It is true that most common cyber attacks leverage gaps in technical devices or technological aspects a business uses, to cause damage. It is, however, wrong to assume that hacking attempts befall only technological companies; any business big or small, or even individuals have become likely targets for cyber attacks. It is equally wrong to be under the impression that you need to be technologically savvy or knowledgeable to ward off cyber threats.
The truth is, most common cyber attacks can be prevented just by up-to-date awareness, and a little alertness. Of course, it helps to have purchased services from trusted security providers. But that is not the focus of this blog. This blog instead talks about common cyber attacks and how they are carried out. Armed with this knowledge, you can be on the lookout, and prevent falling prey to cyber crime.
5 Common Cyber Attacks
Malware, earlier MALicious softWARE, is a piece of code embedded within a program that can execute actions on your infected system. Malware can corrupt files, leave a ransomware that locks you out of your own system, or steal your credentials as you type out keystrokes.
The effects of a malware can be obvious or invisible, depending on the intent behind the cyber attack. Sometimes, the only intent is to cause you discomfort, so the hacker will bog down your system by utilizing extravagant resources, thus causing an overload. At other times, the hacker can have a more dangerous endgame in mind, and will silently prowl around in your system, mining whatever sensitive data he can. Later, he can use this information for an Account Takeover attempt, or leaving backdoor accounts for other attacks.
How are Malware Attacks Carried Out?
Common entry points for malware to enter your system are emails, USB data transfers, or engaging with fake web pages or web forms on the internet, or viruses that enter your system through weaknesses in your network security. Hackers will also use social engineering to get you to divulge information which they can then use to trigger malware.
These are one of the most common cyber attacks being used today. A phishing attack is carried out using one or more ruses in order to gain illegal access into your system. Malware attacks can also be a type of phishing attacks. A phishing attack will use some act or trick that will cause you to react emotionally and interact with malicious links or webpages.
Some examples include mails which say you’ve been locked out of your account and need to re-enter your credentials, or that you have won some money and need to click on a link to claim it. Sometimes, it won’t be a link in an email but an attachment in an email which releases malware once you download and open it.
Spear Phishing Attacks
Most phishing attacks are sent to a bunch of people with generic phishing bait. But sometimes, hackers target specific people (for e.g., employees of the finance department) via phishing. In these cases, the hacker will meticulously study his victim and plan out a ruse which will resonate with that specific individual. Because this is a pointed attack, it’s called as spear phishing. Generally, spear phishing attacks are more difficult to detect than a phishing attack.
How are phishing attacks carried out?
Phishing attacks are majorly carried out using emails. It can branch into other attacks like Vishing (voice phishing over telephone calls) or smishing (SMS phishing, with malicious links in each message).
1.3 Man in the Middle Attacks
Email communication is booming day by day. In MiM attacks, the hacker will inject themselves into an email communication stream and monitor the communication. After learning the ‘etiquette’ of how emails are sent to and from a company, the hacker will mimic formal emails and send out his own emails. For this purpose, he first spoofs an email address of a valid employee so that emails from him appear to come from a valid source. Examples of MiM attacks include business email compromise attacks and invoice fraud.
How are MiM Attacks carried out?
Man in the Middle attacks rely solely on phishing. A hacker will steal valid credentials of an employee using phishing to inject himself into the conversation.
The most immediate security standing between a hacker and illegal access to a system is the password. If a hacker can get your password in some way, it would save them the trouble of planning out elaborate phishing ruses.
Brute Force Attacks
On an average, people’s passwords are more silly and common than you’d like to admit. People still keep their birthdays, pet’s names, or favorite things as their passwords. Sometimes, people will scramble a letter or two or use !,@,$ instead of the alphabets i,a,s etc. A brute force attack is a ‘try all combinations’ attack in which a hacker tries out all permutations and combinations of some root word, hoping that one combination will turn out to be the password.
Complete words just might turn out to be the password the hacker needs to enter your system. A dictionary attack is a common cyber attack in which the hacker tries out every word in the dictionary, to check if one of the words is actually the password. These attacks have become less frequent as more and more logins are making users add special characters, numbers and capital letters.
How are password attacks carried out?
In order to carry out a password attack, a hacker needs some level of knowledge on his victim. This can be obtained by monitoring the person’s social activity, or by actually observing the person through his day-to-day activities. There have been bizarre cases where passwords have been hacked because they were overheard as one person narrated it to another. Never say your password out loud, or store it on a writing pad somewhere others can get to it. Use multi-factor authentication as an additional level of security.
Cross Site Scripting
When a webpage loads, it does so using a variety of scripts that run on the browser. There are .css files for UI or .js files for added functionality on the page. Cross-site Scripting (XSS) is a browser level code-based attack. The hacker aims to run malicious scripts on the victim’s browser. The malware triggers and becomes active when the victim engages with the web page or web application that has the malicious code embedded. Such an online resource is known as a vehicle which delivers the malware to the victim’s browser.
How are XSS attacks carried out?
Common ‘vehicles’ used for XSS attacks are forums, message boards, and web pages that allow comments or some form of user interaction. If the webpage developer has not enforced proper restrictions on form inputs like file uploads or text entry, such a form can become an entry point for an XSS attack.
This concludes the list of common cyber attacks. Stay alert, stay aware, and follow your instinct if you feel something is amiss. For more resources on cyber security, visit our blog. If you have specific security queries, reach out to us.