Types Of Cyber Attack You Need to Know!

As we have seen in the past few years, hackers are becoming more aggressive. A large amount of companies have been hacked some of which are amongst the behemoths such Yahoo, LinkedIn and eBay. However, not many people know what types of cyberattacks are there and refer to each of them briefly as virus. Here in this blog, we will talk about 7 most common types of cyberattacks and explain how each of them are carried out.

1. Malware

This refers to various forms of harmful software. Usually gets spread through pop ups and emails with malicious attachments, which when opened can wreak all sorts of havoc upon your machine from taking full control to monitoring all your actions and sending them back to the attackers base. There are various methods that the attackers use to send malware into your computer, but usually is depends on the users whether to install it on their computers or not. One of the most popular recent examples of this would be Judy malware which mainly targets android devices.

 

 2. Phishing

Phishing is when the attacker pretends to be someone who the victim knows and trusts and sends them links to install malware. The email often seems legitimate and will have some urgency to it. Exploiting on impulses and human curiosity of the cyber victims, ‘phishers’ can sometimes be very difficult to stop. In an example below you see how authentic and deceiving a phishing attack seems. For example some AIB customers from Wicklow were affected by a phishing scam in May 2017. It involved a scam where criminals called AIB customers and told them that some transactions were made using their accounts in Ukraine. AIB has warned it’s clients to simply stay alert and if they suspect a call being fraudulent, to hang up and ring AIB support team. Commented [MA1]: As we have seen in the past few years, hackers are becoming more aggressive. A large amount of companies have been hacked some of which are amongest the behemoths such Yahoo, Linkedin and Ebay

 

 3. SQL Injection Attack

SQL is the programming language used to communicate with databases. Many servers that store a lot of data use SQL services to take care of it. A SQL injection attack specifically targets this kind of server, using malicious code to get the server to divulge information it normally wouldn’t. This is causes a lot of problems if the server stores private customer information from the website, such as credit card numbers, usernames and passwords and other personal details. The hackers use the SQL injection if there is a weakness on the site’s SQL. They can simply type in the hack code on the websites search engine which will cause SQL to dump all the usernames and passwords that it stores. For example TalkTalk is a UK-based telecoms company and ISP. It suffered a major data breach back in 2015 and the cause was an SQL injection attack.

 

4. Cross-Site Scripting

Cross-Site Scripting is similar to SQL injection but here the hacker is targeting users’ personal information whereas they would use SQL injection attack when targeting financial information. A hacker types up a malicious code in a comment section of the blog and targets users that would click in to it. For example Verizon had also experienced such attacks. “Anyone using the web client could easily be targeted with a payload,” Westergren said. Users, the researcher said, would not have to click on an attacker’s link; simply viewing the message could be enough to trigger the vulnerability. “An attacker could take over the session and it would allow anything within the web client.”, ThreatPost.

 5. Denial of Service

Denial of Service (DoS) is a type of  cyberattacks that prevents users from getting their requests serviced by the targeted machine. Usually this attack works in a way when hackers deliberately overload the targeted machines with requests and develop cyber traffic blockages. Hence the machine cannot satisfy users’ legitimate requests. Usually this attack is employed by hacker in order to stop the victim from doing anything on the computer. Healthcare companies in US are currently suffering from DOS. “recent Neustar report found denial-of-service attacks on healthcare increased 13 percent in the last year, and the U.S. faced 14 percent more attacks than its global counterparts.”, Healthcare IT News.

 6. Session hijacking and man-in-the-middle attacks

Session hijacking is a type of cyberattacks in which a hacker interferes in a user’s session by using a ‘magic’ cookie. Basically a hacker steals HTTP cookies and uses it to exploit a valid computer session. That way he can track down and see what kind of information his victim is accessing. This type of attack happens when the victim is simply accessing his/her browser. According to an expert, Judith Myerson, “An attacker with local Windows admin privileges can remotely hijack a user’s session without knowing the user’s password.”

 7. Credentials Reuse

This is often caused by a fault of cyber users when they reuse same logins and passwords for every website that they are registered on. Hackers rely on this possibility when they have a data collection of usernames and passwords and if it works they simply access users’ other accounts and steal more data. “DefenseCode security researcher Bosko Stankovic has detailed a credential theft attack on Windows that works by tricking a Chrome user into downloading a Windows Explorer Shell Command File or SCF (.scf), a format that’s been used since Windows 98 as a Show Desktop icon shortcut.”, ZD Net.

Credentials Reuse cyberattacks

 Some of the cyberattacks in this list are similar to each other but each are applied differently in practice. Always protect your system from such attacks and verify every sender of links and messages, use different passwords for all of your accounts and seek professional help if you get hack. Protect your data and locate where critical data exists in your network. PixAlert helps prevent data breaches and protect your firm’s critical data. Our software monitors and scans the entire system to locate and limit the access of data. whether the data is stakeholders personal data; Name, address, PPS numbers, credit card numbers etc. or inappropriate images that can compromise the firm’s reputation.

Protect your data and download a free trial of Critical Data or Image Auditor.

Niall Kelly