What are the Most Common Types of Cyber Security Attacks?
What are the Most Common Types of Cyber Security Attacks?
A cyber attack is a malicious attempt that targets a computer network, information system, or personal computer. This attack can be on an organization or individual to steal, destroy or alter data. However, such an attack is sometimes done for economic benefits or a ransom. Such attacks have become very common these days and are often launched without any human intervention. Many times, companies are not even aware that they have been hacked. Attackers launch attacks on vulnerable businesses every day. To deal with an increasing number of cyber security threats, regulators and insurers have designed customizable cyber insurance plans for organizations as well as individuals.
Here are some common types of cyber security attacks:
1. Denial-of-service (DoS) and Distributed Denial-of-service (DDoS) Attacks:
DoS attacks work by overloading resources of a system, server, or network, with traffic to overload resources and bandwidth. As a result, the system is not able to respond to service requests. On the other hand, there are distributed denial-of-service (DDoS) attacks that are launched from several infected machines with the purpose to take a system offline by service denial. Such attacks do not provide any direct benefits to the attacker but make way for another kind of attack on the network.
Some common types of DoS and DDoS attacks are:
● TCP SYN Flood Attack -
It stands for Transmission Control Protocol Session Initialization. The attacker’s device overloads the target system with connection requests and when the target system responds, the attacking device does not reply causing the system to crash. To avoid this attack, use firewalls to stop SYN requests.
● Teardrop Attack -
In this attack, the attacker sends fragment packets to the target machine, which fails to reassemble the packets due to a bug. As a result, packets overlap causing the target system to crash. This mostly happens in older versions of an operating system.
● Smurf Attack -
This attack saturates a target network with ICMP ping traffic. It can create a huge amount of network congestion by repeating the process. Taking advantage of the vulnerability of the network, it targets ICMP requests to the broadcast address, originating from a spoofed address. Disable IP-directed broadcasts to prevent this attack.
● Ping of Death Attack -
This type of attack sends IP packets to ‘ping a target system. While reassembling the packets there is a buffer overflow that crashes the target system. This attack can be blocked by using a firewall.
● Botnets -
It is a network of malware-infected computers under the control of a hacker. The hacker uses this network for DDoS attacks.
2. Malware:
Malware is unwanted software installed in your system without your permission. It easily replicates itself by attaching to any useful application. It breaches a network when a dangerous link is clicked, these links are shared through email attachments. It can obtain information from the system and disrupt system operations. Some common types of malware are viruses, trojans, worms, ransomware, adware, and spyware.
3. Phishing:
It is the practice of sending bulk emails to users. These emails seem reliable and from trusted sources. The purpose of these attacks is to get information or influence users to click on a malware link. If a user clicks on the link, malware is downloaded to the device and gains control by replicating itself. It can also happen through social media, direct messages, or via an online community. Following are different types of phishing attacks:
● Spear Phishing-
These are targeted attacks directed at specific companies or individuals through personal or relevant messages. Therefore, it is very difficult to identify.
● Whaling -
These attacks target the seniors and stakeholders in an organization.
● Pharming-
It captures user credentials by directing them to a fake login landing page through DNS cache poisoning.
There are simple ways to identify a phishing link, Use your critical thinking to analyze any email, message, or link. Pay attention to email headers.
4. Man-in-the-Middle (MitM) Attacks:
A MitM attack means a hacker comes in the middle of the communications between a client and a server. These attacks are often carried out by phishing or malware attacks. Some common types are
● Session hijacking-
A session between a client and a server is hijacked. The hacker substitutes its IP address for that of the client and the communication from the server continues not aware that the real client is disconnected.
● IP Spoofing-
IP spoofing convince a system to believe that it is a trusted source and thus giving access to the attacker. The attacker sends an IP source address in a packet to its target.
● Replay-
A replay attack means sending old saved messages impersonating the actual sender.
5. SQL Injections:
These are malicious codes injected into a server that uses the server query language (SQL). The server is forced to reveal the protected information as a result of SQL injection. The malicious code is submitted through the search box of a vulnerable website. This is most common in database-based websites.
6. Zero-day Exploit:
This kind of attack uses a disclosed vulnerability within a short period till a solution is provided. The attacker creates an exploit code and executes it while the vulnerable spot is still open. Such an open spot can cause data loss. Get your system insured with cyber insurance to cover any such loss.
7. Password Attack:
This type of attack uses various methods to gain access to an individual’s passwords. These passwords are then used to gain access to a protected information system. The information stored is usually confidential information that can be exploited in many ways.
8. Cross-site Scripting:
This attack uses third-party web sources to run scripts in the target web browser. This way the attacker injects a malicious script into the website database. When the website is opened, the script executes and sends the target cookies to the attacker’s server, these cookies are used to hijack sessions.
9. Rootkits:
It is a computer virus that allows a third party to take control of the system. It allows secret access to a computer. It can be used to steal credentials and sensitive information. It can stay in a dormant state until it is activated by the attacker.
10. Internet of Things (IoT) Attacks:
These attacks can gain access to IoT devices. If the attacker gains access to one IoT device it can control all other IoT devices connected to that one device. The only way to avoid such an attack is to keep strong passwords for each IoT device that is different from others.
Conclusion
The above-mentioned attacks are just a few, there are many more types of cyberattacks. All these attacks have made it much easier for a hacker to gain access to anyone’s confidential information. Though there are specific measures available to deal with each type of attack you need to follow simple rules like keeping your systems updated, keep changing passwords, upgrading your anti-virus, and installing proper firewalls to protect from attacks. Do invest in good cyber insurance to cover you against any of these cyber security threats.
Disclaimer: The above information is for illustrative purpose only. For more details, please refer to policy wordings and prospectus before concluding the sales.
RELATED ARTICLES
Steps to Protect Your Phone from Malware
Everything You Should Know about Phishing Attacks
Safer Internet Day 2022: All You Need to Know