Cybercrime increases drastically every year, as attackers improve in efficiency and sophistication. Cyber attacks happen for a number of different reasons and in a number of different ways. However, a common thread is that cybercriminals will look to exploit vulnerabilities in an organization’s security policies, practices, or technology.
What is a Cyber Attack?
A cyberattack is where an attacker tries to gain unauthorized access to an IT system for the purpose of theft, extortion, disruption, or other nefarious reasons.
Of course, a large number of security incidents are caused by insiders – whether through negligence or malice. However, for the sake of simplicity, let’s assume that a cyber-attack is carried out by someone who is not, or was not, a member of your organization.
15 Common Types of Cyber Attacks and How to Mitigate Them
While there are many different ways that an attacker can infiltrate an IT system, most cyber-attacks rely on pretty similar techniques. Below are some of the most common types of cyber-attacks:
- Man-in-the-middle attack (MITM)
- Distributed Denial-of-Service (DDoS) attack
- SQL injection
- Zero-day exploit
- DNS Tunnelling
- Business Email Compromise (BEC)
- Drive-by Attack
- Cross-site scripting (XSS) attacks
- Password Attack
- Eavesdropping attacks
- AI-Powered Attacks
- IoT-Based Attacks
Malware is a type of application that can perform a variety of malicious tasks. Some strains of malware are designed to create persistent access to a network, some are designed to spy on the user in order to obtain credentials or other valuable data, while some are simply designed to cause disruption. Some forms of malware are designed to extort the victim in some way. Perhaps the most notable form of malware is ransomware – a program designed to encrypt the victim’s files and then ask them to pay a ransom in order to get the decryption key.
How to Prevent Malware Attacks
Preventing malware infections is not an easy task, as it requires a multi-pronged approach. At the least, you will need to:
- Ensure that you have the latest and greatest anti-malware/spam protection software installed.
- Ensure that your staff is trained to identify malicious emails and websites.
- Have a strong password policy, and use multi-factor authentication where possible.
- Keep all software patched and up-to-date.
- Only use administrator accounts when absolutely necessary.
- Control access to systems and data, and strictly adhere to the least-privilege model.
- Monitor your network for malicious activity, including suspicious file encryption, inbound/outbound network traffic, performance issues, and so on.
A Phishing attack is where the attacker tries to trick an unsuspecting victim into handing over valuable information, such as passwords, credit card details, intellectual property, and so on. Phishing attacks often arrive in the form of an email pretending to be from a legitimate organization, such as your bank, the tax department, or some other trusted entity. Phishing is probably the most common form of cyber-attack, largely because it is easy to carry out, and surprisingly effective.
How to Prevent Phishing Attacks
Given that phishing attacks are often used to trick a victim into installing malicious software on their device, the techniques used to prevent phishing attacks are much the same as preventing malware attacks. However, we could say that phishing attacks are mainly the result of negligence, and as such, security awareness training would be the best way to prevent them. Employees should be sufficiently trained to identify suspicious emails, links, and websites, and know not to enter information or download files from sites they don’t trust. It would also be a good idea to download any add-ons that can help you identify malicious websites. See 10 Tips to Prevent Phishing Attacks
3. Man-in-the-middle attack (MITM)
A man-in-the-middle attack (MITM) is where an attacker intercepts the communication between two parties in an attempt to spy on the victims, steal personal information or credentials, or perhaps alter the conversation in some way. MITM attacks are less common these days as most email and chat systems use end-to-end encryption which prevents third-party’s from tampering with the data that is transmitted across the network, regardless of whether the network is secure or not.
How to Prevent MITM Attacks
If the communication protocols you use do not feature end-to-end encryption, consider using a VPN (a virtual private network) when connecting to your network, especially if you are connecting from a public Wi-Fi hotspot. Beware of fake websites, intrusive pop-ups, and invalid certificates, and look for “HTTPS” at the beginning of each URL.
4. Distributed Denial-of-Service (DDoS) Attack
A DDoS attack is where an attacker essentially floods a target server with traffic in an attempt to disrupt, and perhaps even bring down the target. However, unlike traditional denial-of-service attacks, which most sophisticated firewalls can detect and respond to, a DDoS attack is able to leverage multiple compromised devices in order to bombard the target with traffic.
