Cyber attacks are increasingly common today, and according to Cisco’s Annual Cybersecurity Report, attackers can launch campaigns without human intervention with the advent of network-based ransomware worms. The number of security events has increased in number and complexity.
A cyber attack is when an individual or an organization deliberately and maliciously attempts to violate the information system of another individual or organization. While there is often a financial target, some recent attacks show data destruction as a goal.
Malicious actors often seek ransom or other financial gain, but attacks can be perpetrated for a variety of reasons, including political activism purposes. Read on to learn more about the most common types of cybersecurity attacks in 2020.
The 10 most common types of cyber security attacks
1. Malware
The term «malware» encompasses several types of attacks, including spyware, viruses and worms. Malware uses a vulnerability to break a network when a user clicks on a dangerous «planted» link or email attachment, which is used to install malicious software on the system.
Malware and malicious files within a computer system can do this:
Deny access to critical network components
Obtain information by recovering data from the hard drive
Interrupt the system or even disable it.
El malware es tan común que existe una gran variedad de modus operandi. Los tipos más comunes son:
- Virus: infectan aplicaciones que se adjuntan a la secuencia de inicialización. El virus se replica a sí mismo, infectando otro código en el sistema informático. Los virus también pueden adjuntarse al código ejecutable o asociarse a un archivo creando un archivo de virus con el mismo nombre pero con la extensión.exe, creando así un señuelo que transporta el virus.
- Troyanos: un programa que se esconde dentro de un programa útil con fines maliciosos. A diferencia de los virus, un troyano no se replica a sí mismo y se utiliza comúnmente para establecer una puerta trasera para ser explotada por los atacantes.
- Gusanos: a diferencia de los virus, no atacan al host, ya que son programas autónomos que se propagan a través de redes y equipos. Los gusanos a menudo se instalan a través de archivos adjuntos de correo electrónico, enviando una copia de sí mismos a cada contacto de la lista de correo electrónico del equipo infectado. Se utilizan comúnmente para sobrecargar un servidor de correo electrónico y lograr un ataque de denegación de servicio.
- Ransomware: un tipo de malware que niega el acceso a los datos de las víctimas, amenazando con publicarlos o eliminarlos a menos que se pague un rescate. El software de rescate avanzado utiliza la extorsión criptoviral, cifrando los datos de la víctima para que sea imposible descifrarlos sin la clave de descifrado.
- Spyware-un tipo de programa instalado para recopilar información sobre los usuarios, sus sistemas o hábitos de navegación, enviando los datos a un usuario remoto. El atacante puede utilizar la información con fines de chantaje o descargar e instalar otros programas maliciosos desde la Web.
2. Phishing
Phishing attacks are extremely common and involve the massive sending of fraudulent emails to unsuspecting users, disguised as coming from a reliable source. Fraudulent emails often appear to be legitimate, but link the recipient to a malicious file or script designed to allow attackers to access your device in order to control it or collect information, install malicious files or scripts, or extract data such as user information, financial information and more.
Phishing attacks can also take place through social networks and other online communities, via direct messages from other users with a hidden agenda. Phishers often exploit social engineering and other sources of public information to gather information about your work, interests, and activities, giving attackers an advantage in convincing you that you are not who you say you are.
There are several different types of phishing attacks, including
Spear Phishing – attacks that target specific companies and/or individuals.
Whale attacks targeting senior executives and interest groups within an organization.
Pharming – poisoning of the DNS cache to capture user credentials through a fake login page.
Phishing attacks can also take place through phone calls (voice phishing) and through text messages (SMS phishing). This article highlights additional details about phishing attacks: how to detect them and how to prevent them.
3. Man in the Middle Attacks (MitM)
It occurs when an attacker intercepts a transaction between two parties, inserting himself in the middle. From there, cyber-attacks can steal and manipulate data by interrupting traffic.
This type of attack usually exploits the security vulnerabilities of a network, such as an unsecured public WiFi network, to insert itself between a visitor’s device and the network. The problem with this type of attack is that it is very difficult to detect, as the victim thinks the information is going to a legitimate destination. Phishing or malware attacks are often used to carry out a MitM attack.
