Without a doubt, cybercrime is at an all-time high today. Hackers are devising new tactics and attacks to target businesses and individuals. Understanding the popular types of cyber attacks is essential in enhancing your cybersecurity posture.
- 1 Human Factor Cyber Attacks
- 2 Malware Cyber Attacks
- 3 Denial of Service (DoS) and Distributed Denial of Service (DDoS) Cyber Attacks
- 4 Web Application Attacks
- 5 Password Cyber Attacks
Human Factor Cyber Attacks
Phishing is a social engineering attack used to steal sensitive information, such as login credentials to online banking, usernames and passwords to personal accounts, credit card information, and social security numbers.
A phishing attack occurs when a hacker posing as a legitimate, trusted individual or organization tricks a person into opening a malicious link, attachment, or email. Phishing is a popular cyber-attack since adversaries usually do not require sophisticated hacking tools or expertise. Phishing attacks can result in adverse results. For instance, online con artists use phishing to commit identity theft crimes. For an organization, attackers use phishing to gain a foothold and control its corporate network or as a foundation for more dangerous plots like advanced persistent threats.
Today, cybercriminals are exploiting the shift to remote work culture by launching phishing attacks on individuals and organizations. Statistics show that 97 percent of users are unable to recognize a sophisticated phishing email. Outrageously, only 3 percent of victims report phishing emails to the management.
How can you prevent phishing attacks?
- Be vigilant – know how a phishing attack looks like
- Avoid clicking on any link online or sent via emails
- Install anti-phishing tools
- Avoid sharing confidential information to unsecured and strange sites
- Create complex passwords and rotate them regularly
- Keep your operating systems and applications updated
- Install firewall programs
2. Spear Phishing
Spear phishing is similar to phishing attacks. The significant difference is that the former sends phishing emails to targeted individuals. In contrast, the latter sends emails to hundreds of different users, hoping that one of the recipients click and open it.
Cyber adversaries use spear phishing techniques to target a specific organization or individual. They deploy spear-phishing attacks when attempting to gain unauthorized access to highly sensitive information, such as trade secrets, military intelligence, financial data, and business intelligence data. Essentially, brand impersonation accounts for 81 percent of all spear-phishing attacks.
Attackers craft spear-phishing emails cleverly such that they appear to originate from known individuals. Quite often, attackers use spear-phishing to execute attacks like state-sponsored hacks and business email compromise. Spear phishing attacks enable criminals to steal and sell confidential information to rival entities and hostile governments.
You can follow these tips to prevent spear phishing attacks:
- Install a security solution that detects and blocks spear phishing attacks, including brand impersonation and business email compromise (BEC)
- Use multi-factor authentication (MFA) whenever possible. MFA complements the security of using a simple username and password
- Train employees to recognize and report suspected phishing emails
- Beat spear-phishing attacks by calling a message sender before responding
- Always lockdown personal information
Baiting is phishing’s and spear phishing’s devious cousin. As the term implies, baiting is a type of human factor attack that uses a false promise to arouse a victim’s curiosity or greed. Cybercriminals use something of interest to the targeted victims to lure them into a trap to infect their computers with malware or steal their personal data. One of the most widely used baiting techniques is the use of physical media to spread malware.
Attackers may leave a malware-infested flash disk – the bait – in a conspicuous area where the targeted organization’s employees can see it easily. The drive may be labeled as Company A’s payroll list to give it an authentic look. Anyone who picks it and inserts it into a computer out of curiosity may be exposed to severe risks like malware attacks.
In a previous study, 48 percent of employees who find baits pick and install them into their devices within minutes of their discovery. Only 16 percent of those who picked up and installed the drive considered scanning it first with an antivirus program.
Do not take the bait! Always be alert and aware to avoid baiting and other social engineering attacks. When you come across an unattended USB stick with that payroll tag, please think twice before inserting it into your device. Besides, keep your antivirus and antimalware solutions updated so they can flag potentially and harmful malware in bait techniques.
Vishing is a social engineering scam where hackers use phone calls to trick users into revealing confidential, personal information. The attack begins typically with a text message like ‘Dear customer, your online bank account has been breached.’ immediately followed by a ring.
