Defending Against These Common Types Of Cyber Attack

Defending Against These Common Types Of Cyber Attack

Directors Report: This article is exclusive to premium customers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

The Internet has brought a positive information and connection changes to people’s lives, but the Net has given rise to increasing cyber attacks and data theft. Today's cyber criminals are not part-time amateurs but often are state-sponsored adversaries and professional criminals looking to steal information and make large amounts of money. 

A cyber attack is a malicious and deliberate attempt by an individual or organisation to breach the information system of another individual or organisation. These attacks are carried out by threat actors who use various strategies such as malware, social engineering, and password theft. 

These cyber attacks disrupt business operations and in some extreme circumstances they can also lead to the complete destruction of the firm. Worse, the average cost of a data breach is around 9.48 million USD, which includes expenses related to discovering and responding to the attack, downtime, lost revenue, and long-term damage to the business’s reputation. 

It is projected that cyber crime will cost the global economy approximately $10.5 trillion annually by 2025. 

The Most Common Types of Cyber Attacks

In a targeted cyber-attack, your organisation is singled out because the attacker has a specific interest in your business, or has been paid to target you. The groundwork for the attack could take months so that they can find the best route to deliver their exploit directly to your systems or users. 

A targeted attack is often more damaging than an un-targeted one because it has been specifically tailored to attack your systems, processes or personnel, in the office and sometimes at home. Targeted attacks may include:

A Malware Attack:   Malware, or malicious software infects a computer and changes how it functions, destroys data, or spies on the user or network traffic as it passes through. 

Malware is the most common type of cyber attack, mostly because this term encompasses many subsets such as ransomware, trojans, spyware, viruses, worms, keyloggers, bots, cryptojacking, and any other types of malware attack that leverages software in a malicious way.

Malware can either spread from one device to another or remain in place, only impacting its host device.
Several of the attack methods described above can involve forms of malware, including MITM attacks, phishing, ransomware, SQL injection, Trojan horses, drive-by attacks, and XSS attacks.

In a malware attack, the software has to be installed on the target device. This requires an action on the part of the user.  Therefore, in addition to using firewalls that can detect malware, users should be educated regarding which types of software to avoid, the kinds of links they should verify before clicking, and the emails and attachments they should not engage with.

Phishing Attacks:   A Phishing Attack occurs when a malicious actor sends emails that seem to be coming from trusted, legitimate sources in an attempt to grab sensitive information from the target.  Phishing Attacks combine social engineering and technology and are so-called because the attacker is, in effect, “fishing” for access to a forbidden area by using the “bait” of a seemingly trustworthy sender. 

To execute the attack, the bad actor may send a link that brings you to a website that then fools you into downloading malware such as viruses, or giving the attacker your private information. In many cases, the target may not realise they have been compromised, which allows the attacker to go after others in the same organisation without anyone suspecting malicious activity.

You can prevent Phishing Attacks from achieving their objectives by thinking carefully about the kinds of emails you open and the links you click on.  Pay close attention to email headers, and do not click on anything that looks suspicious. Check the parameters for “Reply-to” and “Return-path.” They need to connect to the same domain presented in the email. 

Spear-Phishing Attacks:   Spear Phishing is a specific type of targeted phishing attack. The attacker takes the time to research their intended targets and then write messages the target is likely to find personally relevant. These types of attacks are aptly called “spear” phishing because of the way the attacker hones in on one specific target. The message will seem legitimate, which is why it can be difficult to spot a spear-phishing attack.

Often, a spear-phishing attack uses email spoofing, where the information inside the “From” portion of the email is faked, making it look like the email is coming from a different sender. This can be someone the target trusts, like an individual within their social network, a close friend, or a business partner. 

Attackers may also use website cloning to make the communication seem legitimate. With website cloning, the attacker copies a legitimate website to lull the victim into a sense of comfort. 

The target, thinking the website is real, then feels comfortable entering their private information. Similar to regular phishing attacks, spear-phishing-attacks can be prevented by carefully checking the details in all fields of an email and making sure users do not click on any link whose destination cannot be verified as legitimate.