4. Denial of Service (DOS) attack
DOS attacks work by flooding systems, servers and/or networks with traffic to overload resources and bandwidth. This result makes the system unable to process and satisfy legitimate requests. In addition to denial of service (DoS) attacks, there are also distributed denial of service (DDoS) attacks.
DoS attacks saturate system resources in order to prevent response to service requests. On the other hand, a DDoS attack is launched from several infected host computers with the aim of achieving denial of service and shutting down a system, thus paving the way for another attack to enter the network or environment.
The most common types of DoS and DDoS attacks are the TCP SYN flood attack, the tearjerker attack, the smurf attack, the ping-of-death attack and botnets.
5. SQL injections
This occurs when an attacker inserts malicious code into a server using the server query language (SQL), forcing the server to deliver protected information. This type of attack usually consists of sending malicious code to a comment or search box of the unprotected website. Secure coding practices, such as the use of prepared statements with parameterized queries, are an effective way to avoid SQL injections.
When a SQL command uses a parameter instead of inserting the values directly, it can allow the backend to execute malicious queries. In addition, the SQL interpreter uses the parameter only as data, without executing it as code. Learn more about how secure coding practices can prevent SQL injection here.
6. Zero-day exploit
A zero-day vulnerability refers to the exploitation of a network vulnerability when it is new and recently announced, before a patch is released and/or implemented. Zero-day attackers jump to the revealed vulnerability in the small window of time when no fix or preventive measure exists. Therefore, preventing zero-day attacks requires constant monitoring, proactive detection and agile threat management practices.
7. Password attack
Passwords are the most widespread method of authenticating access to a secure information system, making them an attractive target for cyber-attacks. By accessing a person’s password, an attacker can gain access to confidential or critical data and systems, including the ability to update and control such data and systems.
Password attackers use a myriad of methods to identify an individual password, including using social engineering, accessing a password database, testing the network connection for unencrypted passwords, or simply guessing.
The latter method is executed in a systematic manner known as a «brute-force attack». A brute-force attack uses a program to test all possible variants and combinations of information to guess the password.
Another common method is the dictionary attack, when the attacker uses a list of common passwords to try to access a user’s computer and network. Best practices for account blocking and two-factor authentication are very useful for preventing a password attack. Account lockout features can freeze the account after several attempts at invalid passwords and two-factor authentication adds an additional layer of security, requiring the user to log in to enter a secondary code only available on their 2FA device(s).
8. Scripting between sites
A cross-site scripting attack sends malicious scripts to the content of trusted websites. The malicious code is attached to the dynamic content that is sent to the victim’s browser. Typically, this malicious code consists of Javascript code executed by the victim’s browser, but may include Flash, HTML and XSS.
9. Rootkits
Rootkits are installed inside legitimate software, where they can gain remote control and administration level access through a system. The attacker uses the rootkit to steal passwords, keys, credentials and recover critical data.
Because rootkits hide within legitimate software, once you allow the program to make changes to your operating system, the rootkit installs itself into the system (host, computer, server, etc.) and remains inactive until the attacker activates it or it is activated through a persistence mechanism. Rootkits typically spread through email attachments and downloads from unsecured websites.
10. Internet of Objects (IO) Attacks
While Internet connectivity through almost every device imaginable creates convenience and ease for individuals, it also presents a growing – almost unlimited – number of access points for attackers to exploit and wreak havoc. The interconnection of things makes it possible for attackers to break one entry point and use it as a gateway to exploit other devices on the network.
IoT attacks are becoming increasingly popular due to the rapid growth of IoT devices and (in general) the low priority given to security embedded in these devices and their operating systems. In one case of an IO attack, a Las Vegas casino was attacked and the hacker managed to get in through an Internet-connected thermometer into one of the casino’s shoals.
Best practices to help prevent an IoT attack include updating the operating system and maintaining a secure password for all IoT devices on the network, as well as frequently changing passwords.