The hacker may claim to be a representative from the bank or investigative authorities and offer to help you ‘solve’ the problem. However, the attackers create one since they use the established trust to collect sensitive information. Seventy-five percent of vishing victims reported that vishers already have some personal information about them, utilizing it to target them and getting more confidential data.
In essence, vishing is one of the many types of phishing attacks that attempt to exploit a victim’s trust to gain something. Technologies like voice over internet protocol (VoIP) make it easier for scammers to place thousands of vishing calls at a time. This form of social engineering attack has been on the rise over the past few years, representing nearly 30 percent of all incoming mobile calls. Very soon, almost half your phone calls will be spam and scams.
How can you prevent vishing?
- Always verify phone requests in a different way other than asking the caller. For instance, you can confirm the caller details using an official directory, or a second call to the company’s main office
- Be suspicious of callers requesting personal information like usernames and passwords over the phone
- Avoid sharing sensitive information over the phone
- Better still, hang up! The moment you suspect it’s a vising call, do not feel obliged to carry on a polite conversation – hang up and block the number.
5. Quid Pro Quo
Quid pro quo uses the ‘something for something’ approach to trick targeted users into installing harmful software or divulging sensitive personal information. It is a type of baiting attack, but instead of using bait to attract victims, they promise to offer something of value in exchange for something.
A scenario is when hackers contact ignorant individuals and promise to show them how to earn online, but they first need to collect their social media profiles and access credentials.
Another example a hacker impersonating an IT staff member of a specific organization and contacts employees instructing them to disable their antivirus software to allow a software upgrade. Instead, the attacker utilizes the opportunity to install malware and gain unauthorized system access.
A security consultant reported that using quid pro quo as part of a security test enabled him to obtain the usernames and passwords of 85 percent of employees in a target organization.
Be vigilant! Security awareness is the first line of defense against any social engineering technique.
Pretexting is a type of social engineering attack where hackers use a series of clever lies to gain unauthorized access to protected information. Perpetrators initiate the scam by pretending to require confidential information to complete a crucial activity. Verizon’s 2018 Data Breach Incident Report states that phishing and pretexting represents 98 percent of social incidents and 93 percent of breaches.
The first step in a pretexting attack is establishing trust with the targeted victim. Malicious cyber actors may impersonate government officials, such as tax officials, police, or other professionals with a right-to-know authority. Once the attackers have established reasonable trust levels, they ask questions requiring victims to reveal and confirm their identifying information.
In most cases, pretexting allows hackers to obtain all sorts of crucial information, including social security numbers, employee vacation dates, banking details, personal addresses, and driver’s license details.
One of the best ways to prevent pretexting is to be aware that it is a possibility. Email and phone spoofing can make it difficult to authenticate your caller. Be wary whenever a caller or an email begins requesting your information.
Malware Cyber Attacks
Ransomware is a harmful program designed to block users from accessing critical system parts, files, and data. Attackers use ransomware to threaten victims into paying a demanded ransom, or they will upload the data to the dark web or destroy it.
While some simple ransomware attacks are easy to reverse, more advanced ransomware utilizes cryptoviral extortion to encrypt the target system in a manner that makes it almost impossible to recover with the correct decryption keys. Ransomware attacks are common since they target critical sectors, like the health industry, where service delivery is necessary.
It’s not just big businesses that are vulnerable. You can follow these steps to prevent ransomware attacks:
- Avoid clicking links in emails
- Use an antimalware tool to scan emails
- Install firewalls and endpoint protection
- Keep a data backup
- Notify employees of out-of-network and first-time sender emails
8. Drive-By Attacks
Cybercriminals use drive-by attacks as the preferred method of distributing malicious programs. A drive-by attack is a technique where hackers insert a malicious script into an insecure website’s PHP or HTTP code.
Attackers usually design the malicious script to install malware directly on a user’s computer once someone visits the website. The script may also redirect a user to another website under the hacker’s control.
