Cybercrime increases drastically every year, as attackers improve in efficiency and sophistication. Cyber attacks happen for a number of different reasons and in a number of different ways. However, a common thread is that cybercriminals will look to exploit vulnerabilities in an organization’s security policies, practices, or technology.
What is a Cyber Attack?
A cyberattack is where an attacker tries to gain unauthorized access to an IT system for the purpose of theft, extortion, disruption, or other nefarious reasons.
Of course, a large number of security incidents are caused by insiders – whether through negligence or malice. However, for the sake of simplicity, let’s assume that a cyber-attack is carried out by someone who is not, or was not, a member of your organization.
15 Common Types of Cyber Attacks and How to Mitigate Them
While there are many different ways that an attacker can infiltrate an IT system, most cyber-attacks rely on pretty similar techniques. Below are some of the most common types of cyber-attacks:
- Malware
- Phishing
- Man-in-the-middle attack (MITM)
- Distributed Denial-of-Service (DDoS) attack
- SQL injection
- Zero-day exploit
- DNS Tunnelling
- Business Email Compromise (BEC)
- Cryptojacking
- Drive-by Attack
- Cross-site scripting (XSS) attacks
- Password Attack
- Eavesdropping attacks
- Insider Threats
- IoT-Based Attacks
1. Malware
Malicious software, or malware, is unwanted software that is installed on your system without your permission. It can hide in legitimate websites and applications, or attach itself to files. Different types of malware have various methods of infecting and harming your computer, such as replicating, encrypting files, blocking access to data, displaying advertisements, or secretly collecting information. The different types of malware include:
- Viruses: These are malicious programs that replicate themselves and infect other files and systems.
- Worms: Worms are similar to viruses, but they can spread independently without needing to attach to other files or programs.
- Trojans: Trojans disguise themselves as legitimate software, tricking users into installing them.
- Ransomware: Ransomware encrypts the files on a victim’s computer and demands a ransom to regain access to them.
- Spyware: Spyware is designed to secretly collect information about a user’s activities, typically without their knowledge or consent. It can capture keystrokes, monitor browsing habits, and collect personal information.
- Adware: Adware displays unwanted advertisements on a user’s device. While not always malicious, it can be intrusive and negatively impact system performance.
- Keyloggers: Keyloggers capture and record keystrokes made on a computer, allowing attackers to gather sensitive information like passwords, credit card details, and login credentials.
- Rootkits: Rootkits are sophisticated malware designed to gain unauthorized access to a computer system and mask the presence of other malicious programs.
- Botnets: Botnets are networks of compromised computers connected to a central command and control server. Attackers use these networks to carry out various malicious activities, such as launching distributed denial-of-service (DDoS) attacks or delivering spam.
- Fileless malware: This type of malware doesn’t rely on traditional files to infect a system. Instead, it resides in the device’s memory or registry, making it harder to detect and remove.
These are just some of the many types of malware, and new variants are constantly being developed as attackers evolve their tactics.
One of the most notorious examples of malware is Emotet, which has caused significant financial losses and disruption for individuals, organizations, and governments alike. Emotet originated as a banking Trojan in 2014 but has since evolved into a modular and polymorphic malware, making it incredibly difficult to detect and eradicate. Emotet primarily spreads through cleverly crafted phishing emails containing malicious attachments or malicious links, which, when clicked, unleash a torrent of malicious payloads. Once a victim’s system is compromised, Emotet establishes a foothold and can operate undetected, stealing sensitive data, spreading to other devices on the network, and even delivering additional malware.
How to Prevent Malware Attacks
Preventing malware infections is not an easy task, as it requires a multi-pronged approach. At the least, you will need to:
- Ensure that you have the latest and greatest anti-malware/spam protection software installed.
- Ensure that your staff is trained to identify malicious emails and websites.
- Have a strong password policy, and use multi-factor authentication where possible.
- Keep all software patched and up-to-date.
- Only use administrator accounts when absolutely necessary.
- Control access to systems and data, and strictly adhere to the least-privilege model.
- Monitor your network for malicious activity, including suspicious file encryption, inbound/outbound network traffic, performance issues, and so on.
2. Phishing
Phishing is a form of cyberattack that involves the use of email, SMS, phone calls, social media, and social engineering techniques to trick victims into divulging sensitive information or downloading malicious files that can infect their devices.
Types of Phishing Attack
- Spear Phishing: Spear phishing is a targeted attack that focuses on specific individuals or organizations. It involves sending deceitful emails designed to extract valuable information or infect the recipient’s device with malware.
