A cyberattack refers to an action designed to target a computer or any element of a computerized information system to change, destroy or steal data, as well as exploit a harm to a network. Cyber attacks have been on the rise, in sync with the digitization of business that has become more and more popular in recent years.

While there are many different ways that an attacker can infiltrate an IT system, most cyber-attacks rely on pretty similar techniques. Below are some of the most common types of cyber-attacks.

Phishing attacks

A phishing attack occurs when a malicious actor sends emails that seem to be coming from trusted, legitimate sources in an attempt to grab sensitive information from the target.

To execute the attack, the bad actor may send a link that brings you to a website that then fools you into downloading malware such as viruses, or giving the attacker your private information. In many cases, the target may not realize they have been compromised, which allows the attacker to go after others in the same organization without anyone suspecting malicious activity.

You can prevent phishing attacks from achieving their objectives by thinking carefully about the kinds of emails you open and the links you click on. 

Pay close attention to email headers, and do not click on anything that looks suspicious. Check the parameters for “Reply-to” and “Return-path.” They need to connect to the same domain presented in the email.

Malware attack

Malicious software can be described as unwanted software that is installed in your system without your consent. It can attach itself to legitimate code and propagate , it can hide in useful applications or replicate itself across the internet. Here are some of the most common types of malware :

•   Ransomware : Ransomware is a type of a malware that blocks access to the victim’s data and threatens to publish or delete it , unless a ransom is paid. 

While some simpler computer ransomware can lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, which encrypts the victim’s files in a way that makes them nearly impossible to recover without the decryption key. 

• Adware : Adware is a software application used by companies for marketing purposes, advertising banners are displayed while any program is running. Adware can be automatically downloaded to your system while browsing any website and can be viewed through pop-up windows or through a bar that appears on the computer screen automatically.
• Spyware : a type of program installed to collect information about users, their systems or browsing habits, sending the data to a remote user. The attacker can use the information for blackmailing purposes or download and install other malicious programs from the web. 

• Viruses : These infect applications attaching themselves to the initialization sequence. The virus replicates itself, infecting other code in the computer system. Viruses can also attach themselves to executable code or associate themselves with a file by creating a virus file with the same name but with an exe extension, thus creating a decoy which carries the virus. 

• Worms : Unlike viruses, they don’t attack the host, being self-contained programs that propagate across networks and computers. Worms are often installed through email attachments , sending a copy of themselves to every contact in the infected computer email list. They are commonly used to overload an email server and achieve a denial-of-service attack. 

SQL Injections 

This occurs when an attacker inserts malicious code into a server using server query language (SQL) forcing the server to deliver protected information. This type of attack usually involves submitting malicious code into an unprotected website comment or search box. Secure coding practices such as using prepared statements with parameterized queries in an effective way to prevent SQL injections.

Password attack

By accessing a person’s password, an attacker can gain entry to confidential or critical data and systems, including the ability to manipulate and control said data/systems.

Password attackers use a myriad of methods to identify an individual password, including using social engineering, gaining access to a password database, testing the network connection to obtain unencrypted passwords, or simply by guessing. 

The last method mentioned is executed in a systematic manner known as a “brute-force attack.” A brute-force attack employs a program to try all the possible variants and combinations of information to guess the password.

 Internet of Things (IoT) Attacks

While internet connectivity across almost every imaginable device creates convenience and ease for individuals, it also presents a growing—almost unlimited—number of access points for attackers to exploit and wreak havoc. The interconnectedness of things makes it possible for attackers to breach an entry point and use it as a gate to exploit other devices in the network.

IoT attacks are becoming more popular due to the rapid growth of IoT devices and (in general) low priority given to embedded security in these devices and their operating systems.

Cryptojacking

Cryptojacking is where cyber criminals compromise a user’s computer or device and use it to mine cryptocurrencies, such as Bitcoin. Cryptojacking is not as well-known as other attack vectors, however, it shouldn’t be underestimated.

Organizations don’t have great visibility when it comes to this type of attack, which means that a hacker could be using valuable network resources to mine a cryptocurrency without the organization having any knowledge of it.

Of course, leaching resources from a company network is far less problematic than stealing valuable data.

Zero-day exploit

A zero-day exploit is where cyber-criminals learn of a vulnerability that has been discovered in certain widely-used software applications and operating systems, and then target organizations who are using that software in order to exploit the vulnerability before a fix becomes available.

 

---