Drive-by attacks are widespread since cyber adversaries can target anyone who visits the malware-laden website. In contrast to most cyber-attacks, drive-by attackers don’t require a victim to do anything to enable the attack other than clicking the harmful website. That means that the attack does not rely on someone opening a malicious email attachment or download to become infected. Drive-by download attacks exploit vulnerabilities in the operating system, web browser, or app installed on the host system.
As with many aspects of cyber hygiene, caution and awareness are the best defense against drive-by attacks. Website owners and businesses should keep their website components updated. Besides, they should remove unsupported or outdated components on their websites.
On the other hand, employees should use strong passwords and usernames for their online accounts.
A Trojan, also called a Trojan horse, is a malicious software program created to execute harmful functions but hides in a useful, legitimate program to evade detection.
A trojan horse is similar to a computer virus, with the primary difference being that a Trojan cannot self-replicate. According to statistics from antivirus program maker Avira, this form of malware was the world’s most dangerous online. Trojan horses alone account for 60 percent of Avira’s online threats, with more than 788 million detections during the period.
Hackers install a Trojan horse on a targeted system to launch attacks and establish a back door to provide cybercriminals with access for further exploitation. For instance, attackers may program a Trojan to open high-numbered ports on the victim system to enable them to listen and execute more attacks.
How to keep the gates closed:
- Avoid opening email attachments of running programs when you are not 100 percent certain of the source
- Always keep your operating systems and other software updated
- Install an antivirus or a trojan remover
Adware is a software program designed to enable companies to market their products and services. It consists of advertising banners displayed when an individual uses specific applications, such as a web browser.
The adware may download automatically to a user’s computer where it utilizes resources, such as CPU, processor, or memory while running in the background. Although adware is not necessarily harmful, it can be a nuisance since it runs without user permission and may cause slower performance.
Statistics gathered between October and December 2019 by Avast’s Threat Lab experts show that adware was responsible for 72 percent of all mobile malware. Avast’s insights indicate that adware is a rising problem, with its share among all android malware types having increased by 38 percent.
Follow these simple tips to prevent adware attacks:
- Download apps from official app stores
- Check app ratings and comments from other peers
- Carefully review the permissions an app requests before allowing
- Install an adware blocker or an antimalware solution
Spyware is a malicious program designed to collect user activities, such as browsing habits, sites accessed the most, or online banking activities. The malicious program also collects confidential user information, including usernames, passwords, and credit card data, among others.
It is a malware program since it sends all user activities to a command and control center under the hackers’ control. Cyber adversaries with access to such kind of information can use it to commit identity theft cybercrimes. Attackers can also command the spyware to download and install other types of malware remotely.
- Avoid visiting untrustworthy websites
- Install an antivirus and antimalware application with real-time scanners
- Verify the source of emails
- Avoid clicking on links or downloading attachments in emails that appear to come from an unknown source
- Keep your operating system and other software updated
Botnet comprises numerous systems containing a malware infection and under a hacker’s controls. Attackers use bots, otherwise called zombie systems, to execute attacks like Distributed Denial of Service (DDoS) attacks against a targeted network or system.
DDoS attacks performed using botnets overwhelm the target networks’ processing capabilities and bandwidth disrupting vital operations. It is also difficult to trace the DDoS attacks since attackers use botnets located in different locations to hide their tracks.
In the second quarter of 2020, Spamhaus Malware labs identified approximately 3500 new botnet Command & Control Servers (C&Cs). Mirai, one of the biggest DDoS botnets ever seen, disrupted many high profile websites, such as Dyn, OVH, and Krebs on Security, in 2016. OVH revealed that the attacks exceeded 1 Tbps, the largest on the public record.
Organizations can mitigate botnets through black hole filtering, which prevents undesirable network traffic from entering protected networks. You should install a firewall as your first layer of defense. Always keep your software and systems updated to the latest versions.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Cyber Attacks
13. SYN Flood Attacks
During a TCP SYN flood attack, hackers target and exploit the buffer spaces’ use during the TCP (Transmission Control Protocol) session handshake initialization. The cyber adversaries then use a device to flood the system’s in-process queue with numerous connection requests but fail to respond once it replies to the requests. As a result, the target system times out as it waits for the attacker’s device to respond, resulting in network crashes and unavailability.