- Whaling: Whaling attacks specifically target high-ranking executives or senior employees. The objective is to steal money or confidential information and gain unauthorized access to their systems to launch further cyberattacks.
- SMiShing: SMiShing is a deceptive technique that involves sending fraudulent text messages. The intention is to lure individuals into disclosing sensitive data such as passwords, usernames, and credit card numbers. Cybercriminals often pose as trusted entities like banks or shipping services.
- Vishing: Vishing refers to voice phishing, where fraudsters use phone calls and voice messages to impersonate reputable organizations. They manipulate individuals into revealing private information like bank details and passwords
Perhaps the most damaging phishing attack to date was the attack on Ukraine’s power grid, which occurred in 2015. The attack left numerous individuals without electricity during the winter. It entailed a prolonged operation of sending targeted phishing emails that aimed to deceive systems administrators and officials in order to pilfer valuable credentials and information. Naturally, Ukraine attributed the attack to Russia, although the culprits behind the attack remain unknown.
How to Prevent Phishing Attacks
Given that phishing attacks are often used to trick a victim into installing malicious software on their device, the techniques used to prevent phishing attacks are much the same as preventing malware attacks. However, we could say that phishing attacks are mainly the result of negligence, and as such, security awareness training would be the best way to prevent them. Employees should be sufficiently trained to identify suspicious emails, links, and websites, and know not to enter information or download files from sites they don’t trust. It would also be a good idea to download any add-ons that can help you identify malicious websites. See 10 Tips to Prevent Phishing Attacks
3. Man-in-the-middle attack (MITM)
A man-in-the-middle attack (MITM) is where an attacker intercepts the communication between two parties in an attempt to spy on the victims, steal personal information or credentials, or perhaps alter the conversation in some way. MITM attacks are less common these days as most email and chat systems use end-to-end encryption which prevents third-party’s from tampering with the data that is transmitted across the network, regardless of whether the network is secure or not.
How to Prevent MITM Attacks
If the communication protocols you use do not feature end-to-end encryption, consider using a VPN (a virtual private network) when connecting to your network, especially if you are connecting from a public Wi-Fi hotspot. Beware of fake websites, intrusive pop-ups, and invalid certificates, and look for “HTTPS” at the beginning of each URL.
4. DoS and DDoS Attacks
A DoS attack aims to overwhelm a system’s resources, causing it to be unable to respond to legitimate service requests. A DDoS attack is similar but involves multiple malware-infected host machines controlled by the attacker. These attacks prevent the targeted site from functioning properly and may lead to a complete shutdown. Unlike other cyber attacks that benefit the hacker directly, DoS and DDoS attacks simply aim to disrupt the target’s services. However, in some cases, the attacker may benefit financially if hired by a business competitor. Successful DoS or DDoS attacks can make the system vulnerable to other types of attacks.
In February 2020, a major DoS attack targeted Amazon Web Services (AWS). The attack was said to have been the largest DDoS attack in history, although others have claimed that it was only the largest publicly disclosed DDoS attack. For example, in September 2016, cybersecurity expert Brian Krebs experienced a massive DDoS attack on his blog, with a traffic load of over 620 Gbps. This attack, carried out by the Mirai botnet, was nearly three times larger than any previous attacks. The Mirai botnet consisted of compromised IoT devices and had been discovered a month earlier. Shortly after, the botnet targeted a large European hosting provider, OVH, with an attack that lasted for seven days and generated a traffic load of up to 1.1 terabits per second. OVH was not the only victim of the Mirai botnet that year.
How to Prevent DoS and DDoS Attacks
Preventing DoS and DDoS attacks requires proactive measures. Implement robust network infrastructure with firewalls and intrusion detection systems. Utilize traffic filtering and rate limiting mechanisms. Use content delivery networks to distribute traffic. Regularly update and patch systems to fix vulnerabilities. Implement strong authentication and access controls. Conduct regular stress testing to identify weak points. Educate employees about safe browsing practices and phishing awareness. Develop an incident response plan to mitigate attacks swiftly. Collaborate with ISPs and utilize anti-DDoS services for additional protection.
5. SQL Injection
SQL injection is a type of attack which is specific to SQL databases. SQL databases use SQL statements to query the data, and these statements are typically executed via an HTML form on a webpage. If the database permissions haven’t been set properly, the attacker may be able to exploit the HTML form to execute queries that will create, read, modify or delete the data stored in the database.
