cyber-attack - en
What is a Cyber Attack?
What is a Cyber Attack?
A cyber-attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A cyber-attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods, including malware, phishing, ransomware, denial of service, among other methods.
Types of Cyber Attacks
Cyber-attacks can be of various types. You need to be aware of all those types of cyber-attacks to guarantee your utmost safety and security.
- Malware
Malware is considered as software that is intentionally developed to disrupt computer, server, client, or computer network. Malware can be in the form of scripts, executable codes, active content, and other malicious software. These codes can be computer worms, viruses, ransomware, Trojan horses, adware, spyware, or scare ware. Malware, as the name suggests, is designed with a malicious intent to cause damage to the website/computer user.
The most prominent damages caused by malware are:
- As ransomware, it blocks access to key components of the network.
- Installs harmful software/malware
- As spyware, they can steal valuable information from your system (spyware)
- They can damage certain hardware components of your system and make them inoperable.
- Phishing
The main aim of Phishing is to steal restricted and private information such as credit card details, login ids, and passwords, etc.It is usually done through email spoofing or instant messaging.They carry a link that directs users to a fake website which looks similar to the legitimate site and asks them to enter personal and secure information. It is a fraudulent activity intended to cheat users.They bait the users by claiming to be from a reliable third group such as auction sites, online payment processors, social web sites, banks, or IT administrators. You need to be well aware and acknowledged with such fraudulent activities to bypass any such fraud activities.
- Man-In-The-Middle Attack
In Man-in-the-middle (MitM) the invader covertly modifies the chats and dialogues between two people who are communicating with each other. In a Man-in-the-middle attack, the communicators are made to believe that they are directly communicating with each other without any interference from any third party. But the truth is that the whole communication is controlled by the invader while making the communicators believe that they are talking to each other. It is also known as eavesdropping.
- Denial-of-service attack
In denial-of-service attack (DoS attack) the offender tries to make digital assets inaccessible to its anticipated users. The offender provisionally interrupts services of a host who is linked to the Internet. It involves overflowing the besieged machine with surplus applications to burden it from fulfilling the legitimate requests.
- SQL Injection attack
A Structured Query Language (SQL) injection attack allows the intruders to run malicious SQL statements. These SQL statements have the power to take over the database server. Using SQL injection intruders can overcome application security measures. It allows them to pass through the validation and approval process of any web application.It also allows them to recover the entire data from their database. It also gives access to intruders to add, modify, and delete data in the database.An SQL Injection allows intruders to fiddle with various databases including MySQL, Oracle, SQL Server, or others. It is widely used by attackers to get access over:
- Personal data
- Intellectual property
- Customer information
- Trade secrets and more.
- Zero-Day Attack
The zero-day vulnerability is a defect in the software, hardware or even the firmware. It is hidden from the teams responsible for fixing this bug. It is referred to as zero-day as it has a zero day time gapped between the times it is detected and the first attack.
- Cross-Site Scripting
In Cross-Site Scripting (XSS) attacks the malicious scripts are embedded to reliable websites. The intruders send malicious code to different users by embedding them into a trusted website usually as a browser side script. The web browser cannot recognize this malicious script and has no idea that it is unreliable, and hence it executes the script as it comes from a trusted source. But alas these malicious scripts have powers to access any session tokens, cookies, or any other secret information that is used by that site.
- Credential Reuse Attack
With almost every personal account asking for Ids and passwords, we tend to reuse them for various accounts. Though it is a big NO, we tend to reuse one id and password for many accounts. Reusing the same password can be a big threat to your security. The intruders can steal your usernames and passwords from a hacked website and they get a chance to log in to your other account using the same id n passwords. And if you have reused them they get a golden opportunity to peek into your private accounts including your bank account, email, your social media accounts, and many others. And we really do not need to tell you how hazardous it could be! So follow password security best practices and avoid using the same id and password for multiple accounts. You can use Password managers to manage the various IDs you use.
- Password Attack
Passwords are the main gateways to securely enter into your personal accounts. Getting access to these passwords is an age-old and most convenient way to intrude into someone’s private account. Our passwords are usually connected to our life’s incidents, people and places and hackers take benefit of such details. They can even sniff into the network to gain access to unencrypted passwords. Attackers can use either of the below given two approaches to get hack your passwords:
- Brute-force
Brute force is just like any other guessing game where you apply your wits and logic and expect that one of your guesses might work.
- Dictionary attack
In such attacks, attackers use a dictionary of common passwords to intrude into the user’s computer and network.
The attackers copy encrypted file having the list of passwords, and use it to a dictionary of frequently used passwords. They then compare the results to take hold of the user’s password.
The account lockout policy is the best method to evade such risks as it locks your account after a few wrong attempts and hence securing your accounts.
- Drive-By Download Attack
Drive-by –download attack is a common method used by hackers to spread malicious scripts or codes on user’s systems. Attackers embed a malicious script into an insecure website’s pages. Whenever you visit such websites, the scripts will automatically install on your system or might redirect you to a website that is controlled by the attacker. These attacks can occur by visiting a website, a pop-up window or an email message. Drive-by downloads do not require users input to get activated. It does not require you to download/open any malicious attachment. It uses an operating system/ web browser with inadequate security features.
- To avoid the risk of drive-by download attack you should:
- Keep operating systems and browsers up to date
- Avoid suspicious websites.
- Try to use known websites as much as possible.
- Don’t download unnecessary programs and apps.
- Keep minimal plug-ins.