A cyberattack is where an attacker tries to gain unauthorized access to an IT system for the purpose of theft, extortion, disruption or other nefarious reasons.
Of course, a large number of security incidents are caused by insiders – whether through negligence or malice. However, for the sake of simplicity, let us assume that a cyber-attack is carried out by someone who is not, or was not, a member of your organization.
While there are many different ways that an attacker can infiltrate an IT system, most cyber-attacks rely on pretty similar techniques. Below are some of the most common types of cyber-attacks.
Malware is a type of application that can perform a variety of malicious tasks. Some strains of malware are designed to create persistent access to a network, some are designed to spy on the user in order to obtain credentials or other valuable data, while some are simply designed to cause disruption.
Some forms of malware are designed to extort the victim in some way. Perhaps the most notable form of malware is Ransomware – a program designed to encrypt the victim’s files and then ask them to pay a ransom in order to get the decryption key.
A Phishing attack is where the attacker tries to trick an unsuspecting victim into handing over valuable information, such as passwords, credit card details, intellectual property, and so on.
Phishing attacks often arrive in the form of an email pretending to be from a legitimate organization, such as your bank, the tax department, or some other trusted entity.
Phishing is probably the most common form of cyber-attack, largely because it is easy to carry-out, and surprisingly effective.
3. Man-in-the-middle attack (MITM)
A man-in-the-middle attack (MITM) is where an attacker intercepts the communication between two parties in an attempt to spy on the victims, steal personal information or credentials, or perhaps alter the conversation in some way.
MITM attacks are less common these days as most email and chat systems use end-to-end encryption which prevents third parties from tampering with the data that is transmitted across the network, regardless of whether the network is secure or not.
4. Distributed Denial-of-Service (DDoS) attack
A DDoS attack is where an attacker essentially floods a target server with traffic in an attempt to disrupt, and perhaps even bring down the target. However, unlike traditional denial-of-service attacks, which most sophisticated firewalls can detect and respond to, a DDoS attack is able to leverage multiple compromised devices to bombard the target with traffic.
5. SQL injection
SQL injection is a type of attack which is specific to SQL databases. SQL databases uses SQL statements to query the data, and these statements are typically executed via a HTML form on a webpage. If the database permissions have not been set properly, the attacker may be able to exploit the HTML form to execute queries that will create, read, modify or delete the data stored in the database.
6. Zero-day exploit
A zero-day exploit is where cyber-criminals learn of a vulnerability that has been discovered in certain widely-used software applications and operating systems, and then target organizations who are using that software in order to exploit the vulnerability before a fix becomes available.
7. DNS Tunnelling
DNS tunnelling is a sophisticated attack vector that is designed to provide attackers with persistent access to a given target. Since many organizations fail to monitor DNS traffic for malicious activity, attackers are able to insert or “tunnel” malware into DNS queries (DNS requests sent from the client to the server). The malware is used to create a persistent communication channel that most firewalls are unable to detect.
8. Business Email Compromise (BEC)
A BEC attack is where the attacker targets specific individuals, usually an employee who has the ability to authorize financial transactions, in order to trick them into transferring money into an account controlled by the attacker.
BEC attacks usually involve planning and research in order to be effective. For example, any information about the target organization’s executives, employees, customers, business partners and potential business partners, will help the attacker convince the employee into handing over the funds.
BEC attacks are one of the most financially damaging forms of cyber-attack.
Cryptojacking is where cyber criminals compromise a user’s computer or device and use it to mine cryptocurrencies, such as Bitcoin. Cryptojacking is not as well-known as other attack vectors, however, it shouldn’t be underestimated.
Organizations don’t have great visibility when it comes to this type of attack, which means that a hacker could be using valuable network resources to mine a cryptocurrency without the organization having any knowledge of it.
Of course, leaching resources from a company network is far less problematic than stealing valuable data.
10. Drive-by Attack
A ‘drive-by-download’ attack is where an unsuspecting victim visits a website which in turn infects their device with malware. The website in question could be one that is directly controlled by the attacker, or one that has been compromised.
In some cases, the malware is served in content such as banners and advertisements. These days exploit kits are available which allow novice hackers to easily setup malicious websites or distribute malicious content through other means.
11. Cross-site scripting (XSS) attacks
Cross-site scripting attacks are quite similar to SQL injection attacks, although instead of extracting data from a database, they are typically used to infect other users who visit the site. A simple example would be the comments section on a webpage.
If the user input isn’t filtered before the comment is published, an attacker can publish a malicious script that is hidden in the page. When a user visits this page, the script will execute and either infect their device, or be used to steal cookies or perhaps even be used to extract the user’s credentials.
Alternatively, they may just redirect the user to a malicious website.
12. Password Attack
A password attack, as you may have already guessed, is a type of cyber-attack where an attacker tries to guess, or “crack” a user’s password. There are many different techniques for cracking a user’s password, although an explanation of these different techniques is beyond the scope of this article.
However, some examples include the Brute-Force attack, Dictionary attack, Rainbow Table attack, Credential Stuffing, Password Spraying and the Keylogger attack. And of course, attackers will often try to use Phishing techniques to obtain a user’s password.
13. Eavesdropping attack
Sometimes referred to as “snooping” or “sniffing”, an eavesdropping attack is where the attacker looks for unsecured network communications to intercept and access data that is being sent across the network. This is one of the reasons why employees are asked to use a VPN when accessing the company network from an unsecured public Wi-Fi hotspot.
14. AI-Powered Attacks
The use of Artificial Intelligence to launch sophisticated cyber-attacks is a daunting prospect, as we don’t yet know what such attacks will be capable of. The most notable AI-powered attack we’ve seen to-date involved the use of AI-powered botnets which used slave machines to perform a huge DDoS attack.
However, we’re likely to see much more sophisticated attack vectors to come.
AI-powered software is able to learn what kinds of approaches work best and adapt their attack methods accordingly. They can use intelligence feeds to quickly identify software vulnerabilities, as well as scan systems themselves for potential vulnerabilities. AI-generated text, audio and video will be used to impersonate company executives, which can be used to launch very convincing Phishing attacks. Unlike humans, AI-powered attacks can work around the clock. They are fast, efficient, affordable and adaptable.
15. IoT-Based Attacks
As it currently stands, IoT devices are generally less secure than most modern operating systems, and hackers are keen to exploit their vulnerabilities. As with AI, the internet-of-things is still a relatively new concept, and so we are yet to see what methods cyber-criminals will use to exploit IoT devices, and to what ends.
Perhaps hackers will target medical devices, security systems, smart thermometers, or perhaps they will seek to compromise IoT devices in order to launch large-scale DDoS attacks. I guess we will find out in the years to come.