How to Prevent DDoS Attacks
Preventing DDoS attacks is tricky because there are few warning signs to look out for, and few ways to actually stop the attack once it has begun. That said, using a next-generation firewall or Intrusion Prevention System (IPS) will give you real-time insights into any traffic inconsistencies, network performance issues, intermittent web crashes, and so on. It would also be a good idea to put your servers in different data centers, as that would enable you to switch to another server if the current one fails. In many ways, the best way to defend your network from DDoS attacks is to have a tried and tested response plan in place, that would enable you to get your systems back online ASAP and maintain business operations. It should be noted that many cloud-based service providers offer network redundancy features, which include creating duplicating copies of your data, which you can quickly switch to if necessary.
5. SQL Injection
SQL injection is a type of attack which is specific to SQL databases. SQL databases use SQL statements to query the data, and these statements are typically executed via an HTML form on a webpage. If the database permissions haven’t been set properly, the attacker may be able to exploit the HTML form to execute queries that will create, read, modify or delete the data stored in the database.
How to prevent SQL Injection Attack
The only way to prevent SQL injection attacks is to ensure that the web developers have properly sanitized all inputs. In other words, data cannot be taken directly from an input box, such as a password field, and stored in a database. Instead, the entered password must be validated to ensure that it meets pre-defined criteria.
6. Zero-day Exploit
A zero-day exploit is where cyber-criminals learn of a vulnerability that has been discovered in certain widely-used software applications and operating systems, and then target organizations who are using that software in order to exploit the vulnerability before a fix becomes available.
How to Prevent Zero-Day Exploits
Traditional antivirus solutions are not effective against zero-day threats, since they are not yet known about. As such, there’s no fool-proof way of preventing such attacks. However, Next-Generation Antivirus (NGAV) solutions can help to prevent attackers from installing unknown software onto a victim’s computer. Naturally, keeping all software up-to-date will help to remove vulnerabilities, and having a tried and tested incident response plan in place will help you recover quickly in the event of an infection.
7. DNS Tunnelling
DNS tunneling is a sophisticated attack vector that is designed to provide attackers with persistent access to a given target. Since many organizations fail to monitor DNS traffic for malicious activity, attackers are able to insert or “tunnel” malware into DNS queries (DNS requests sent from the client to the server). The malware is used to create a persistent communication channel that most firewalls are unable to detect.
How to Prevent DNS Tunnelling
Since traditional firewalls and AV software is not able to detect DNS tunneling, you will probably need to invest in specialized tools, such as TunnelGuard, Zscaler and DNSFilter. You should ensure that the tools you use can automatically block the execution of malware contained in malicious DNS queries. It should also blacklist destinations that are known to be used for data exfiltration, and provide real-time analysis of all DNS queries for suspicious patterns.
8. Business Email Compromise (BEC)
A BEC attack is where the attacker targets specific individuals, usually an employee who has the ability to authorize financial transactions, in order to trick them into transferring money into an account controlled by the attacker. BEC attacks usually involve planning and research in order to be effective. For example, any information about the target organization’s executives, employees, customers, business partners, and potential business partners, will help the attacker convince the employee into handing over the funds. BEC attacks are one of the most financially damaging forms of cyber-attack.
How to Prevent BEC Attacks
As with other phishing attacks, security awareness training is the best way to prevent BEC. Employees must be trained to look out for emails with a fake domain, or emails that impersonate a vendor, display a sense of urgency, and anything else that looks suspicious.
Cryptojacking is where cybercriminals compromise a user’s computer or device and use it to mine cryptocurrencies, such as Bitcoin. Cryptojacking is not as well known as other attack vectors, however, it shouldn’t be underestimated. Organizations don’t have great visibility when it comes to this type of attack, which means that a hacker could be using valuable network resources to mine a cryptocurrency without the organization having any knowledge of it. Of course, leaching resources from a company network is far less problematic than stealing valuable data.
How to Prevent Cryptojacking
To protect your network from Cryptojacking you will need to monitor the CPU usage of all network devices, including any cloud-based infrastructure you use. It is also a good idea to train your employees to keep a look out for any performance issues or suspicious emails, which may contain Cryptojacking malware.
10. Drive-by Attack
A ‘drive-by-download’ attack is where an unsuspecting victim visits a website which in turn infects their device with malware. The website in question could be one that is directly controlled by the attacker or one that has been compromised. In some cases, the malware is served in content such as banners and advertisements. These days, exploit kits are available which allow novice hackers to easily setup malicious websites or distribute malicious content through other means.
How to Prevent Drive-by Attacks
11. Cross-site Scripting (XSS) Aattacks
Cross-site scripting attacks are quite similar to SQL injection attacks, although instead of extracting data from a database, they are typically used to infect other users who visit the site. A simple example would be the comments section on a webpage. If the user input isn’t filtered before the comment is published, an attacker can publish a malicious script that is hidden on the page. When a user visits this page, the script will execute and either infect their device or be used to steal cookies or perhaps even be used to extract the user’s credentials. Alternatively, they may just redirect the user to a malicious website.