How to prevent SQL Injection Attack
The only way to prevent SQL injection attacks is to ensure that the web developers have properly sanitized all inputs. In other words, data cannot be taken directly from an input box, such as a password field, and stored in a database. Instead, the entered password must be validated to ensure that it meets pre-defined criteria.
6. Zero-day Exploit
A zero-day exploit is where cyber-criminals learn of a vulnerability that has been discovered in certain widely-used software applications and operating systems, and then target organizations who are using that software in order to exploit the vulnerability before a fix becomes available.
How to Prevent Zero-Day Exploits
Traditional antivirus solutions are not effective against zero-day threats, since they are not yet known about. As such, there’s no fool-proof way of preventing such attacks. However, Next-Generation Antivirus (NGAV) solutions can help to prevent attackers from installing unknown software onto a victim’s computer. Naturally, keeping all software up-to-date will help to remove vulnerabilities, and having a tried and tested incident response plan in place will help you recover quickly in the event of an infection.
7. DNS Tunnelling
DNS tunneling is a sophisticated attack vector that is designed to provide attackers with persistent access to a given target. Since many organizations fail to monitor DNS traffic for malicious activity, attackers are able to insert or “tunnel” malware into DNS queries (DNS requests sent from the client to the server). The malware is used to create a persistent communication channel that most firewalls are unable to detect.
How to Prevent DNS Tunnelling
Since traditional firewalls and AV software is not able to detect DNS tunneling, you will probably need to invest in specialized tools, such as TunnelGuard, Zscaler and DNSFilter. You should ensure that the tools you use can automatically block the execution of malware contained in malicious DNS queries. It should also blacklist destinations that are known to be used for data exfiltration, and provide real-time analysis of all DNS queries for suspicious patterns.
8. Business Email Compromise (BEC)
A BEC attack is where the attacker targets specific individuals, usually an employee who has the ability to authorize financial transactions, in order to trick them into transferring money into an account controlled by the attacker. BEC attacks usually involve planning and research in order to be effective. For example, any information about the target organization’s executives, employees, customers, business partners, and potential business partners, will help the attacker convince the employee into handing over the funds. BEC attacks are one of the most financially damaging forms of cyber-attack.
How to Prevent BEC Attacks
As with other phishing attacks, security awareness training is the best way to prevent BEC. Employees must be trained to look out for emails with a fake domain, or emails that impersonate a vendor, display a sense of urgency, and anything else that looks suspicious.
9. Cryptojacking
Cryptojacking is where cybercriminals compromise a user’s computer or device and use it to mine cryptocurrencies, such as Bitcoin. Cryptojacking is not as well known as other attack vectors, however, it shouldn’t be underestimated. Organizations don’t have great visibility when it comes to this type of attack, which means that a hacker could be using valuable network resources to mine a cryptocurrency without the organization having any knowledge of it. Of course, leaching resources from a company network is far less problematic than stealing valuable data.
How to Prevent Cryptojacking
To protect your network from Cryptojacking you will need to monitor the CPU usage of all network devices, including any cloud-based infrastructure you use. It is also a good idea to train your employees to keep a look out for any performance issues or suspicious emails, which may contain Cryptojacking malware.
10. Drive-by Attack
A ‘drive-by-download’ attack is where an unsuspecting victim visits a website which in turn infects their device with malware. The website in question could be one that is directly controlled by the attacker or one that has been compromised. In some cases, the malware is served in content such as banners and advertisements. These days, exploit kits are available which allow novice hackers to easily setup malicious websites or distribute malicious content through other means.
How to Prevent Drive-by Attacks
To minimize the chance of getting caught in a drive-by attack, first remove any unnecessary browser plug-ins, as they can sometimes be used in such attacks. Install an ad-blocker, or use a privacy/security-focused web browser, such as Brave. Of course, disabling both Java and JavaScript in the browser will improve security, although doing so will limit the browser’s functionality. It’s always a good idea to remember not to use a privileged account when browsing the web.
11. Cross-site Scripting (XSS) Aattacks
Cross-site scripting attacks are quite similar to SQL injection attacks, although instead of extracting data from a database, they are typically used to infect other users who visit the site. A simple example would be the comments section on a webpage. If the user input isn’t filtered before the comment is published, an attacker can publish a malicious script that is hidden on the page. When a user visits this page, the script will execute and either infect their device or be used to steal cookies or perhaps even be used to extract the user’s credentials. Alternatively, they may just redirect the user to a malicious website.
