The 8 Most Common Cyber Attacks


most-common-cyber-attacks

More than 2,200 cyber-attacks[1] happen every single day? It’s really no surprise that information security spending is forecasted to have reached $124 billion in 2019, according to a 2017 Gartner report[2]. But for those who don’t have the budget to stop every type of cyber attack, they must focus on the most common attacks that can happen to them or their businesses.

What are the most common cyber attacks?

1. Denial-of-Service and Distributed Denial-of-Service Attacks
2. Man-in-the-Middle Attacks
3. Malware
4. Phishing
5. SQL Injection
6. Zero-Day Exploits
7. Fileless Malware
8. Password Attack

More than knowing what kind of cyber attack you’re likely to encounter, it also helps to understand how to prevent being a victim by these attacks.  So read on and find out how to keep your systems safe.

What are the most common cyber attacks?

There are a lot of types of cyber-attacks out there, and hackers and cybercriminals are getting more and more creative.  But here are the most common ones you should prepare for:

1. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks

A denial-of-service attack is when legitimate users of your cloud-based services, website, web application, or web server are not served because attackers are sending a lot of service requests that are not valid.

For the layman, you can think of it as having to line up at Starbucks, but there hundreds of others ahead of you in line, and they are ordering McDonald’s Baked Apple Pie or McNuggets.

The barista is not only overwhelmed with all the bogus orders and telling them that the order is not available, but the barista will also not even see you in the chaos. They won’t be able to take your order and prepare the drink that you want.

While a DoS attack sends service requests from a single source, a distributed denial-of-service attack sends these requests from a large number of computers or machines that are hosted on different networks.

These types of attacks often try to bring the entire network down, but there are also DDoS and DoS attacks that attack a specific functionality in your site, such as the eCommerce feature.

There are two general types of DDoS and DoS attacks. The first is called flood attacks, which try to overload your systems. The other is called a crash attack, which tries to bring down your network or application.

Effects of a DoS Attack

A DoS or DDoS attack is very easy to do. Amateur programmers can easily write a program that will be able to flood sites with unwanted traffic. Some people offer DoS as a service, allowing their users to conduct such attacks for a few dollars.

As such, there are a lot of DoS and DDoS attacks: around one in every three businesses were hit with a DDoS attack in 2017, twice as many as the number recorded in 2016, TechRepublic[3] reports.

Also, according to Akamai[4], there were 16 percent more DDoS attacks in summer 2018, compared to the number recorded in the same period a year before.

According to Cloudflare[5]:

  • The biggest DDoS attack of all time happened in February 2018. Github was attacked by a high volume of incoming traffic, which at one time peaked at 1.3 terabytes per second.
  • The DNS provider Dyn suffered a DDoS attack that crippled major websites such as Reddit, the New York Times, and Amazon.
  • Spamhaus was also attacked in 2013.

Aside from the easy-to-do and widespread attacks that can affect even the biggest organizations in the world, it can also be used by anyone against any victim.

Businesses who suffer from a DoS or DDoS attack also have their websites crippled. As such, they lose sales, customers, and reputation. There is also the downtime, as well as the cost to mitigate the attack.

Protecting Yourself from DDoS Attacks

There are several ways to prevent a DoS or DDoS attack from affecting your business. You can use IP filtering tools that can detect a real user from bot traffic. You can also use browser fingerprinting and cookie or session states.

There are also cloud-based DDoS and DoS services such as Imperva, Akamai, Core, Arbor Networks, and Cloudflare. These services act as a shield that will help your website or application know real users and prevent unwanted traffic from overwhelming your system.

2. Man-in-the-Middle Attacks

Man-in-the-middle, or MitM, attacks are when an attacker listens into the communication or data being transmitted. To better explain these types of attacks, we will go back to school at a time when you were fond of passing notes with another person.

So there’s you who’s trying to pass a note to Ben. But Ben sits at a row away from you, so you pass the note to Henry, who then passes it to Ben. The problem begins when Henry reads your note and replies to it without passing it on to Ben. You think that the reply was written by Ben. Henry is now able to hijack the conversation.

