Introduction to Cyber Attacks
Cyber-attack doesn’t need much introduction. This is the one-act, which is most hated by everybody, be it an individual or an organization, across the world. Because, the magnitude of the havoc caused by some of the cyber-attacks such as WannaCry, NotPetya, Capitol One breach, Citrix breach, and Ethereum, etc. is still in the memory of many people. If one thinks cyber-attacks are not frequent then it is a wrong notion. The truth is they occur almost every day in some parts of the world.
What is a Cyber Attack?
In simple terms, a cyber-attack can be termed as a malicious attempt to break into the other systems to make them non-functional, steal data, or to do some other heinous crime. Many a time, the willful intention behind a cyber-attack is to demand ransom from the victims. Though there are constant attempts to contain the cyber-attacks, the attackers always use innovative methods or types to intrude into the other computer systems and to hack them.
The following are some of the cyber-attacks, which hackers use to target the victims.
Gain essential skills to defend your organization from security threats by enrolling in our
Types of cyber-attacks
Phishing is one of the common forms of cybercrime launched to attack the targets. Using this method, the hackers send malicious emails to the targets. These emails give the impression that they are sent from a known person or some trusted source. In some cases, these phishing emails contain even attachments to dupe the recipient. In other words, these phishing emails are sent in such a way that they look legitimate in every aspect. If clicked, the targets fall prey into the hackers’ trap and with whatever intention the hacker sent that email it will be achieved instantly.
However, there are a few methods using which you can try to prevent or get yourself protected from phishing emails.
Methods to prevent phishing emails
- Ensure having a strong and lengthy password of a minimum of ten characters containing letters, symbols, and numbers.
- Don’t open an email in a hurry. Check its veracity and be sure it is sent from a trusted source.
- Before clicking an email, hover the cursor on the link to see where it leads to.
- Organizations need to conduct security awareness programs on how to prevent phishing emails.
- Use character recognition filter technology to filter malicious URLs.
Related Article: Cyber Security Frameworks
Malware is the short form for malicious software, which is used to damage other computer systems. Some of the examples for the malware are ransomware, viruses, worms, and spyware, etc. The malware will be installed in the system when you click a risky link or open an attachment. Once the malware is installed in your system, it wreaks havoc. You cannot have access to the key components of the network. Your data from the hard drive will be stolen. You cannot operate your system. Viruses such as Micro Virus infect important applications such as Microsoft Word or Microsoft Excel and make them non-functional.
Methods to prevent malware attacks
- The first and foremost method is to educate the users about the repercussions of malware and also how to identify them. This way you can prevent malware to a great extent.
- Make your network completely secure and foolproof by controlling the access. As part of it, you can use IPS, Firewall, IDS, and VPN, etc.
- You also can use up-to-date A/V software to detect and get rid of the malware.
Denial of Service or DoS is a kind of cyber-attack that floods a website or an application with artificial traffic more than the volume it can handle. Once this attack is launched, the website or the application won’t be accessible to legitimate users. The reasons for this kind of attack may be multiple. It may be to extort money from the victims. It may be by some somebody or criminal organization to make a statement. It also may be to disrupt competitors’ business. There is a possibility that it may be to seek revenge. The reason can be anything.
Subscribe to our youtube channel to get new updates..!
There are different types of denial-of-service attacks. Some of them include the following:
- Distributed Denial-of-Service (DDoS): In this type, multiple attacks are launched from a network of systems at the same time. This act results in multiple IP addresses and makes it difficult to defend from this attack and also difficult to identify who the attacker is.
- Network-Targeted Denial-of-Service: This type of cyber-attack is launched to consume the entire bandwidth of the victim so that the legitimate traffic cannot be transmitted through the systems.
- System-Targeted Denial-of-Service: This type of attack is launched with an aim to make the target systems not usable by consuming the system resources such as memory, disk space, and CPU, etc. The result – the normal operations get crippled completely.
- Application-Targeted Denial-of-Service: As the name sounds, this kind of attack is launched to disrupt the functionality of the applications. The disruption will be made in the form of making the users logging out of the application or making the application to crash by triggering an error. Or it can be in the form of making a component such as a database not accessible by making multiple requests.
Let us now discuss the methods to prevent denial of service.
Methods to prevent Denial-of-Service Attacks
- Keep monitoring the network if there is any unexpected traffic.
- Keep checking the systems’ health frequently.
- Keep checking the application functionality and responsiveness.
- Have a companywide mitigation policy.
