically, they change the sender’s email address, making it appear as if it is coming from someone you know, maybe a manager (e.g. CEO fraud) or a colleague/partner.
To reduce the risk of being phished, you should apply the following suggestions:
Analyze any email you consider suspicious.
Move your mouse over the suspicious link, but do not click it! Just move your mouse cursor over the link to see the destination URL.
Email headers define how an email got to your address. The “Reply-to” and “Return-Path” parameters should lead to the same address included in the email.
Password attacks
As we all know, passwords are the most used mechanism to authenticate to any information system. Access to a person’s password can be obtained by using social engineering, gaining access to a password database, etc.
Two of the most common password attacks are brute-force attacks and dictionary attacks.
The brute-force attack occurs when hackers or preconfigured bots try many different combinations, such as old passwords, stolen personal information, etc.
The dictionary attack involves a dictionary of common passwords that is used to attempt to gain access to a user’s computer and network.
To protect against dictionary or brute-force attacks, you should implement an account lockout policy that will block any login attempt after a few invalid user/password combinations.
SQL injection attacks
SQL injection has become a common issue with database-driven websites. It occurs when the hacker executes SQL queries to the database via input fields.
A SQL injection attack can allow the perpetrator to read information from the database, insert, update, or delete database data, execute admin operations, recover the content of a certain file, etc.
To protect your organization from a SQL injection attack, apply the least privilege model of permissions in your databases.
Cross-site scripting (XSS) attacks
XSS attacks use third-party resources to run scripts in the victim’s browser or application. The attacker injects malicious JavaScript into a website’s database. When the victim loads a web page, the server transmits the page with the attacker’s payload as part of the HTML body to the victim’s browser, which executes the malicious script. For instance, it might send the victim’s cookie to the attacker’s server, and the perpetrator can extract it and use it for session hijacking.
To defend against such cyberattacks, always make sure that you treat anything that generates data from outside your system as untrusted. Validate all the input data and create a whitelist of known, acceptable input. Examine and remove unwanted data.
Malware attacks
Malicious software can be described as unwanted software that is installed within the victim’s information system. There are many types of malware that hackers use such as: macro viruses, file infectors, polymorphic viruses, trojans, etc.
Conclusion
A good defense requires understanding the offense. Unfortunately, attackers have many options, such as DDoS assaults, malware infections, and brute-force password attacks trying to gain unauthorized access to business data.
Measures to mitigate these threats vary, but IT security basics stay the same. So, keep your systems and anti-virus databases up to date, regularly train your employees, configure your firewall to whitelist only the specific ports and hosts you need, keep your passwords unique and strong, use a least-privilege model in your IT environment, make regular backups, and continuously audit your IT systems for suspicious activity.