IBM reported[6] that 35 percent of threats involved attackers that were trying to execute a MitM attack. That is just an estimate, however, as most people who fall victim to this kind of attack have no idea that it is happening.

Different Types of MitM Attacks

There are several types of MitM attacks. Attackers can set up rogue access points where they have a fake Wi-Fi access point that your smartphone or other devices will connect to. Once that happens, the attacker can now manipulate your phone’s network traffic.

Address resolution protocol is another way that MitM attacks are carried out. The network will need ARP to talk to a certain IP address and see if it’s tied to your device via the media access control address. The communication between the host, the ARP cache, and the device can reveal session tokens and may even compromise your accounts.

Multicast DNS or DNS spoofing happens when the attacker uses a fake DNS cache information, much like how ARP spoofing attacks are done. The victim thinks that they are using a legitimate site when they are seeing what the attacker has set up.

For instance, instead of accessing their legit bank website, they are accessing a fake site, and they are sending sensitive details to the criminals via the malicious website. Multicast DNS works the same way, but the traffic is confined to the local area network.

How Are MitM Attacks Carried Out?

Most MitM attacks use sniffing technologies where they look into packets of data being transmitted over wireless networks. Some attackers use packet injection, where they send malicious packets into data streams. The packets will camouflage as valid ones.

Other attackers hijack sessions by sniffing session tokens. They can use these session tokens to make requests to a particular service without needing to know your password.

Another technique is called SSL stripping, where attackers force visitors to visit unencrypted HTTP versions of otherwise protected HTTPS-based pages. This process helps make it easier for hackers to steal your information because there is no HTTPS security.

How to Protect Yourself from MitM Attacks

Avoid being a victim of MitM attacks by:

  • Using strong WAP or WEP encryption for your access points. Encrypting wireless access points will make it difficult for potential attackers to gain access to your network.
  • Using a virtual private network. VPNs are more secure when you need to transmit data via a local network.
  • Using a strong router username and password. Do not use your router’s default login credentials.
  • Forcing all users to use only HTTPS versions of your pages.
  • Using public key authentication will help eliminate spoofing.

3. Malware

When most people think of cyber attacks, the first thing that comes to mind is malware. Malware is short for malicious software, which includes programs or codes that are harmful to your network, computer, and other systems. Unlike other types of cyber attacks, malware is designed to be harmful: it can damage, disable, or invade the victim’s IT resources and devices.

Malware takes over a device’s resources and operations. It has several types, including:

  • Adware: Displays unwanted ads on your screen
  • Spyware: Secretly logs and observes your computer’s behavior and activity and then sends this information to the author of the software
  • Keyloggers: Records your keystrokes in an attempt to get passwords, usernames, credit card details, and other information.
  • Virus: Replicates itself and infects other programs with its code
  • Crypto-jacking: Allows attackers to use your computer and other resources without you knowing to mine Bitcoin, Monero, and other cryptocurrencies.
  • Exploits: Take advantage of vulnerabilities or bugs in your computer’s operating system or installed software to take control of your computer.
  • Worms: Replicate itself and spreads to computers on the same network to destroy files and data
  • Ransomware: Encrypts your files so that it becomes inaccessible and then asks you for money so that you will get the key that will decode everything.
  • Trojans: Let attackers gain access to your system so that hackers can steal useful information or install viruses, ransomware, or other malware

How Malware Gets into Your Computer

According to AVTest.org[7], there are now 1.04 billion malware infections as of April 9, 2020. You and your IT team must learn how it enters your system to prevent it from becoming a problem later on.

There are several ways for malware to get into your computer. First, you can get infected when you visit an infected website that downloads a piece of code onto your computer.

Or you can install infected programs or listen to compromised music files. Malware is also spread via toolbars or extensions, as well as via email attachments. Sometimes, attackers package their malware as useful programs to trick users into downloading and installing them.