Related Article: Cyber Security Strategy Template
SQL Injection Attack
SQL Injection is one of the most potential attacks, which will be highly detrimental to businesses. Through SQL injection, the cyber-criminals target the databases and resort to crimes such as deleting data, corrupting data, modifying data, stealing data, and bypassing authentication, etc.
Some of the types of SQL Injection attacks are:
- Unsanitized Input: Through this attack, the hackers provide input to the users, which is not sanitized for characters and also not validated.
- Inferential SQL Injection: This attack is also called Blind SQL injection. In this attack, there won’t be any direct attack on the database to steal data. Instead, the attacker looks for the indirect traces or clues in the behavior. Some of these clues include the time taken by the database to respond to user input and HTTP response details, etc.
- Out-of-band injection: In this attack, what the attacker does is to give an injection, which gets stored in the database and executed by a separate behaviour of the database. Once this is done, the attacker will have control of the targeted system.
Methods to prevent SQL injection Attacks
- It is always advisable to sanitize the inputs provided by the users. Besides, check whether the submitted data type matches the expected data type.
- Don’t explicitly show the database errors so that the attacker cannot misuse them.
- Ensure updating the databases frequently with the latest patches so that the bugs won’t be exploited by the attackers.
- Test the applications routinely using a security testing solution to identify new bugs.
- You can also use WAF (Web Application Firewall) to detect SQL injection attacks.
- Try using stored procedures instead of dynamic SQL, prepared statements, and parameterized queries.
In this attack, the hackers won’t look for an action from the user to install the malware in their systems. Instead, they add the malicious code in the HTTP or PHP code on a page of the website or web application. What happens now is – when somebody visits that page containing malicious code, the malware gets installed in that visitor’s system. Websites or applications, which are not secured, are the primary targets in this kind of attack.
Methods to prevent SQL injection Attacks
- The following are some of the methods using which you can try to prevent Drive-by attacks:
- Make sure the browsers and operating systems are always up-to-date.
- Don’t use the websites, which contain malicious code.
- Limit the number of programs and applications in the systems.
This is one of the common methods of the illegitimate way of accessing other systems in a network. As part of launching this attack, the hackers steal the passwords from a person’s desk or sniff the connection between a system and a network. The hackers also use the Brute force method to guess the passwords randomly. In order to guess a password, they try using the target’s details such as name, occupation, and job title, etc. Another method the hackers use to obtain passwords is the Dictionary attack. In the dictionary attack, the hackers use an encrypted password and apply the same encryption to a dictionary of passwords that are used commonly and then check the results.
Methods to Prevent Password Attacks
The following are some of the methods using which you can try to prevent password attacks:
- Always, use strong and lengthy passwords containing a combination of letters, symbols, and numbers.
- Don’t use easy to guess passwords relating to your personal details.
- Don’t use a sequence of characters (example, abcd) or numbers (example, 1234) as part of the password.
- Don’t use the words, which can be found in the dictionary as a password.
- Don’t continue using default passwords even though they are strong.
- Keep changing the passwords at regular intervals like once in 3 months.
Related Article: Cyber Security Career Path
Man in the Middle (MITM) Attack
This is a kind of attack in which the hacker makes himself positioned between the user and the application during the interaction. This attack is done with an aim to steal the information such as login credentials, credit card details, or account details, etc. from the users of financial applications, websites, and eCommerce portals, etc.
Methods to prevent MITM Attacks
The following are some of the methods using which you can try to prevent MITM attacks:
- Don’t forget logging out of applications if they are not in use.
- Don’t use the WiFi connections, which are not protected with passwords.
- Use SSL/TLS to secure all the pages instead of only the login pages.
- Use TLS and HTTPS communication protocols to mitigate the attacks of spoofing. You can mitigate the risks to encrypt and authenticate transmitted data.
The EavesDropping attack is launched to steal the information transmitted over a network or any other connected device. It is very difficult to identify this attack because even during this attack the network appears functioning very normally. To launch this attack, the hacker installs sniffer in a system or the server. Once installed, the sniffer intercepts the transmitted data.
Methods to prevent Eavesdropping Attack
The following are some of the methods using which you can try to prevent Eavesdropping attacks:
- Keep updating antivirus software.
- Use a strong password and keep changing it at regular intervals.
- Don’t use the same password for all the applications you use.
- Avoid using public Wi-Fi networks for sensitive transactions.
Cross-site scripting (XSS) attack
Methods to prevent XSS Attack
The following are some of the methods using which you can try to prevent XSS attacks:
- Before reflecting, get the user input data sanitized in the HTTP request.
- Ensure validating all the data and also filter it before sending to the user.
- Allow the users to disable client-side scripts.