Denial of Service (DoS)  & Distributed Denial of Service (DDoS) Attacks:   DoS and DDoS attacks are malicious attempts to disrupt the normal functioning of a system or network by overwhelming it with excessive traffic. A DoS attack is carried out by a single attacker, while a DDoS attack involves multiple attacker-controlled machines, often infected with malware, collectively launching the attack. 

The primary goal of these attacks is disruption, making the targeted system or service unavailable to legitimate users. In some cases, the attacker may gain financial benefits if hired by a competing business. Successful DoS or DDoS attacks can leave the system vulnerable to further attacks. 

Notable examples include the massive attack on Amazon Web Services (AWS) in February 2020, which is claimed to be the largest publicly disclosed DDoS attack in history.

A Denial of Service (DoS) attack is designed to overwhelm the system server to the point where it is unable to reply to legitimate service requests. In a DoS attack, users are unable to perform routine and necessary tasks, such as accessing email, websites, online accounts or other resources that are operated by a compromised computer or network. 

While most DoS attacks do not result in lost data and are typically resolved without paying a ransom, they cost the organisation time, money and other resources in order to restore critical business operations. And a Distributed Denial-of-Service (DDoS) attack is similar in that it also seeks to drain the resources of a system. 

In a DoS attack, users are unable to perform routine and necessary tasks, such as accessing email, websites, online accounts or other resources that are operated by a compromised computer or network. While most DoS attacks do not result in lost data and are typically resolved without paying a ransom, they cost the organisation time, money and other resources in order to restore critical business operations.

A DDoS attack is initiated by a vast array of malware-infected host machines controlled by the attacker. With a DoS attack, the target site gets flooded with illegitimate requests. Because the site has to respond to each request, its resources get consumed by all the responses. This makes it impossible for the site to serve users as it normally does and often results in a complete shutdown of the site.

DoS and DDoS attacks are different from other types of cyber attacks that enable the hacker to either obtain access to a system or increase the access they currently have. 

With these types of attacks, the attacker directly benefits from their efforts. With DoS and DDoS network attacks, on the other hand, the objective is simply to interrupt the effectiveness of the target's service. If the attacker is hired by a business competitor, they may benefit financially from their efforts.

A DoS attack can also be used to create vulnerability for another type of attack. With a successful DoS or DDoS attack, the system often has to come offline, which can leave it vulnerable to other types of attacks. One common way to prevent DoS attacks is to use a firewall that detects whether requests sent to your site are legitimate. Imposter requests can then be discarded, allowing normal traffic to flow without interruption. An example of a major Internet attack of this kind occurred in February 2020 to Amazon Web Services (AWS).  

Man-In-The-Middle (MITM) Attacks:   MITM cyber attacks are breaches in cyber security that make it possible for an attacker to monitor the data sent back and forth between two people, networks, or computers. It is called a MITM because the attacker positions themselves in the “middle” or between the two parties trying to communicate. In effect, the attacker is spying on the interaction between the two parties.

During a MITM attack, the two monitored parties think that they are communicating in a normal way. What they do not know is that the person actually sending the message illicitly modifies or accesses the message before it reaches its destination. 

Some ways to protect yourself and your organisation from MITM attacks is by using strong encryption on access points or to use a virtual private network (VPN).

Ransomware Attacks:   Ransomware is a form of malware. Cyber criminals use ransomware as a tool to steal data and essentially hold it hostage. They only release the data when they receive a ransom payment. Organisations most vulnerable to ransomware attacks hold sensitive data, such as personal information, financial data, and intellectual property. 

In the case of Ransomware the victim’s system is held hostage until they agree to pay a ransom to the attacker. After the payment has been sent, the attacker then provides instructions regarding how the target can regain control of their computer.

Typically, in a ransomware attack the victim downloads ransomware, either from a website or from within an email attachment. The malware is written to exploit vulnerabilities that have not been addressed by either the system’s manufacturer or the IT team. The ransomware then encrypts the target's workstation.

At times, ransomware can be used to attack multiple parties by denying access to either several computers or a central server essential to business operations.

Affecting multiple computers is often accomplished by not initiating systems captivation until days or even weeks after the malware's initial penetration. The malware can send AUTORUN files that go from one system to another via the Internal network or Universal Serial Bus (USB) drives that connect to multiple computers. Then, when the attacker initiates the encryption, it works on all the infected systems simultaneously. In some cases, ransomware authors design the code to evade traditional antivirus software.

