We know that,
A cyber attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods to launch a cyber attack, including malware, phishing, ransomware, denial of service, among other methods.
A cyberattack is a malicious and deliberate attempt by an individual or organization to breach the information system of another individual or organization. Usually, the attacker seeks some type of benefit from disrupting the victim’s network.
These attackers use a combination of malicious code to attack a vulnerable system and gain control over it. There are various types of cyberattacks like malware, phishing attacks, Denial-of-Service (DoS), Man-in-the-Middle (MITM), etc., that are used to hack a system and then either demand money in the form of cryptocurrency or sell data on the dark web.
What are the common types of cyberattacks?
Phishing:
The is one of the most common types of online attack used by hackers. In phishing, the attacker poses as a trusted source and sends a malicious email that looks legitimate at first sight. The motive behind sending the masquerading email is to obtain sensitive information such as usernames, passwords, credit card and other banking details, etc.An example of a common phishing attack could be an email about your social media account’s password expiry. The email is likely to contain a link that looks legitimate at first, but if noticed carefully, you may see some manipulation in its spelling. Let’s just say the hacker pretends to be from Instagram and sends a password expiry mail. The URL, in this case, could have Instagram’s name written as Instagarm/Instagrom/Instagam, etc. There is also a possibility that the email id reads itself as ‘instagram@gmail.com’, which is not the official Instagram contact.
Smishing is a form of phishing attack but is typically done via an SMS. The message typically claims that the user has won a lottery and to claim it, the user needs to enter the details. If you click on such links, the website (which may also look legitimate) could trap and capture your credentials without your consent.
It is important that you read such emails carefully and avoid clicking on seemingly suspicious URLs.
Malware:
Malware is short for ‘malicious software’, which as the name suggests is a software that features the payload for accessing the victim’s data. This software installs a program which includes various types of malware like ransomware, spyware, trojans, worms, etc., which are designed to either damage a system or a network or delete/alter/ hijack data on that system.Ransomware is one of the most commonly used malware used to steal data. Once the malware is installed in a system, it hunts for sensitive information and encrypts it. The system then pops up a message asking for a ransom. Hackers often threaten to delete the data or sell it online if the victim refuses to pay the ransom. The victim is likely to regain access to their data only if they the asked amount. However, there is no guarantee of the hacker giving the data back or delete it from their system.
Use of a reliable antivirus application is the best way to scan the system and remove any installed malware. Users should avoid downloading and installing any software application or file from third-party websites or any from suspicious emails.
Denial of Service (DoS):
A DoS attack is a brute force attack aimed at bringing down a system or a website’s traffic and making it go offline. Attackers can flood a system or website with excessive traffic or send altered information that triggers a crash, making it inaccessible for other users.In computer networks, attackers can use a form of DoS attack called Distributed DoS (DDoS). Like DoS, DDoS saturates up the bandwidth with excessive traffic from various systems connected to the main server, thus clogging up the network and eventually bringing it down. The goal of such kind of attacks is to make sure that the victim network or website loses out on traffic or use it as a distraction to target other networks.
Man-in-the-Middle (MITM):
Here, the attacker eavesdrops a communication between two parties. These parties could be between two users or a user and an application or a system. The attacker impersonates themselves as one of the two entities, making it appear as if both the legitimate parties are communicating with each other.Behind the scenes, the attacker intercepts the communication between the two (as if they are sitting in the middle), thus having access to all the information shared between the two parties. The goal of such attacks is to get personal and sensitive information from the victim, which typically includes banking and finance-related information.
To avoid such attacks, ensure you are connected to a secure internet connection. Visit websites with HTTPS protocol that use various encryption levels to avoid any kind of spoofing attacks.
SQL Injection and Cross-Site Scripting (XSS):
In an SQL Injection attack, the hacker attacks a vulnerable website’s database to retrieve sensitive information. The attacker uses malicious code to target any of the database’s SQL vulnerabilities, thus gaining access to all the data stored in the database upon successful implementation.In the case of an XSS attack, the attacker targets web apps that deliver the malicious code to a web browser. The web browser acts as a bridge for execution and the code is only injected when the user visits the attacked website.
During such attacks, sensitive information that the user enters on the website can be hijacked without any website or the user’s knowledge.
0 Comments