How Do You Protect Yourself from Malware?

Because malware comes in many forms, Google[8] recommends several steps to keep them out of your devices and systems.

  • Download and run updates for your computer so that vulnerabilities and security holes are patched.
  • Do not use file-sharing too much.
  • Install antivirus software.
  • Do not open email attachments or images in an email unless you trust the sender.
  • Don’t click links or download files from untrusted sources.
  • Don’t download software from pop-up windows.
  • When possible, don’t use administrator-level accounts. This way, even if malware gets into your system, its spread will be limited.

4. Phishing

Phishing is when the attacker spoofs a legitimate website or acts like a trusted email sender. Phishing attacks have successfully extracted confidential and sensitive information from its victims who thought that they were on the right site or were responding to somebody they know.

For example, Ted from accounting gets a deceptive email asking for the company’s bank account details. But because the from: line in the mail shows that the mail is sent by his boss, Ted sends the files that have the financial data over to the criminals

According to Verizon’s 2019 Data Breach Investigations Report[9], 32 percent of data breaches were helped by successful phishing attacks.

How Are Phishing Attacks Done?

Some criminals use phishing kits that make it easier for them to conduct an attack. Even those with no technical skills will be able to make a phishing attack. The kit is easy to use; you only install it and send emails to your targets. Some kits allow you to copy trusted brands, such as banks and online retailers.

There are several types of phishing. One is where the attacker uses a deceitful website or email to get the victim to hand over confidential information. They can get you to log in to, for instance, a fake website that looks like Facebook. When you enter your username and password, this information is sent to them.

Attachers can also use phishing tactics to make you download software. For example, sending an email to employees in a company with the subject “Your tax form,” making the recipient believe that what’s attached is their tax form. Once downloaded, the software starts to infect your computer and download other files such as ransomware.

Did you know that the most impersonated brands[10] include PayPal, Facebook, Microsoft, Netflix, and Bank of America? This means that chances are, there will be people who will be hoodwinked into visiting fake versions of a site that they use and leave their username and password on it.

How do you avoid falling victim to phishing scams? Educate and train your employees on how to detect phishing attempts. Always keep them updated of new phishing emails and what to expect. This will allow them to discern for themselves if a site or email is legit or not.  Also, have them encrypt all files before sending them out and using another channel to send the password or decryption key to the right person.

5. SQL Injection

Structured Query Language, or SQL, is widely used in programs so that it will be easier to manage the information in relational databases. If your server has SQL scripts, attackers can insert malicious codes into them. The malicious codes will allow them to get confidential information from your database.

How Do You Prevent SQL Injections?

According to this DarkReading.com[11] report, SQL injections are now used in 65.1 percent of web application attacks, as observed from the last quarter of 2017 through March 2019.

You can prevent SQL injections by using blacklists and whitelists that can keep out unauthorized users of your network. You might also want to use firewalls and other prevention systems.

6. Zero-Day Exploits

When programmers find a vulnerability in their software, they announce it. Sometimes, it’s because they need to be transparent, or they want to alert their users about the vulnerability. Other times, they need help from ethical hackers or the community as a whole to come up with a patch.

No matter the reason, you should remember that attackers can exploit the announced loophole until such a time that the programmer has patched it. Sometimes, hackers may have had exploited zero-day vulnerabilities even before the software vendor became aware of it.

Zero-day exploits may be used to introduce viruses, worms, and other forms of malware into your system. This is why ZDNet[12] reports that Cyber Security and IT professionals think that zero-day vulnerabilities are one of the biggest threats to your business’ security.

How Do Attackers Carry Out a Zero-Day Exploit?

Attackers spend time looking at the code of particular software to find vulnerabilities that they can use. Some organizations also sell this information. Often times, the company makes it easier for these hackers by announcing it to the public that they found a security loophole in their program.

After the vulnerability is identified, attackers will try to find an entry point to the software, program, or operating system. Then they will create and launch the exploit code. If they are lucky, the developers might not have enough time to come up with the patch that will plug the zero-day vulnerability.

