Every so often, news of a major cyber attack grabs international headlines. Often, such incidents affect some of the largest companies and websites in the world. Of course, this doesn’t mean smaller websites aren’t hacked. It’s just that the bigger the target, the bigger the story so international media houses will naturally give prominence to attacks that affect major brands.
If you were to take the time to investigate both major and minor cybersecurity incidents that have happened over the last year, you are likely to find certain things in common. Whereas the types of cyber attacks vary greatly (many are covered on DNSstuff), certain types of attacks are more common. We look at these below.
1. Distributed Denial of Service (DDoS) Attacks
Denial-of-service (DoS) attacks seek to overwhelm a server’s resources in order to make it difficult for the server to respond to legitimate user and system requests. A DDoS attack is a DoS at scale. As opposed to launching the attack from a single machine, DDoS originates requests from hundreds, thousands or millions of infected host machines that are centrally controlled by the attacker.
As opposed to more conventional hacking attacks, DDoS doesn’t usually provide any material benefit to the attacker. It’s often done for fame and notoriety. Sometimes though, a DDoS may be launched to advance a cause (such as when Anonymous attacked several websites that were deemed to be hampering the work of Wikileaks and its founder Julian Assange). In rare cases, a business may covertly organize or fund a DDoS attack on their competitor.
Phishing is one of the less technical forms of cyber attack though the complexity and sophistication vary greatly. Generally, phishing involves sending emails that would appear to originate from a trusted and reputable source but that are in fact only meant to deceive the recipient to share sensitive information. In that sense, it is a form of social engineering.
The exact form phishing takes is continually evolving in order to evade cybersecurity training, spam filters and antivirus software. The phishing email may employ multiple techniques including a convincing narrative, a link to a fraudulent website or a malware-infected attachment.
Some forms of phishing can be extremely targeted (referred to as spear phishing) and are preceded by extensive intelligence gathering including the name of the target, their location, employer, job role and close friends. All this is meant to make it harder for the email recipient to know they are being attacked.
3. Password Attack
Hacking can be hard work. Trying to penetrate an application’s back end requires deep technical knowledge. It can take weeks, months or years of work to identify and exploit a vulnerability in a banking system for instance. However, all that work would not be necessary if you can obtain the password of an authorized user. That would provide front door access that wouldn’t trigger suspicious activity alerts from server monitoring and antivirus software.
In fact, one of the most common goals of phishing emails is to get the recipient to unknowingly share their password. An attacker may also obtain a password via a social engineering phone call, access to a cleartext password file, looking at handwritten notes on an employee’s desk or outright guessing. They could also pursue a more technical approach such as a brute-force or dictionary attack.
Malware is unauthorized and malicious software that’s installed on servers and computers. How it’s installed and propagated can take various forms. The most common types of malware include Trojans, stealth viruses, boot-record viruses, file infectors, MS Office macro viruses, worms, spyware, adware, and ransomware.
Malware seeks to either disrupt your systems or relay information to a third party via the Internet. Since the potential origin of malware is so diverse, you need a wide range of techniques to keep such malicious software at bay.
Mounting an effective defense against cyber attack is dependent on understanding what the offense looks like. Spam filters, firewalls, server monitoring tools, antivirus, and end-user training are all defensive tools that are useful to varying degrees depending on the nature of the attack.