How to Prevent Cross-site Scripting Attack
Cross-site scripting is a complex topic and requires a basic understanding of web development concepts and technologies, such as HTML and JavaScript. However, in simple terms, the techniques used to prevent XSS attacks are similar to those used to prevent SQL injection attacks. Essentially, you need to ensure that all inputs are properly sanitized to ensure that adversaries are not able to inject malicious scripts into web pages. You must ensure that any special characters entered by the users are not rendered on your webpage.
12. Password Attack
A password attack, as you may have already guessed, is a type of cyber-attack where an attacker tries to guess, or “crack” a user’s password. There are many different techniques for cracking a user’s password, although an explanation of these different techniques is beyond the scope of this article. However, some examples include the Brute-Force attack, Dictionary attack, Rainbow Table attack, Credential Stuffing, Password Spraying, and the Keylogger attack. And of course, attackers will often try to use Phishing techniques to obtain a user’s password.
How to Prevent Password Attacks
The first step toward preventing password attacks is to ensure that you have a strong password policy in place, and use Multi-Factor Authentication (MFA) where possible. It is also a good idea to carry out penetration tests to identify vulnerabilities. Use a real-time auditing solution that can monitor and respond to suspicious login attempts.
13. Eavesdropping Attacks
Sometimes referred to as “snooping” or “sniffing”, an eavesdropping attack is where the attacker looks for unsecured network communications in an attempt to intercept and access data that is being sent across the network. This is one of the reasons why employees are asked to use a VPN when accessing the company network from an unsecured public Wi-Fi hotspot.
How to Prevent Eavesdropping Attacks
As with MITM attacks, the best way to prevent eavesdropping attacks is to ensure that all sensitive data is encrypted, both at rest and in transit. Firewalls, VPNs, and anti-malware solutions provide an essential defense against such attacks. Consider segmenting your network, and adopt a zero-trust model, where all incoming packets are required to authenticate themselves. Use an intrusion prevention solution to monitor your network for suspicious traffic and reject any packets with spoofed addresses. Since many eavesdropping attacks rely on malware to infect communication channels, employees must be sufficiently trained to identify phishing attempts.
14. Insider Threats
IT teams that exclusively focus on identifying external adversaries are only obtaining a partial understanding of the overall threat landscape. Insider threats, which consist of current or former employees, present a significant danger to organizations due to their unrestricted access to the company network, including sensitive data and intellectual property. Their familiarity with business procedures, company policies, and other relevant information that can aid in carrying out an attack.
Internal actors who endanger an organization typically possess malicious intent. Their motivation may involve seeking monetary gain by selling confidential information on the dark web. Conversely, some insider threat actors exhibit negligence rather than maliciousness. To counteract this issue, organizations should establish a comprehensive cybersecurity training program that educates all stakeholders about possible threats, including those that might originate from within the organization.
How to Prevent Insider Threats
Preventing insider threats requires a multi-faceted approach. Start by implementing strict access controls, limiting employees’ privileges to only what they need. Regularly monitor and analyze user behavior to detect anomalies. Conduct thorough background checks before hiring new personnel. Educate employees about security risks, emphasizing the importance of confidentiality and reporting suspicious activities. Implement strong authentication measures like two-factor authentication. Maintain a culture of trust and transparency, encouraging open communication and addressing grievances promptly. Regularly update and patch systems to prevent vulnerabilities. Lastly, have an incident response plan in place to swiftly address and mitigate any breaches.
15. IoT-Based Attacks
IT teams that exclusively focus on identifying external adversaries are only obtaining a partial understanding of the overall threat landscape. Insider threats, which consist of current or former employees, present a significant danger to organizations due to their unrestricted access to the company network, including sensitive data and intellectual property. Their familiarity with business procedures, company policies, and other relevant information that can aid in carrying out an attack.
How to Prevent IoT Attacks
IoT devices are typically interconnected, which means that if one device is compromised, it’s possible that the attack will spread to other devices. To make matters worse, IoT devices hardly have any inbuilt security, which makes them a perfect target for adversaries. In addition to implementing general security measures, you will need to ensure that you change the default router settings, use a strong and unique password, disconnect IoT devices when they are not in use, and make sure that they have the latest patches/updates installed.
How Lepide Helps
The Lepide Data Security Platform gives you visibility over critical changes being made to your systems and interactions with your sensitive data. The platform enables you to locate and classify your sensitive data, govern access by removing excessive permissions and analyze user and entity behavior.
By getting visibility over your data, you’ll have the ability to detect security threats in real-time and react to quickly shut down the threat with Lepide’s automated, pre-defined threat models. If you’d like to see how Lepide can help you defend against cyber-attacks, schedule a demo or download free trial of the Lepide Data Security Platform today.