A cyber attack refers to an action designed to target a computer or any element of a computerized information system to change, destroy, or steal data, as well as exploit or harm a network. Cyber attacks have been on the rise, in sync with the digitization of business that has become more and more popular in recent years.
Adhering to best practices, applying good cloud configuration, maintaining a strong security hygiene, and implementing ongoing staff education all greatly mitigate risks of becoming a victim of a cyber attack.
This article offers a brief introduction to the different types of attacks, be sure to look out for our future blogs will deep dive into the specifics of the more common ones, and reach out to us to learn more on how we can help you craft a specific strategy for your business and industry
Phishing
How it works: The attacker uses a list of phone numbers or email addresses and delivers a message with a compelling call to action. (For example, the user may be told that he or she needs to log in and verify transactions.) Usually, it sends users to a fake website where the users provide their username and password.
Vishing and Smishing
How it works: Vishing and smishing refer to types of phishing that use voice and sms respectively to craft social engineering attacks designed to convince victims to share sensitive and confidential information such as bank details.
Spear Phishing
How it works: With spear phishing attacks, the attacker targets a small group of individuals with well-crafted, believable messages that are relevant to the target group, often using personalized content (such as the user’s name or a recent user action or event). Like phishing, it uses calls to action that get users to provide their credentials.
Whale Phishing
How it works: A whale phishing attack is essentially a form of spear phishing but aimed specifically at the C-suite level of employees (whales) in an organization. These individuals are likely to possess information that can be valuable to attackers, such as proprietary information about the business or its operations.
Keylogger
How it works: The attacker installs a program (often via a virus) that captures every keystroke on the user’s computer, including sites visited, usernames, passwords, answers to security questions, and more.
Credential Stuffing
How it works: The attacker takes advantage of the fact that users often use the same username and password on multiple accounts by attempting to use stolen credential pairs to gain access to many different sites and apps.
Brute Force Attack
How it works: The attacker uses a program to generate possible usernames/passwords and which will then try to gain access to multiple different systems with them.
Dictionary Attack
How it works: A specific type of brute force attack where instead of generating all possible passwords. The attacker uses a database or file containing a massive dictionary of word and phrases containing but not limited to known or commonly used passwords (like Password123).
Rainbow Table Attack
How it works: Essentially a form of dictionary attack. When an attacker manages to gain access to a list of password hashes, they can use a rainbow table, which is a huge database of precomputed hashes and their plain text values. The attacker simply needs to take the hash value they wish to decipher and perform a lookup for the corresponding plaintext value in the rainbow table
Birthday Attack
How it works: The birthday paradox is based on the fact that in a room of 23 people, there is more than a 50% chance that two of them have the same birthday. Poor hashing strategies can result in different content resolving to the same hash value. In a birthday attack an attacker exploits this by creating a hash that is identical to what the sender has appended to their message, allowing them to replace the sender’s message with their own.
Man-In-The-Middle (MITM) Attack
How it works: The attacker’s program inserts itself into the interaction between a user and an app (for instance, by impersonating a public Wi-Fi). The program then gathers the login credentials that the user enters—or even hijacks the session token.
Eavesdropping Attack
How it works: An eavesdropping attack is a form of the MITM attack. Typcially eavesdropping attacks are passive, where the attacker simply monitors network traffic, listening for confidential or sensitive data such as usernames, passwords, and credit cards.
Session Hijacking
How it works: Session hijacking is one of multiple types of Man in the Middle (MITM) attacks. The attacker takes over a session between a client and the server by impersonating the client.
This kind of attack is effective because the server uses the client’s IP address to verify its identity. If the attacker’s IP address is inserted partway through the session, the server may not suspect that anything is wrong because it is already engaged in a trusted connection.
Ransomware
How it works: The victim’s system is held hostage until they agree to pay a ransom to the attacker. After the payment has been sent, the attacker then provides instructions regarding how the target can regain control of their computer. The name “ransomware” is appropriate because the malware demands a ransom from the victim.
DoS and DDoS
How it works: A denial-of-service (DoS) attack is designed to overwhelm the resources of a system to the point where it is unable to reply to legitimate service requests. A distributed denial-of-service (DDoS) attack is similar in that it also seeks to drain the resources of a system. A DDoS attack is initiated by a vast array of malware-infected host machines controlled by the attacker. These are referred to as “denial of service” attacks because the victim site is unable to provide service to those who want to access it.
SQL Injection
How it works: A Structured Query Language (SQL) injection attack can occur in any situation when a user’s input can make its way to the database without being checked or sanitized. In this scenario instead of providing input in its expected form, a user can craft an input that includes a SQL statement which will run against the database, potentially causing data exposure, and depending on access control and database design, may cause data modification or data deletion.
Path Traversal
How it works: Given a url with an intuitive or descriptive path, users can manipulate the address in the browser to access arbitrary files and directories stored on file system including application source code or configuration and critical system files.
DNS Spoofing
How it works: Domain Name System (DNS) is the phone book of the internet, mapping website urls to ip addresses. With DNS spoofing, an attacker modifies the DNS resolvers cache so users requesting the ip address of a legitimate website will be directed to a fake or spoofed site. These unsuspecting users may enter sensitive information believing they are on the real site.
Trojan Horse
How it works: Inspired by the Greek legend of the same name, a Trojan horse is a seemingly legitimate program which acts as a delivery method for a malicious program that is hidden inside. Executing the legitimate program activates the malicious one which typically enables attackers to enter the system through a backdoor it installs.
Cross Site Scripting Attacks
How it works: With cross-site scripting (XSS), the attacker transmits malicious scripts via a legitimate website. Using legitimate but poorly configured inputs, the attacker stores scripts which when rendered in the browsers of other users can cause the script to execute and perform a number of unintended tasks such as stealing cookie or session data.
Insider Threats
How it works: Attackers within the organization with an in-depth understanding of its cybersecurity architecture are a significant risk. If they have the motive to sabotage your organization and the access or privileges required to carry out the attack, they can cause serious problems to business critical systems. Outside of solid access controls, extensive monitoring and employee training and awareness, there are not a lot of ways to directly target this threat.
Adelear works with organizations looking to better protect their business and user data as well as craft a long term strategy for technology efficiency and optimization. Our team offers solutions that allow businesses in a wide range of industries to unlock their potential while remaining compliant, secure and competitive. Reach out to us today to learn more about our process or start your journey.