Stop and look around you. The world is changing at a pace faster than usual. With digital transformation setting its foot in every aspect of our lives, we are getting more exposed and vulnerable to cyber crimes now. Cyber Attacks are accelerating day-by-day and we need to be aware of it now more than ever. So, read on to find more about the different types of Cyberattacks.
1. Malware Attack – The malicious software, popularly known as Malware uses a system vulnerability to breach the network and disrupts the normal functioning of any device. As soon as the user clicks on a malicious source or link, malware is installed to the system and it starts attacking by collecting user activity data without their permission, stealing information from the system, encrypting it to demand a ransom and so on. Malware can also attack a system offline using CD, DVD or USB device. There are many types of malware present but the most common ones that we are likely to come across are:
Real-world examples of malware attacks are RYUK, WannaCry, Emotet, Fireball and Stuxnet
2. Phishing Attack – This is the most commonly increasing attack in the cyber world today. In this attack, the bad guy disguises as a reputable entity and lures the victim to open a fraud E-mail, instant message or SMS and gains access to restricted and confidential information such as credit card details, login IDs, passwords etc. Phishing attacks are also taking place via social media and other online communities quite frequently now.
Real-world examples of Phishing attacks are Nigerian scams, Go Directly to jail, Tech support scams.
3. SQL injection attack – The most popular attack on a web application that uses a database is SQL injection (SQLi) attack. SQLi is a code injection technique used to execute malicious SQL statements into a vulnerable website. A successful SQL injection attack allows sensitive data exposure, broken authentication and access controls.
Real-world example includes SQLi attack on Telecom company TalkTalk and attack on Heartland Payment Systems.
4. Man-in-the-middle Attack – When a hacker inserts himself between the network and a user’s device and overhears the communication between them due to insufficient encryption is known as Eavesdropping or Man-in-the-middle Attack. The attacker gains access to unauthorized data illegitimately.
Real-world example is of a Dutch cyber security company Fox-IT.
5. Denial of Service (DoS) Attack – In this attack, online service or website is overburdened with requests which exhaust its resources and bandwidth and makes the system incapable to handle legitimate requests. Thus, impacting customer loyalty and brand trust. Distributed-denial-of-service (DDoS) attack occurs when requests come from multiple compromised computers also known as botnets at the same time.
Real-world examples include DDoS attack on GitHub, attack directed at Dyn, the Estonia attack.
6. Drive-by Attack – Unlike many other types of attacks, a drive-by attack does not need a user to perform any activity on a website to enable the attack. It can lead to installation malware even when the user just visits an infected website. These attacks can be avoided by keeping your browser and OS updated and minimising the plug-ins.
7. Password Attack – This attack can be carried out by password sniffing, social engineering, using a password database or by applying different combinations which can be done randomly or in a systematic manner.
8. Zero-day Attack– Attackers jump at the recently disclosed vulnerability within a stipulated amount of time before a patch is implemented for it and hence the name Zero-day Attack. This type of attack requires constant awareness.
Real-world example includes Dridex Attack on Microsoft zero-day.
9. Attack on Internet of Things (IoT) devices – As the world increasingly relies on IoT devices, the cybersecurity attacks on the same are now accelerating at an unprecedented rate. They are becoming the most vulnerable access point for our home and business network.
Real-world example includes Mirai IoT Botnet.
10. Cryptojacking – When cybercriminals use malware to gain unauthorized access to people’s device for mining cryptocurrencies, it is known as Cryptojacking or malicious Cryptomining. It results in performance lag or slows down your device and may also overheat the device.
Real-world example includes Nicehash hack.
– Surabhi Verma (MBA-ITBM 2020-22)