Some of the available countermeasures include placing servers behind a robust firewall and increasing the connection request queue’s size. Administrators can mitigate SYN flood attacks using micro blocks. This measure involves allocating a micro-record (as few as 16 bytes) in the server memory for each incoming SYN request instead of a complete connection object.
14. Smurf Attacks
Smurf attacks involve using ICMP (Internet Control Message Protocol) and IP spoofing to saturate a network with unwanted traffic. The attack method utilizes ICMP echo requests directed towards the broadcast IP addresses.
For example, a hacker would spoof ICMP echo requests from the intended victim IP address, say 10.0.0.10, to a broadcast IP address, say 10.10.255.255. The request would target all IPs within range, while all the response goes back to the spoofed IP address (10.0.0.10). Attackers may choose to automate the process, since it is repeatable, to generate vast amounts of undesirable network traffics.
The primary prevention measure is to disable IP-directed broadcasts at the network routers. A straightforward mitigation measure involves disabling IP broadcasting addresses at each network router and firewall. In most cases, older routers are likely to enable broadcasting by default, while newer ones likely have it disabled.
15. Ping of Death Attacks
Ping of death is a type of DDoS attack that utilizes IP packets to ping a targeted network with an IP size exceeding the IP packet size of 65,535 bytes.
Systems do not allow IP packets exceeding the maximum size, and attackers, therefore, fragments the IP packet. Upon attempting to reassemble the oversized packet, the target system may experience buffer overflows and crash.
Organizations can block ping of death attacks by configuring a network firewall to examine the fragmented IP packet to ensure it does not exceed the maximum size. Many sites block ICMP ping messages altogether at their firewalls. You can selectively block fragmented pings, allowing actual ping traffic to pass through unhindered.
16. Teardrop Attack
A teardrop attack is a process where attackers send fragmented packets to a computer. It causes the fragmentation and length of offset fields in sequential IP (Internet Protocol) packets to overlap each other on the targeted system. As a result, the compromised host attempts to reconstruct the IP packets but may fail. The system then becomes confused and may crash.
Teardrop attacks are more common in older operating systems, including Linux kernel before 2.1.63., Windows NT, Windows 95, among others.
An efficient firewall network can deliver a reliable protection method. The security solution filters junk and infected data and keeps it away from the network spectrum. Businesses can also implement secure proxy to inspect the incoming packets.
Web Application Attacks
17. SQL Injection
SQL is an acronym for the structured query language. Databases require SQL programming language to communicate with other databases. Most servers that house essential data need SQL language to manage data in various databases.
SQL injection attacks target servers that rely on SQL language, where malicious actors insert a harmful code to instruct the servers to divulge sensitive data. Hackers execute the attack by first exploiting existing SQL vulnerabilities so that the targeted SQL server can run the harmful code. For instance, attackers can target a vulnerable SQL server and type a code on a website’s search box to force the server to dump stored passwords and usernames.
SQL injection attacks can be problematic if the targeted server stores personal information. The attacks represent two-third of all web app attacks. Besides, SQL injection errors and cross-site scripting (XSS) have topped, or nearly topped, the Open Web Application Security Project’s (OWASP) list of top 10 web vulnerabilities for more than a decade.
- You can prevent SQL injection attacks by trusting no one. Assume all user-submitted data is evil and use input validation to prevent dangerous characters from passing to a SQL query in data.
- Update and patch applications and databases that hackers can exploit using SQL injection attacks.
- Install a web application firewall (WAF) – either an appliance or software-based to filter malicious traffic
- Use appropriate access controls and privileges to prevent misuse and malicious activities
18. Cross-Site Scripting
XSS attacks are similar to SQL injection attacks. A hacker identifies and exploits SQL vulnerabilities present in a website server and injects a malicious code for exfiltrating data during an SQL attack. Similarly, XSS attacks involve the same approach, where the attacker injects a malicious code into a website to target visitors.