It is therefore important for users to remain vigilant regarding which sites they visit and which links they click. 

Many ransomware attacks can be prevented by using a Next-Generation Firewall that can perform deep data packet inspections using Artificial Intelligence (AI) that looks for the characteristics of ransomware.

Password Attack:   Passwords are the access verification tool of choice for most people, so figuring out a target’s password is an attractive proposition for a hacker. This can be done using a few different methods. 

Despite their many known weaknesses, passwords are still the most common authentication method used for computer-based services, so obtaining a target's password is an easy way to bypass security controls and gain access to critical data and systems. Attackers use various methods to illicitly acquire passwords. Often, people keep copies of their passwords on pieces of paper or sticky notes around or on their desks. An attacker can either find the password themselves or pay someone on the inside to get it for them.  

An attacker may also try to intercept network transmissions to grab passwords not encrypted by the network. They can also use social engineering, which convinces the target to input their password to solve a seemingly “important” problem. 

In other cases, the attacker can simply guess the user’s password, particularly if they use a default password or one that is easy to remember such as “1234567.” Attackers also often use brute-force methods to guess passwords. A brute-force password hack uses basic information about the individual or their job title to try to guess their password. For example, their name, birthdate, anniversary, or other personal but easy-to-discover details can be used in different combinations to decipher their password. 

Information that users put on social media can also be leveraged in a brute-force password hack. What the individual does for fun, specific hobbies, names of pets, or names of children are sometimes used to form passwords, making them relatively easy to guess for brute-force attackers. A hacker can also use a dictionary attack to ascertain a user’s password. A dictionary attack is a technique that uses common words and phrases, such as those listed in a dictionary, to try and guess the target's password. 

One effective method of preventing brute-force and dictionary password attacks is to set up a lock-out policy. This locks out access to devices, websites, or applications automatically after a certain number of failed attempts. 
With a lock-out policy, the attacker only has a few tries before they get banned from access. If you have a lockout policy in place already and discover that your account has been locked out because of too many login attempts, it is wise to change your password. 

If an attacker systematically uses a brute-force or dictionary attack to guess your password, they may take note of the passwords that did not work. For example, if your password is your last name followed by your year of birth and the hacker tries putting your birth year before your last name on the final attempt, they may get it right on the next try. 

Structured Query Language (SQL) Injection Attack:   SQL is a common method of taking advantage of websites that depend on databases to serve their users. Clients are computers that get information from servers, and an SQL attack uses an SQL query sent from the client to a database on the server. 

SQL specifically targets servers storing critical website and service data using malicious code to get the server to divulge information it normally wouldn’t. 

SQL is a programming language used to communicate with databases, and can be used to store private customer information such as credit card numbers, usernames and passwords (credentials), or other Personally Identifiable Information (PII) – all tempting and lucrative targets for an attacker. The command is inserted, or “injected”, into a data plane in place of something else that normally goes there, such as a password or login. The server that holds the database then runs the command and the system is penetrated.

If an SQL injection succeeds, several things can happen, including the release of sensitive data or the modification or deletion of important data. Also, an attacker can execute administrator operations like a shutdown command, which can interrupt the function of the database.

To shield yourself from an SQL injection attack, take advantage of the least-privileged model. With least-privileged architecture, only those who absolutely need to access key databases are allowed in. Even if a user has power or influence within the organisation, they may not be allowed to access specific areas of the network if their job does not depend on it. For example, the CEO can be kept from accessing areas of the network even if they have the right to know what is inside. 

Applying a least-privileged policy can prevent not just bad actors from accessing sensitive areas, but also those who mean well but accidentally leave their login credentials vulnerable to attackers, or leave their workstations running while away from their computers.

URL Interpretation:    URL stands for Uniform Resource Locator. With URL interpretation, attackers alter and fabricate certain URL addresses and use them to gain access to the target’s personal and professional data. This kind of attack is also referred to as URL poisoning. 

The name URL Interpretation comes from the fact that the attacker knows the order in which a web-page’s URL information needs to be entered. The attacker then “interprets” this syntax, using it to figure out how to get into areas they do not have access to. 