How to Prevent Cross-site Scripting Attack
12. Password Attack
A password attack, as you may have already guessed, is a type of cyber-attack where an attacker tries to guess, or “crack” a user’s password. There are many different techniques for cracking a user’s password, although an explanation of these different techniques is beyond the scope of this article. However, some examples include the Brute-Force attack, Dictionary attack, Rainbow Table attack, Credential Stuffing, Password Spraying, and the Keylogger attack. And of course, attackers will often try to use Phishing techniques to obtain a user’s password.
How to Prevent Password Attacks
The first step toward preventing password attacks is to ensure that you have a strong password policy in place, and use Multi-Factor Authentication (MFA) where possible. It is also a good idea to carry out penetration tests to identify vulnerabilities. Use a real-time auditing solution that can monitor and respond to suspicious login attempts.
13. Eavesdropping Attacks
Sometimes referred to as “snooping” or “sniffing”, an eavesdropping attack is where the attacker looks for unsecured network communications in an attempt to intercept and access data that is being sent across the network. This is one of the reasons why employees are asked to use a VPN when accessing the company network from an unsecured public Wi-Fi hotspot.
How to Prevent Eavesdropping Attacks
As with MITM attacks, the best way to prevent eavesdropping attacks is to ensure that all sensitive data is encrypted, both at rest and in transit. Firewalls, VPNs, and anti-malware solutions provide an essential defense against such attacks. Consider segmenting your network, and adopt a zero-trust model, where all incoming packets are required to authenticate themselves. Use an intrusion prevention solution to monitor your network for suspicious traffic and reject any packets with spoofed addresses. Since many eavesdropping attacks rely on malware to infect communication channels, employees must be sufficiently trained to identify phishing attempts.
14. AI-Powered Attacks
The use of Artificial Intelligence to launch sophisticated cyber attacks is a daunting prospect, as we don’t yet know what such attacks will be capable of. The most notable AI-powered attack we’ve seen to date involved the use of AI-powered botnets which used slave machines to perform a huge DDoS attack. However, we’re likely to see much more sophisticated attack vectors to come. AI-powered software is able to learn what kinds of approaches work best and adapt their attack methods accordingly. They can use intelligence feeds to quickly identify software vulnerabilities, as well as scan systems themselves for potential vulnerabilities. AI-generated text, audio, and video will be used to impersonate company executives, which can be used to launch very convincing Phishing attacks. Unlike humans, AI-powered attacks can work around the clock. They are fast, efficient, affordable, and adaptable.
How to Prevent AI-Powered Attacka
Unfortunately, there’s no simple way to prevent AI attacks. Of course, good password hygiene, robust access controls, network monitoring, and all of the other solutions mentioned above, will no doubt help. However, the problem with AI is that it’s very unpredictable. In other words, we have no idea what kind of super-viruses will emerge in the coming years, and we have no idea how AI will be used to combat them. The best thing to do would be to keep a watch out for AI-powered security solutions.
15. IoT-Based Attacks
As it currently stands, IoT devices are generally less secure than most modern operating systems, and hackers are keen to exploit their vulnerabilities. As with AI, the internet-of-things is still a relatively new concept, and so we are yet to see what methods cyber-criminals will use to exploit IoT devices, and to what ends. Perhaps hackers will target medical devices, security systems, and smart thermometers, or perhaps they will seek to compromise IoT devices in order to launch large-scale DDoS attacks. I guess we will find out in the years to come.
How to Prevent IoT Attacks
IoT devices are typically interconnected, which means that if one device is compromised, it’s possible that the attack will spread to other devices. To make matters worse, IoT devices hardly have any inbuilt security, which makes them a perfect target for adversaries. In addition to implementing general security measures, you will need to ensure that you change the default router settings, use a strong and unique password, disconnect IoT devices when they are not in use, and make sure that they have the latest patches/updates installed.
How Lepide Helps
The Lepide Data Security Platform gives you visibility over critical changes being made to your systems and interactions with your sensitive data. The platform enables you to locate and classify your sensitive data, govern access by removing excessive permissions and analyze user and entity behavior.
By getting visibility over your data, you’ll have the ability to detect security threats in real-time and react to quickly shut down the threat with Lepide’s automated, pre-defined threat models. If you’d like to see how Lepide can help you defend against cyber-attacks, schedule a demo or download free trial of the Lepide Data Security Platform today.