Cyber security has acquired a paramount importance in today’s information systems. It has become vital to identify links or procedures that threaten to crack into digital communication networks of individuals and organizations alike. In this paradigm it is also essential to ascertain the frequency and motive of such attacks so that a clear line of action can be defined that goes on to define the technology that is ultimately employed to counter these threats effectively.
In this article we will scrutinize various methodologies or, more specifically, the types of cyber-attacks frequently used by attackers.
Most computer users are already familiar with the term malware or have been affected at some point by it which is an all-encompassing term for viruses, spyware, trojans and ransomware.
The easiest way for any malware to lodge itself on a system is via dangerous weblinks, copying media through flash drives or simply deceiving an unwary user into downloading email attachments that install malware mostly without any indication.
Once the malware is installed it can wreak havoc by installing more software that gives the attacker further control over the host system. It can also manipulate network systems by periodically or completely blocking access, thereby leading to ransom demands (commonly termed ransomware).
Depending on the intent of the attacker, the malware may inflict physical damage on the system by rendering it inoperable. Spying is a malware favorite, which seeks to acquire personal or other data for destructive or criminal purposes.
This attack is similar to eavesdropping. Hackers can merely settle into middle of transactions and obtain any personal or critical data. Man-in-the-middle attacks are common when an attacker gains access to systems using malware intruding techniques and installs malicious software to the host system. On most instances, the attacker can exploit public networks, for instance unsecured Wi-Fi, by simply settling in between the user and the network, and then lifting the information transmitted by the user.
The practice of fraudulently obtaining personal information from unsuspecting users is termed as phishing. This kind of attack usually does not involve development of sophisticated technology or software. For phishing, the emphasis is on creating communications that either entices the user to willingly reveal sensitive data or extracts vital clues that makes it easier for hackers to guess passwords and other critical information. The latter is categorized under social engineering. A common example of phishing is a scenario in which fake websites or user access portals are created which seem similar to real ones but are, in fact, shells or dummy webpages that steal login information, passwords or credit card information.
DENIAL OF SERVICE ATTACK
These attacks are designed to choke networks and servers by bombarding them with service requests with intent to deplete bandwidth and as a consequence deny authentic uses of service. Such attacks are more effective if the number of devices trying to access the network are greater in number and spread over servers and networks. This attack is commonly termed as Distributed Denial of Service (DDoS) attack. Typical launching technique is to hack into user devices and then utilize all such compromised devices to attack the target system at the same time effectively turning them into zombies!
ZERO DAY EXPLOIT
This kind of attack tries to preempt any fixes or patches that are to be issued after the discovery of loopholes or vulnerabilities. Zero day exploits tend to take advantage of this small window by launching attacks against these disclosed weaknesses but before the fixes are released.
A Structured Query Language (SQL) injection attack is launched by implanting malicious code into servers that dupes it into revealing information that it is not supposed to under normal circumstances. Such attacks are tricky and technically complex to both introduce and defend.