To execute a URL interpretation attack, a hacker may guess URLs they can use to gain administrator privileges to a site or to access the site’s back end to get into a user’s account. Once they get to the page they want, they can manipulate the site itself or gain access to sensitive information about the people who use it. For example, if a hacker attempts to get into the admin section of a site called GetYourKnowledgeOn.com, they may type in http://getyourknowledgeon.com/admin, and this will bring them to an admin login page.

In some cases, the admin username and password may be the default "admin" and "admin" or very easy to guess. An attacker may also have already figured out the admin’s password or narrowed it down to a few possibilities. The attacker then tries each one, gains access, and can manipulate, steal, or delete data at will.

To prevent URL interpretation attacks from succeeding, use secure authentication methods for any sensitive areas of your site. This may necessitate multi-factor authentication (MFA) or secure passwords consisting of seemingly random characters.

Business Email Compromise (BEC):   BEC attacks are a type of cyber crime where the attacker targets specific individuals, typically employees with financial authorisation, to deceive them into transferring funds into the attacker’s control. BEC attacks require meticulous planning and research, such as gathering information about the organisation’s executives, employees, customers, business partners, and potential partners, to effectively convince the victim to release funds. 

BEC attacks inflict substantial financial losses, rendering them amongst the most damaging forms of cyber attacks.

Domain Name System (DNS) Spoofing:  With DNS spoofing, a hacker alters DNS records to send traffic 
to a fake or “spoofed” website. Once on the fraudulent site, the victim may enter sensitive information that can be used or sold by the hacker.  The hacker may also construct a poor-quality site with derogatory or inflammatory content to make a competitor company look bad.

In a DNS spoofing attack, the attacker takes advantage of the fact that the user thinks the site they are visiting is legitimate. This gives the attacker the ability to commit crimes in the name of an innocent company, at least from the perspective of the visitor.

To prevent DNS spoofing, make sure your DNS servers are kept up-to-date. Attackers aim to exploit vulnerabilities in DNS servers, and the most recent software versions often contain fixes that close known vulnerabilities.

Session Hijacking:   Session hijacking is one of multiple types of MITM attacks. The attacker takes over a session between a client and the server. The computer being used in the attack substitutes its Internet Protocol (IP) address for that of the client computer, and the server continues the session without suspecting it is communicating with the attacker instead of the client. 

This kind of attack is effective because the server uses the client's IP address to verify its identity. If the attacker's IP address is inserted partway through the session, the server may not suspect a breach because it is already engaged in a trusted connection.

To prevent session hijacking, use a VPN to access business-critical servers. This way, all communication is encrypted, and an attacker cannot gain access to the secure tunnel created by the VPN.

Brute Force Attack (BFA):    A BFA gets its name from the “brutish” or simple methodology employed by the attack. The attacker simply tries to guess the login credentials of someone with access to the target system. Once they get it right, they are in. While this may sound time-consuming and difficult, attackers often use bots to crack the credentials. The attacker provides the bot with a list of credentials that they think may give them access to the secure area. The bot then tries each one while the attacker sits back and waits. Once the correct credentials have been entered, the criminal gains access.

To prevent brute-force attacks, have lock-out policies in place as part of your authorisation security architecture. After a certain number of attempts, the user attempting to enter the credentials gets locked out. This typically involves “freezing” the account so even if someone else tries from a different device with a different IP address, they cannot bypass the lockout.

It is also wise to use random passwords without regular words, dates, or sequences of numbers in them. This is effective because, for example, even if an attacker uses software to try to guess a 10-digit password, it will take many years of non-stop attempts to get it right.

Web Attacks:   Web attacks refer to threats that target vulnerabilities in web-based applications. Every time you enter information into a web application, you are initiating a command that generates a response. For example, if you are sending money to someone using an online banking application, the data you enter instructs the application to go into your account, take money out, and send it to someone else’s account. Attackers work within the frameworks of these kinds of requests and use them to their advantage.

Cross-Site Request Forgery (CSRF):    In this form of attack the victim is fooled into performing an action that benefits the attacker. For example, they may click on something that launches a script designed to change the login credentials to access a web application. The hacker, armed with the new login credentials, can then log in as if they are the legitimate user. A related form of this attack is Parameter Tampering, which involves adjusting the parameters that programmers implement as security measures designed to protect specific operations. 

