1.Phishing
A phishing attack is typically delivered via email and from a believable trusted source (e.g., a bank, streaming service, or charity). It combines social engineering techniques and technology to trick unsuspecting people into giving over sensitive information such as passwords and credit card details.
A more sophisticated hacker may do extensive research on potential employee targets and create personalised phishing emails to increase the probability of success (i.e., spear phishing). For example, an email seemingly sent from a close work colleague providing a dangerous link.
To avoid being caught out, carefully attend to your emails and scan for suspicious information such as inconsistent domain names or strange attachments.
2.Man-in-the-middle attack
This type of attack allows an attacker to eavesdrop on data sent between two people, networks, or computers. This means data can be stolen or altered on its way to a victim. Due to modern end-to-end encryption techniques this attack is less common these days, but it can be further protected against by using a secure virtual private network (VPN).
3.Distributed Denial-of-Service (DDoS) attack
A DDoS attack is carried out when the attacker wants to disrupt or temporarily shut down the targets systems. Generally, this is achieved through flooding multiple compromised devices on the server with traffic to overload it. This may serve to hide data exfiltration or simply to cause an organisation harm through downtime.
4.SQL Injection
SQL injections take advantage of websites that rely on databases to serve their users. Through exploiting HTML form permissions, the attacker can ‘inject’ an SQL query in place of a data function such as a password. The server then runs the command and the system is compromised, allowing for data modification, theft, and deletion.
A common protection against this is the least-privileged model of access. Essentially this means only those who cannot function without key database access are allowed entry. Privileges may only be given to IT technicians and perhaps not even the CEO.
5.Cryptojacking
Usually downloaded in the form of malware, cryptojacking uses the target computers resources to mine for cryptocurrency in a network. It eliminates the overhead in building their own sophisticated mining systems. This runs in the background and can lead to significant slowdown of OS functions or applications. Typically, this malware is built to be hidden on compromised devices and can be difficult to detect.
Be careful what you are clicking and downloading. Also run periodic scans with anti-malware programs to increase your chances of staying safe.
6.Malware
Malware is a term used to describe malicious software. This software can have various functions depending on the threat actor’s objectives. Successful installation of malware may alter integral system protections, spread to other systems, destroy data or monitor the flow of network traffic on system to identify vulnerabilities. Several types of attacks listed in this article are forms of malware.
7.Drive-by-download Attack
This is where an unsuspecting victim visits a compromised website or one controlled by the attacker. It does not require the victim to click on anything or open malicious attachments to become infected. Typically, the attack will leverage a security flaw in a web browser, app or OS to achieve this.
Although this is harder to effectively defend against, by keeping your software and hardware updated many of these exploits will be known and patched against. Protective web security software is also an option.
8.Cross-site scripting (XSS) attacks
Cross-site scripting uses a similar technique to an SQL injection attack, although instead of extracting data from a site they usually directly target and infect the users that visit the site. For example, an attacker may store malicious script in the data sent from a search or contact form within a site. When the user interacts with the form the script will execute and infect their device or perhaps steal their credentials.
9.AI-Powered Attacks
Artificial intelligence is increasingly being used in cyber-attacks and it’s clear that the world is heading in that direction. AI can rapidly identify software vulnerabilities, as well as scan systems for potential vulnerabilities without third party intervention. The good news is that we have AI-driven security techniques as well.
The reason this is a scary prospect for security experts is that AI-powered software is capable of trial and error in learning the best approaches to breaching methods. AI-generated text, audio and video (deepfakes) can also be used depending on the method of attack.
10.IoT-Based Attacks
IoT devices are nonstandard computing devices such as smart phones, watches, smart locks etc. These devices are generally less secure than a regular device such as a Mac or PC. The technology is still relatively new, so we’re yet to see how hackers will identify and leverage security weaknesses.
These are just a handful of common attack methods. If you’re worried about your ability to defend against attacks like these, schedule a free consultation with Evisent today.
