A cyberattack is a malicious attempt by an individual or organization to breach the information system of another individual or organization. Generally, the attacker achieves some type of benefit from disrupting the victim's network.
We are living in a digital era. Nowadays, most people use computers, smartphones, and the internet. Due to the dependency on digital things, illegal computer and smartphone activity is growing and changing like any type of crime. So, cyberattacks are very destructive.
Here, I will give an overview of some of the most common types of cyberattacks.
So, Let's begin.
- Denial-of-Service (DoS) & Distributed Denial-of-Service (DDoS)
- Man-in-the-Middle (MitM)
- Malware
- Phishing
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
So, Let's talk about these common types of cyberattacks in-detail.
1. Denial-of-Service (DoS) & Distributed Denial-of-Service (DDoS)
DoS (Denial-of-Service Attack):-
Let's start with one example. Imagine that you are sitting on a one-lane road, with cars backed up as far as the eye can see. Mostly this road never sees more than a car, major sporting events have ended around the same time, and this road is the only way for visitors to leave the city. So, the road can not handle a massive amount of traffic, and as a result, it gets to back up that pretty much no one can leave.
That's essentially what happens to a website during a DoS attack. If you flood a website with more traffic than it was built to handle but if you will overload the website's server and then it will be impossible for the website to serve up its content for visitors who are trying to access it. This kind of traffic overload is malicious, as attacker floods a website with a huge amount of traffic to essentially shut it down for all users.
A DoS attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system becomes unresponsive and unable to fulfill legitimate requests of users. The goal of this attack is to make a server or network resource unavailable for the users. DoS attack uses a single system and a single internet connection to attack a server. DoS attacks can cost an organization by both time and money while their resources and services are inaccessible.
However, if the attacked resources belong to a competitor, then the benefit to the attacker may be real enough and another purpose of a DoS attack can be to take a system offline so that a different kind of attack can be launched on that system like session hijacking, which I will explain later.
DDoS (Distributed Denial-of-Service Attack):-
Before understanding about DDoS attack it is important to understand about Botnet.
What is Botnet?
A botnet is a network of different types of devices that have been infected with malicious software, such as a virus. Attackers can control a botnet as a group without the owner's knowledge with the goal of increasing the volume of their attacks. Often, a botnet is used to do a DDoS attack.
If DoS attacks are performed by a large number of computers at the same time then this scenario of attack is known as DDoS attacks. A DDoS attack can be more difficult to overcome due to the attackers appearing from many different IP addresses around the world simultaneously, and making determining the source of the attack even more difficult for network engineers.
DDoS attacks have increased in volume as more and more devices come online through the Internet of Things (IoT). IoT devices often have default passwords and do not have security so it is easy to hack IoT devices, making them vulnerable to compromise and exploitation. Infection of IoT devices are mostly unnoticed by users, and an attacker could easily compromise thousands of these devices to conduct a high-scale DDoS attack without the device owner's knowledge.
2. Man-in-the-Middle Attack (MitM)
Man-in-the-Middle (MitM) attack also known as an eavesdropping attack. A MitM attack occurs when an attacker inserts itself between the communications of a client and a server. Once the hacker interrupts the traffic, they can filter, modify and steal sensitive data.
Two common entry points for MitM attack:-
- On unsecured public Wi-Fi, attackers can insert themselves between a visitor's device and the network without visitor knowledge, the visitor's passes all sensitive information through the attacker.
- Once Malware has reached a device, an attacker can install malicious software to process all of the victim's information.
MitM attacks allow attackers to eavesdrop (secretly listen to someone's private conversation) on the communication between client and server. The attacker takes place between two communicating hosts, which allows the attacker to listen to a conversation they should normally not listen to, hence this type of attack is called a Man-in-the-Middle attack.
Let's see the example of a Man-in-the-Middle attack. Eve (Attacker) wants to eavesdrop on the conversation but also remain transparent. Eve could tell Alice that she was Bob and tell Bob that she was Alice. This would lead Alice to believe she's speaking to Bob, while actually revealing her part of the conversation to Eve. Eve could then gather information form this, alter the response, and pass the message along to Bob (who thinks he's talking to Alice). So, this way Eve is able to hijack their conversation.
3. Malware
Malware is short for malicious software, is an umbrella term that describes any malicious program or code that is harmful to systems.