The operation’s execution depends on what is entered in the parameter. The attacker simply changes the parameters, and this allows them to bypass the security measures that depended on those parameters.

To avoid web attacks, inspect your web applications to check for, and fix, vulnerabilities. One way to patch up vulnerabilities without impacting the performance of the web application is to use anti-CSRF tokens. A token is exchanged between the user’s browser and the web application. Before a command is executed, the token’s validity is checked. If it checks out, the command goes through, if not, it is blocked. 

You can also use SameSite flags, which only allow requests from the same site to be processed, rendering any site built by the attacker powerless.

Insider Threats:   Sometimes, the most dangerous threat come from within an organisation. People within a company’s pose a special danger because they have access to a variety of systems, and in some cases, IT admin privileges that enable them to make critical changes to the system or its security policies. In addition, people within the organisation often have an in-depth understanding of its cyber security architecture, as well as how the business reacts to threats. 

This knowledge can be used to gain access to restricted areas, make changes to security settings, or deduce the best possible time to conduct an attack.

One of the best ways to prevent insider threats in organisations is to limit employees' access to sensitive systems to only those who need them to perform their duties. Also, for the selected few who need access, use MFA, which will require them to use at least one thing they know in conjunction with a physical item they have to gain access to a sensitive system. For example, the user may have to enter a password and insert a USB device.

In other configurations, an access number is generated on a handheld device that the user has to log in to. The user can only access the secure area if both the password and the number are correct.

While MFA may not prevent all attacks on its own, it makes it easier to ascertain who is behind an attack, or an attempted one, particularly because only relatively few people are granted access to sensitive areas in the first place. As a result, this limited access strategy can work as a deterrent, since potential cyber criminals within your organisation will know it is easy to pinpoint who the perpetrator is because of the relatively small pool of potential suspects.

Trojan Horses:   A Trojan Horse attack uses a malicious program that is hidden inside a seemingly legitimate one. When the user executes the presumably innocent program, the malware inside the Trojan can be used to open a backdoor into the system through which hackers can penetrate the computer or network. 

This threat gets its name from the story of the Greek soldiers who hid inside a horse to infiltrate the city of Troy and win the war. Once the “gift” was accepted and brought within the gates of Troy, the Greek soldiers jumped out and attacked. In a similar way, an unsuspecting user may welcome an innocent-looking application into their system only to usher in a hidden threat.

To prevent Trojan attacks, users should be instructed not to download or install anything unless its source can be verified. Also, NGFWs can be used to examine data packets for potential threats of Trojans.

Drive-by Attacks:   In a Drive-by Attack, a hacker embeds malicious code into an insecure website. When a user visits the site, the script is automatically executed on their computer, infecting it. The designation “drive by” comes from the fact that the victim only has to “drive by” the site by visiting it to get infected. There is no need to click on anything on the site or enter any information.

To protect against drive-by attacks, users should make sure they are running the most recent software on all their computers, including applications like Adobe Acrobat and Flash, which may be used while browsing the Internet. Also, you can use web-filtering software, which can detect if a site is unsafe before a user visits it. 

XSS Attacks:    With XSS, or cross-site scripting, the attacker transmits malicious scripts using clickable content that gets sent to the target’s browser. When the victim clicks on the content, the script is executed. Because the user has already logged into a web application’s session, what they enter is seen as legitimate by the web application.  However, the script executed has been altered by the attacker, resulting in an unintended action being taken by the “user.” For example, an XSS attack may change the parameters of a transfer request sent through an online banking application.

In the falsified request, the intended recipient of the transferred money has their name replaced with that of the attacker. The attacker may also change the amount being transferred, giving themselves even more money than the target initially intended to send.

One of the most straightforward ways of preventing XSS attacks is to use a whitelist of allowable entities. This way, anything other than approved entries will not be accepted by the web application. You can also use a technique called sanitising, which examines the data being entered, checking to see if it contains anything that can be harmful.

