Common Types of Cyber Attacks

Common Types of Cyber Attacks

What Is a Cyber Attack?

A Cyber Attack is a malicious attack by cybercriminals, hackers, or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, or disrupting the system.

Types of Cyber Attacks

With the advancement of technology, more and more cyberattacks have emerged and become more sophisticated. It is important to understand the current threat landscape and most common cyber attacks to implement a good defensive strategy. Some of the most common cyber attacks can be summarized as follows:

1. Malware

Malware is a term used to describe malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software. Once inside the system, malware can do the following:

•Covertly obtains information by transmitting data from the hard drive (spyware)

•Disrupts certain components and renders the system inoperable

•Blocks access to key components of the network (ransomware).

•Installs malware or additional harmful software

2. Phishing

Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine. Some common type of phishing includes sending fake login pages of social accounts like Facebook or other social apps to get access to the account by acquiring its password.

3. Denial-of-Service (DoS) Attacks

A denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch this attack. This is known as an adistributed-denial-of-service (DDoS) attack.

4. Spoofing

Spoofing is a technique through which a cybercriminal disguises themselves as a known or trusted source. In so doing, the adversary is able to engage with the target and access their systems or devices with the ultimate goal of stealing information, extorting money, or installing malware or other harmful software on the device.

5. Man-In-The-Middle

Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data. Two common points of entry for MitM attacks:

  1. On insecure public Wi-Fi, attackers can insert themselves between a visitor’s device and the network. Without knowing, the visitor passes all information through the attacker.

  2. Once the malware has breached a device, an attacker can install software to process all of the victim’s information.

6. SQL Injection Attacks

Structured Query Language (SQL) injection occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker could carry out a SQL injection simply by submitting malicious code into a vulnerable website search box. An SQL Injection vulnerability may affect any website or web application that uses an SQL database such as MySQL, Oracle, SQL Server, or others.

7. DNS Tunneling

DNS Tunneling is a type of cyberattack that leverages domain name system (DNS) queries and responses to bypass traditional security measures and transmit data and code within the network.

Once infected, the hacker can freely engage in command-and-control activities. This tunnel gives the hacker a route to unleash malware and/or to extract data, IP, or other sensitive information by encoding it bit by bit in a series of DNS responses.

DNS tunneling attacks have increased in recent years, in part because they are relatively simple to deploy. Tunneling toolkits and guides are even readily accessible online through mainstream sites like YouTube.

10. IoT-Based Attacks

An IoT attack is any cyberattack that targets an Internet of Things (IoT) device or network. Once compromised, the hacker can assume control of the device, steal data, or join a group of infected devices to create a botnet to launch DoS or DDoS attacks.

Given that the number of connected devices is expected to grow rapidly over the next several years, cybersecurity experts expect IoT infections to grow as well. Further, the deployment of 5G networks, which will further fuel the use of connected devices, may also lead to an uptick in attacks.