Malware refers to various forms of harmful and malicious software, such as spyware, ransomware, viruses, worms, etc. Once malware is in your computer or smartphones, it can take control of your device, and monitoring your actions and keystrokes and silently sending all sorts of confidential data from your computer or network to the hacker.
Although malware can't damage the physical hardware of systems or networks, it can encrypt, steal, modify, or delete your sensitive data, or hijack core computer functions, and spy on your computer activity without your knowledge or permission.
Once malware inside the system, it can do the following :
- Install malware or additional harmful and malicious software
- Provide remote control for an attacker to use an infected machine
- Send spam from the infected machine to unsuspecting targets
- Investigate the infected user's local network
- Block access to your machine (ransomware)
- Steal sensitive data
Hacker will use a variety of methods to get malware into your computer or smartphones but at some stage, it often requires the user to take action against the installing of malware. This includes clicking a link to download a file or opening an attachment that may look harmless (like a Word document or PDF attachment), but actually has a malware installer hidden within.
If you want to learn more about Malware then Click here.
If you want to learn more about Malware then Click here.
4. Phishing
A phishing attack is a practice of sending emails that appear to be from trusted sources. The goal of a phishing attack is to steal sensitive information like a credit card, login information or to install malware on the victim's device. It could also be a redirect user to an illegitimate website that can trick you into downloading malware or handing over your sensitive personal information. Phishing is an increasingly common cyber threat.
Let's see one example. An attacker may email to employees at your company, as a system administrator, asking them to reset their password. A link is included in the email that redirects the employees to a page that looks like one of your legitimate password reset pages, including fields for the username and old password. When the employee enters their old password, the attacker gets their current password. After that, they can immediately login into your system without your knowledge. These types of phishing attacks are getting increasingly complicated.
The states indicate that phishing attacks are continuously increasing.
- In last year, phishing attempts are up to 65%
- 76% of businesses reported that they are victims of a phishing attack
These types of phishing attacks will continue increasing because humans don't change.
5. SQL Injection (SQLi)
SQL stands for the structured query language. It is a programming language used to communicate with databases. In many web applications, input data are taken from users and the corresponding SQL query is executed on the server-side to fetch or store proper data in the database. For example, if a user wants to see all books authored by an author, the user searches with the name of the author. That input data is taken from the user and the corresponding SQL query is executed in the database to fetch data and the results are displayed back with proper formatting.
But, sometimes attackers exploit the security vulnerabilities in these types of application software and tricks the server to execute malicious SQL queries, thus deleting or modifying (insert, update) the database, execute administration operations (such as shutdown) on the database, or stealing sensitive data to perform even more attacks. These types of attacks are called SQL Injection attacks.
A SQL Injection attack specifically targets this kind of server, using malicious code to get the server to reveal information it normally wouldn't. For example, if a SQL server is vulnerable to an injection attack, it may be possible for an attacker to go to a website's search box (for example instead of the login or password) and type in a code that would force the site's SQL server to reveal all its stored usernames and passwords for the site.
6. Cross-Site Scripting (XSS)
In a SQL injection attack, an attacker goes after a vulnerable website to target its stored data, such as user credentials or sensitive financial and personal data. But in a Cross-site scripting attack, attackers directly target a website's user. Similar to an SQLi attack, the XSS attack also involves injecting malicious code into a website, but in this case, the website itself is not being attacked. In XSS, the malicious code the attacker has injected only runs in the user's browser. When the user visit the attacked website, it goes after the visitor directly, not the website.
A cross-site scripting attack uses third-party web resources to run malicious scripts in the victim's web browser. Mainly, the attacker injects a payload with malicious javascript into the website's database. When the visitors request a page from the website which they visit, the website transmits the page with the attacker's payload as part of the HTML body, to the visitor's browser, which executes the malicious script.
For example, after the execution of the malicious script in the victim's browser, it might send the victim's cookie to the attacker's server, and the attacker can extract it and use it for session hijacking. The most harmful consequences occur when XSS is used to exploit additional vulnerabilities like a steal cookie, steal log keystrokes, capture screenshots, discover and collect network information, and remotely access and control the victim's machine.
XSS attacks can damage a website's reputation by placing a user's information at risk without any indication that anything malicious even occurred.
So, These are common types of cyberattacks.
If you have any questions then please mention in the comments section and I will get back to you and stay tuned with my blog to learn interesting things related to cybersecurity and hacking.
Comments
Post a Comment