Eavesdropping Attacks:   Eavesdropping attacks involve the bad actor intercepting traffic as it is sent through the network. In this way, an attacker can collect usernames, passwords, and other confidential information like credit cards. Eavesdropping can be active or passive. With active Eavesdropping, the hacker inserts a piece of software within the network traffic path to collect information that the hacker analyses for useful data. Passive eavesdropping attacks are different in that the hacker “listens in,” or eavesdrops, on the transmissions, looking for useful data they can steal.

Both active and passive eavesdropping are types of MITM attacks. One of the best ways of preventing them is by encrypting your data, which prevents it from being used by a hacker, regardless of whether they use active or passive eavesdropping.

Birthday Attack:   In a Birthday Attack, an attacker abuses a security feature: hash algorithms, which are used to verify the authenticity of messages. The hash algorithm is a digital signature, and the receiver of the message checks it before accepting the message as authentic. If a hacker can create a hash that is identical to what the sender has appended to their message, the hacker can simply replace the sender’s message with their own. The receiving device will accept it because it has the right hash.

The name Birthday Attack refers to the birthday paradox, which is based on the fact that in a room of 23 people, there is more than a 50% chance that two of them have the same birthday. Hence, while people think their birthdays, like hashes, are unique, they are not as unique as many think.

To prevent Birthday Attacks, use longer hashes for verification. With each extra digit added to the hash, the odds of creating a matching one decrease significantly.

How to Prevent Cyber Attacks

Preventing cyber attacks requires a multi-pronged approach that encompasses a wide range of security solutions. 

Here are some notable ways that businesses can prevent common attack types:

Malware:   To prevent malware infections, implement anti-malware and spam protection software, train staff to recognise malicious emails and websites, enforce strong password policies, keep software updated, and control access to systems and data.

Phishing:   To prevent phishing attacks, security awareness training is essential to educate employees about suspicious emails and links.

Man-in-the-middle:    In the case of MITM attacks, using a VPN is crucial when connecting through public Wi-Fi, being cautious of fake websites, intrusive pop-ups, and invalid certificates.

DoS and DDoS:   Preventing DoS and DDoS attacks requires robust network infrastructure with firewalls, traffic filtering, rate limiting, and collaboration with ISPs. SQL injection/Cross-site scripting: These attacks can be prevented by properly sanitising inputs and ensuring that special characters entered by users are not rendered on web pages.

Zero-day exploits:   Traditional antivirus solutions may not be effective against zero-day exploits, but Next-Generation Antivirus (NGAV) solutions can offer some protection.

DNS tunnelling:   DNS tunnelling can be prevented with specialised tools that block malicious DNS queries and blacklist suspicious destinations.

Business Email Compromise:   To prevent BEC attacks, employees should be trained to scrutinise emails for fake domains, urgency, and other suspicious elements.

Cryptojacking:    Protecting against cryptojacking involves monitoring network device CPU usage and training employees to spot performance issues or suspicious emails.

Drive-by attacks:    To minimise drive-by attacks, remove unnecessary browser plug-ins, install ad-blockers, and disable Java and JavaScript when possible.

Eavesdropping:    Eavesdropping attacks can be mitigated by encrypting sensitive data at rest and in transit, using firewalls, VPNs, and intrusion prevention solutions, and educating employees about phishing attempts.

Insider threats:   To address insider threats, implementing strict access controls, regularly monitoring user behaviour, conducting thorough background checks, and educating employees about security risks are essential.

IoT attacks:    Protecting against IoT attacks requires changing default router settings, using strong and unique passwords, disconnecting devices when not in use, and keeping them updated with the latest patches. 

Password attacks:   Preventing password attacks involves strong password policies, Multi-Factor Authentication (MFA), and penetration testing. Change your passwords regularly and use strong alphanumeric passwords which are difficult to crack. Refrain from using too complicated passwords that you would tend to forget. Do not use the same password twice. 

Finally, Use trusted and legitimate Anti-virus protection software and update both your operating system and applications regularly. This is a primary prevention method for any cyber-attack. This will remove vulnerabilities that hackers tend to exploit. 

References:  

Fortinet:  | Crowdstrike:   |   TechTarget:   

Cisco:   |   Lepide:  |  Simplilearn:

TechTarget:   |     Datto: |     Rapid7:   

EC-Council:   |   NCSC:   | CyberDegrees: 

Mass.gov:     |     Image: Wesley Tingey