Hackers do not attack the website itself but instead target visitors. The malicious code runs on the users’ computers once the visitors click on the compromised website. One common way attackers execute a cross-site scripting attack is by injecting harmful code on a script designed to run automatically.
XSS attacks can impact a business severely. For instance, victims of a cross-site scripting attack may opt to file a class-action lawsuit, which may cripple a business’s finances and reputation.
You can follow these steps to prevent XSS attacks:
- Prevent XSS vulnerabilities from appearing in your applications by escaping using input. This measure involves taking the data an application has received and ensuring it’s secure before rendering it for the end-user
- Any untrusted data originating from outside the system can be malicious. It would help if you validated input by ensuring an application is rendering the correct data and blocking malicious traffic from harming the site
- Sanitize data to make it permanently unrecoverable through physical or digital means. This method prevents hackers from accessing confidential information
19. Cross-Site Request Forgery (CSRF or XSRF)
Cross-site request forgery attacks, also referred to as session riding or one-click attack, is a malicious website exploit where a user on a trusted web application is forced to executed unwanted commands.
Cyber adversaries executing CSRF attacks typically use social engineering methods to manipulate an authorized and authenticated user into executing the commands without their consent. For example, a user may innocently click on a link in a chat message but unwittingly enable the attacker to share their access privileges and identity. Therefore, attackers can assume the victim’s identity and use it to commit more crimes.
CSRF attacks are more dangerous where the targeted user is a web administrator since the attacker can compromise every other user or software on the web application’s network.
A CSRF attack can harm both the entity operating the compromised website and users accessing it. Moreover, CSRF attacks may negatively impact an organization’s reputation, destroy customer confidence, and cause financial losses.
You can prevent cross-site scripting request attacks using an anti-CSRF token. Additionally, you can use the SameSite flag in cookies.
20. Insecure Direct Object References
The insecure direct object reference is an access control vulnerability that occurs when a software application accesses objects directly using user-supplied inputs. The security weakness happens when an app developer gains direct access to internal implementation objects using an identifier but fails to provide additional authorization or authentication checks.
There are many examples of insecure direct object reference vulnerabilities. For example, a database user is usually referenced using the user ID. The same user ID is a key that can provide access to the database column containing sensitive user information generated automatically. An attacker can use the user ID to enumerate other database users.
You can prevent insecure direct object references using instance-based features for specifying access control lists applicable to domain objects. Besides, organizations can use secure hashes instead of actual object references to make it harder for attackers to tamper with user-controllable values.
Password Cyber Attacks
Passwords are among the most used cybersecurity mechanisms for authenticating users before allowing them to access an information system. Cybercriminals execute password attacks since they are effective methods of gaining access to protected data or systems.
Password attack methods range from simple techniques like searching the targets’ desks to identify written passwords to advanced techniques, involving trying multiple passwords until the correct one works.
The following are some popular password attack methods:
21. Brute-Force Attacks
Brute-force attacks involve using special tools designed to combine all known letters and symbols, hoping that the information system under attack will accept one. Depending on the target’s habits, hobbies, job title, and personally identifiable information, attackers can apply logic to make the attack process more effective.
Five percent of confirmed data breach incidents in 2020 stemmed from brute force attacks.
22. Dictionary Attacks
A dictionary attack is a type of cyber attack where malicious cyber actors use a dictionary of common passwords to gain unauthorized system access. One of the common ways to execute dictionary attacks is copying an encrypted file containing the passwords, applying the same encryption file to a dictionary of common passwords, and comparing the results.
Follow these steps to prevent different password attack techniques:
You can follow these tips to prevent brute-force attacks:
- Increase the password complexity
- Increase the password length
- Implement captcha in web applications and login/contact us forms
- Use multi-factor authentication
- Refresh passwords by requiring users to cycle passwords regularly
- Force captchas after multiple failed logins to slow down an attacker
- Businesses can configure web apps to lock an account after a specified number of attempted logins
I am a cyber security professional with a passion for delivering proactive strategies for day to day operational challenges. I am excited to be working with leading cyber security teams and professionals on projects that involve machine learning & AI solutions to solve the cyberspace menace and cut through inefficiency that plague today’s business environments.