Cyber attacks are running rampant today. It’s like an epidemic, with one major attack after another making headlines in the national and worldwide news.
These threats attack individuals and organizations, with mass attacks on organizations being especially catastrophic, since they compromise centralized sources of information that can impact millions of individuals and other associated entities. To the average, non-technical person, not only do all of these online attacks sound disturbing, but they may also sound like they’re all the same. Indeed, many if not all of these attacks share the ultimate goal of obtaining valuable information or money.
However, these attacks come in different forms, utilizing different kinds of tactics and exploiting various vulnerabilities to strike and steal. Here is a general breakdown of some common types of cyber attacks currently existing in the cyber world.
Cross-Site Scripting (XSS)
Denial of Service (DoS/DDoS)
Denial of Service (DoS) attacks serves the main purpose of disrupting a website or system so that it cannot respond to client requests from users who try to visit or request information from the site. In a DoS attack, hackers send excessive amounts of data or traffic to a website so that its server gets overloaded and crashes, not being able to operate. Although a website can crash in situations where a big scandal in the news breaks out and millions of people try to visit the site of the subject of the scandal, rushing at it with more traffic than it can handle, such crashes are usually due to bad intentions from a person or entity trying to cripple a website or the company that owns the site. Hackers behind a denial of service attacks can also employ multiple computers to overwhelm a website with traffic at the same time, making the DoS attack a Distributed Denial of Service attack (DDoS). The attacker may use these computers by hijacking them, often without the computer user’s knowledge. DDoS launches are harder to battle than DoS attacks because with multiple computers flooding a website, it’s challenging to pinpoint the sole culprit device or attacker.
The motives behind DoS and DDoS attacks can vary. Some attackers may be disgruntled customers who take pleasure in hurting a business’s performance, or they may attack a government site in protest of a controversial policy. In other cases, the DoS/DDoS attacks may be a preliminary step in compromising a system or website so that another type of attack, like session hijacking, can be carried out.
Malware is an umbrella term for various kinds of malicious software that is installed on a victim’s computer without his consent or knowledge. This software can perform a variety of dangerous activities, such as secretly stealing information, taking over the computer’s functions, or destroying data. Malware usually finds its way onto a computer through phishing emails or fraudulent websites. There are different categories of malware; some include
- Virus – Code that, once run, replicates itself to spread to other devices by altering computer applications or attaching itself to computer files. They cause damage such as data corruption and system failure.
- Trojan horse – Trojan programs deceive victims by appearing to serve a legitimate purpose like virus removal, but they actually perform dangerous tasks like accessing personal information or setting up backdoors for security exploits. Unlike viruses, they do not replicate or infect other files.
- Worm – Worms are standalone programs that spread like viruses, but unlike them, they do not have to attach to a “host” like a file or program in order to function. Usually spread through email attachments, worms are known for installing backdoors that give attackers remote control over a computer, using up bandwidth, and overloading network traffic, which can overwhelm email servers and result in denial of service attacks on a network.
- Spyware – Software that secretly tracks and records information, such as keystrokes, website browsing history, and personal information like credit card numbers.
- Ransomware – Ransomware is a particularly ruthless type of malware that commandeers and locks data access to a user, through encryption, until the user pays a ransom. The attackers usually threaten to delete or publish the victim’s information within a certain amount of time if the ransom is not paid.
Man in the Middle (MITM)
Man in the Middle (MITM) attacks are exactly that; attackers place themselves in between a client, which is the device/computer used by a user, and the server, which delivers the website that the user is trying to access or communicate with, unbeknownst to the user and the management behind the server. Once the attacker establishes that connection in the middle through techniques like DNS spoofing or wireless access point set up, the attacker can then intercept data communication between the client and server. While the client and server are under the understanding that they’re communicating with each other, they’re actually interacting with the attacker, who is posing as one entity to the other as he receives and possibly modifies information that is being transmitted back and forth. This transmitted information can include sensitive data like personally identifiable information (PII) and bank account numbers.
In one type of MITM attack, session hijacking, attackers steal a real user’s unique session ID through some method like cross-site scripting. Once the session ID is obtained, the attacker poses as the user on a client device requesting information from the server; the unsuspecting server communicates with the attacker disguised as the user, granting him access to sensitive information that he normally would not be authorized to view.
One entryway that attackers commonly use to set up MITM attacks is through connecting to computers and devices on unsecured public Wi-Fi networks in coffee shops, airports, or other places where free public Wi-Fi is available.
Phishing falls under social engineering, which is the psychological manipulation of people that leads them to follow a particular course of action. Commonly launched via email, a phishing attack typically starts with an attacker sending an email disguised as a message from a legitimate entity like a bank or e-commerce vendor indiscriminately to large groups of people. The hope is that some of the email recipients will not recognize anything suspicious in the email, like peculiarities in the sender’s address or the URLs of any links in the email and believe the email is a routine message from a trusted source. Prompted by instructions in the email to pay for an outstanding balance or update password information, for instance, these users will click on links that take them to websites where they think they are logging into their online accounts. However, the email links actually take them to fake sites that serve to capture the user’s login credentials and any other information like credit card details, which attackers use on real sites to steal the users’ personal information or make purchases.
Phishing attacks can get even more specialized with spear phishing, which involves sending emails to targeted people like employees of a company or organization instead of sending mass emails to random individuals. Spear phishing campaigns are more complex because they require background research on their targets so that in the email, which is disguised to be from a co-worker or known person to the victim, the attacker can reference specific details or events familiar to the victim. This will convince the email recipient that the email is normal and not even suspect that it’s fraudulent. The spear phishing attack is successful when the recipient follows the directions in the email to download an attachment, typically malware, or log in to a site, where the attacker acquires login credentials to a corporate database or online account.
Standing for Structured Query Language and pronounced as “sequel,” SQL is a programming language used to manage data by communicating with database systems through queries and statements that can retrieve and modify data. SQL injection attackers exploit known vulnerabilities of the language to get a SQL database server to run injected malicious code, which results in the server exposing information it usually would not share. For instance, a hacker can use an input field like a search box or password box on a webpage to enter a predefined SQL command that would direct the database server to pull up customer records that contain personally identifiable information like credit card details or social security numbers that attackers can sell on the Dark Web. The attacker can also enter statements or commands that delete or alter information in the database or even shut the database down.