Top 6 Common Cyber Attack Types
Cyberattacks have become increasingly more popular over the years. As each day passes, such attacks have grown more sophisticated, as attackers are able to launch campaigns without human intervention due to all the new network-based ransomware viruses out there. There are so many cyber attack types which everyone should know.
So what exactly is a cyberattack? Well, to put things simply, it’s when an organisation or individual deliberately attempts to breach the system of another organisation or individual for nefarious reasons. While, in the vast majority of cases, the motivation is economic in nature, there have been cases, when destruction of data is the primary goal.
Most cybercriminals are looking to ransom or something similar so that they can gain economically, but there can be an array of motives for these kinds of attacks, such as political activism, for example.
1. Denial-of-Service (DoS) & Distributed Denial-of-Service (DDoS) Attacks – Types of Cyber Attacks
Denial-of-service attacks work by overwhelming the resources of the target machine, so that it’s unable to respond to further requests. DDoS attacks work similar, they also attack the resources of the target machine, but such attacks are instead launched from a host machine that has been infected and controlled by malicious software.
Unlike with most attack types, that allows the attacker to be able to gain, some fashion or the other, with denial-of-service attacks, there are no real benefits for the attacker. For such individuals, they gain satisfaction of taking down the target system or network.
However, if the system(s) were to belong to the business of a competitor, then the attacker, could in theory, benefit from it. Another reason why a cybercriminal may want to launch a DoS attack, is so they can take a system offline, which would enable them to carry out another kind of attack. An example of this would be session hijacking.
When it comes to DDoS and DoS attacks, there are a number of types to think about. The most common of which are smurf attacks, teardrop attacks, TCP SYN flood attacks and ping-of-death attacks.
Phishing is a cyberattack type that uses social media, email, phone, SMS and other social engineering methods to entice an unsuspecting victim into sharing sensitive data, such as account details, usernames and passwords – or to simply download a file containing a virus, which would grant the hacker access to the target machine.
Common Phishing Commons Under Types of Cyber Attacks Which Includes:
- Whaling: A whaling attack is one of several social engineering attack types that is designed to target C-Level or senior executive staff members, with the sole purpose of sealing either their personal affix or money – or, in other instances, gain access to their system, so that the hacker can carry out an additional cyberattack type.
- Smishing: Smishing is the term used to describe the act of sending fraudulent text messages to unsuspecting individuals to trick them into sharing sensitive information with the hacker. Such as credit card numbers, usernames and passwords. Your typical smishing attack may involve the cybercriminal impersonating a shipping company or your bank.
- Spear Phishing: Spear-phishing works by the attacker targeting an organisation or individual through malicious emails. The sole purpose of these kinds of attacks is to steal sensitive data, such as login details or to infect the target machine with a malicious file.
- Vishing: Vishing is a voice based phishing attack type, as these fraudulent attacks are carried out over voice messages or phone calls, as individuals pretend to represent legitimate companies, in order to steal your sensitive information, such as personal affix, passwords and bank details.
3. Man-in-the-Middle Attacks
These man-in-the-middle attacks work by a hacker intercepting the communications between two parties, essentially inserting themselves in the middle of it. From this position, the attacker is able to manipulate and steal data by interrupting traffic.
These types of attacks are designed to exploit the security vulnerabilities within unsecured networks, in order to insert the attack between the network and unsuspecting victim’s device. One of the main issues with these attack types, is that they are very difficult to detect, as the victim is none the wiser, believing all data is being sent to the relevant destinations. Malware and phishing attacks are oftentimes used to carry out one of these man-in-the-middle attacks.
4. SQL Injections
These attack types occur when a hacker inserts a virus (or malicious code) into a network server by using an SQL (server query language) forcing that server to send the hacker sensitive data. To carry out this kind of attack, the hacker must submit their malicious code into a search box or website comment that is unprotected. To prevent these SQL injections the use of parameterised queries must be used.
When a specific SQL uses parameters instead of inserting the value in, directly, this can allow malicious queries to be run. Additionally, the SQL interpreter may use these parameters exclusively for data, without seeing it as actual code.
There is so much to learn on secure coding practice for SQL injection attacks – so I suggest you give that a look in, if it’s important to you.
5. Smurf attack
These specific attack types use ICMP and IP spoofing to saturate a network with traffic. ICMP echo requests are used on the targeted network to broadcast a series of IP address. These ICMP requests may originate from a prior victims machine.
For example, if the IP address of the victim’s machine is 184.108.40.206, then the cybercriminal would spoof their ICMP echo request using that IP address to broadcast to 220.127.116.11. This request would then be sent out to all IP address that exist within that IP range, with all responses going back to the victims IP address, overwhelming the network in the process. This process can be repeated as many times as needed, and can also be automated, to generate as much traffic as needed.
To protect your network system from such attacks, you would have to disable IP-directed broadcasts, directly from the router(s). As this would prevent ICMP echo broadcast requests. Another method you could use, involves configuring an end system to prevent it from responding to ICMP packets specifically from broadcast addresses.
6. IP Spoofing
IP spoofing is used by cybercriminals to trick their victims into thinking they are communicating with an entity that can be trusted. The attacker will send out packets of data that have an IP source address from someone that is known and trusted, instead of their own IP address –this of course, goes out to the target machine. The target machine is then more likely to accept the packet, which the cybercriminal can then act upon.
Uchenna Ani-Okoye is a former IT Manager who now runs his own computer support website Compuchenna. You can visit this website to get all about the knowledge of computers.