Oh, great your back! Let’s continue with our data protection security series by talking about different types of cyber-attacks. What is a cyber-attack? A cyber-attack is when an organization or individual intentionally and maliciously attempt to breach the information system of another organization or individual. The main goal for somebody or a group to complete a cyber-attack is for economic gain such as money, however, it has been found that it is done simply to destroy data. A cyber-attack can affect an individual or an organization without notice or very little warning. They can be avoided sometimes but because individuals or groups are conducting an attack frequently, their methods will constantly change and get better. This makes it hard to prevent all attacks from happening to you. Let us look at 10 of the most common cyber-attacks that can or may happen to you or your company.
Malware is a term used to describe malicious software, including spyware, ransomware, viruses, and worms. Malware will breach a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs malicious software.
The following is an explanation of some the common types of malware:
- Viruses— Infects applications by attaching themselves to the initialization sequence, executable code, or a file. The virus will then replicate itself, infecting other code in the computer system or by creating a duplicate (virus) file with the same name but with an .exe extension, thus creating a decoy that carries the virus.
- Trojans— Are program(s) that will hide inside a useful program with malicious purposes. Trojans do not replicate themselves and used to establish a backdoor to be exploited by an attacker(s) later.
- Worms—Do not attack the host because they are self-contained programs that propagate across networks and computers. Worms are often installed through email attachments that send a copy of themselves to every contact in the infected computer email list. Worms are commonly used to overload an email server and achieve a denial-of-service attack.
- Ransomware—Is a type of malware that denies access to data stored on a system. The attacker will threaten to publish or delete it unless a ransom, usually in some type of currency, is paid. Advanced ransomware uses cryptoviral extortion, encrypting the victim’s data so that it is impossible to decrypt without the decryption key.
- Spyware— Is a type of program that is installed to collect information about a user(s), their system, or browsing habits, and then sends the information to a remote user (attacker). The attacker can then use the discovered information to blackmail or download and install other malicious programs from the web.
Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email. It has also been seen for a phishing attack to happen via phone or text messages. The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine. Phishing is an increasingly common cyberthreat.
Types of phishing attacks:
- Spear Phishing—targeted attacks directed at specific companies and/or individuals.
- Whaling—attacks targeting senior executives and stakeholders within an organization.
- Pharming—leverages DNS cache poisoning to capture user credentials through a fake login landing page.
Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal the data. The challenge with this type of attack is that it is very difficult to detect, as the attack makes you think the information is going to a legitimate destination.
Two common points of entry for MitM attacks:
- On unsecure public Wi-Fi, attackers can insert themselves between a visitor’s device and the network. Without knowing, the visitor passes all information through the attacker.
- Once malware has breached a device, an attacker can install software to process all the victim’s information.
A denial-of-service (DOS) attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch a DOS, this will turn the attack into a distributed-denial-of-service (DDoS) attack.
Common types of DoS and DDoS attacks:
- TCP SYN flood attack
- Teardrop attack
- Smurf attack
- Ping-of-death attack
A Structured Query Language (SQL) injection occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information that it normally would. An attacker could carry out a SQL injection simply by submitting malicious code into a vulnerable website search box. Secure coding practices such as using prepared statements with parameterized queries is an effective way to prevent SQL injections.
A zero-day exploit hits after a network vulnerability is announced but before a patch or solution is implemented. Attackers target the disclosed vulnerability during this window of time. Zero-day attackers will jump at a disclosed vulnerability during a small window of time where no solution or preventative measures exist at that moment. To prevent zero-day attacks requires constant monitoring, proactive detection, and agile threat management practices.
Passwords are a widespread method of authenticating access to a secure information system which makes them an attractive target for cyber attackers. Password attackers use a myriad of methods to identify an individual password, including using social engineering, gaining access to a password database, testing the network connection to obtain unencrypted passwords, or simply guessing. The most common method of a password attack is called a brute-force attack. This type of attack is executed systematically. A brute-force attack employs a program to try all the possible variants and combinations of information to guess the password. Another password attack that can be seen is called a dictionary attack. A dictionary attack is when the attacker uses a list of common passwords to attempt to gain access to a user’s computer and network.
Rootkits are installed inside legitimate software and are used to gain remote control and administration-level access over a system. The attacker can then use the rootkit to steal passwords, keys, credentials, and retrieve critical data. Once a rootkit is installed and a user allows the program to make changes in your OS, the rootkit will then install itself in the system (host, computer, server, etc.). The software will remain dormant until the attacker activates it or is triggered through a persistence mechanism.
Internet of Things (IoT) Attacks
While internet connectivity across almost every imaginable device creates convenience and ease for individuals, it also presents a growing number of access points for attackers to exploit. An IoT attack(s) are becoming more popular due to the rapid growth of IoT devices and are low priority given to embedded security in these devices and their operating systems. IoT devices are vulnerable to hijacking and weaponization for use in DDoS attacks, targeted code injection, man-in-the-middle attacks, and spoofing. IoT devices can also be controlled remotely and/or have their functionality disabled by an attacker.
As the threat of cyber-attacks happening to you, a business/organization, or government entity continues to increase as technology expands, now is the time to be prepared. Keep your eyes open for another blog from me to discuss ways to prevent or protect your network from being vulnerable to a cyber-attack. In the meantime, look at some of the great data protection software that is offered by Dell Technologies. I recommend that you look at Dell’s PowerProtect Data Manager (PPDM) and PowerProtect Cyber Recovery Solution. I’ve discussed briefly PPDM in a previous blog, What is Transparent Snapshot?. If you haven’t checked out this blog yet, I highly recommend you do. I plan to dig a little deeper into PPDM in the future, however, I’ve left a link below for my information about PPDM below. As for Dell’s PowerProtect Cyber Recovery Solution, this is my first time mentioning this one and is also in the works to discuss this product in more detail soon so stay tuned for this one as well. However, PowerProtect Cyber Recovery protects and isolates critical data from ransomware and other sophisticated threats.
Until next time, continue looking at our GEOS website for more interesting blogs from some of the other members of my team. One last thing, but you promise not to tell anyone but…a podcast featuring myself is in development!!!