How Do You Lessen the Impact or Risk of This Attack?

The best way to fight zero-day exploits is to make sure that you have installed the best security suite that has regular updates to its virus definitions and the latest security patches. You should also ensure that all browsers and software are updated.

7. Fileless Malware

Malware is often spread when you visit a site or click on links on an email and you download a malicious file that installs the malware on your machine. Fileless malware works differently in that it lives in your computer’s RAM and then gets into legitimate files like adobe.exe or word.exe.

Fileless malware is not easy to detect because it works on its own. Antivirus software will not be able to sniff it out, prevent it from spreading, or remove it altogether. You will need to reboot your system for the RAM to clear itself.

Hackers will be able to use scripts to run the malware when you restart, which will make rebooting a waste of time. Hackers can also use fileless malware to steal information from your computer or even infect others.

Characteristics

What are the characteristics of fileless malware that you should know?

  • Fileless malware has no footprint, which makes it difficult for antivirus software to detect and remove it.
  • Heuristics scanners fail to detect this type of malware because it does not follow any particular pattern or behavior.
  • It lives in your RAM, which is why it’s sometimes called memory-based malware.
  • Fileless malware uses legitimate programs to make its attack. Usually, these programs are already installed on your computer.

How to Fight Fileless Malware

A Sentinel One report[13] shows that fileless malware attacks have risen by 94 percent in the first six months of 2018, as compared with the same period in 2017. How do you avoid becoming part of that statistic?

Update your software regularly, because fileless malware does its work by exploiting existing vulnerabilities in the programs that you use.

You should also think about disabling Flash on your browser because it’s a very common way to spread malware on browsers. Further, most of the time, there is no automated way to get rid of fileless malware. You will need to do the following manually[14]:

  • Regularly check malicious attacks against CMD, PowerShell, and legitimate application scripts.
  • Check for vulnerabilities, OS patches, and application versions of the software installed on your computer.
  • Restrict other users from using administrative tools such as PowerShell
  • Restrict browsers from running script interpreters such as Java, WMIC, or PowerShell.
  • Invest in an anti-malware solution that uses artificial intelligence, micro-virtualization, and exploit prevention.
  • Invest in Managed Detection and Response software that will help you detect anomalous application behavior

8. Password Attack

Most people use passwords to protect their accounts. So it makes sense that hackers will try to guess your passwords to gain access. There are several types of password attacks.

Brute Force

Brute force attacks happen when the hacker attempts to key in as many passwords as he or she can access your account. Think of it as a robber trying to key in as many random numbers as he can, hoping that one of them works to open your home’s keypad lock.

And you guessed it, most of these are automated. There is also software that can generate passwords according to your parameters. For instance, if a website requires a password with five characters, you can use the Crunch software to come up with a list of possible passwords.

In this case, Crunch will be creating a list of 12.4 million five-character passwords without numbers or special characters.

How do you fight brute force attacks?

Simple–by encouraging users to use a longer and more complex password. If you are using a text password, use a word that’s not listed on any dictionary, such as AVELORA. But it’s always better to mix in both upper- and lower-case letters, special characters, and numbers. On your part, you should try to enforce a strong password policy.

Further, to stop automated brute force attacks, make use of captchas.  This will ask the user simple image-based questions. If they don’t get it right, they wouldn’t be allowed access to their accounts. You can even set up your system so that it limits the number of password attempts.

For example, if a user fails to guess his or her password in three attempts, he or she will be locked out of the account for 10 minutes or so. Because brute force attacks usually try to gain access using millions of passwords, that lockout period will make the whole process significantly longer.

Password Spraying

With brute force, you are trying to attempt as many guesses on one account or a few accounts, hoping that one password on the list works. Password spraying works like that, but instead, it uses a shorter list of commonly used passwords. As the name suggests, hackers will try that short list and spray it on a large number of accounts.

So let’s say that hackers are targeting a certain company. It will try to guess the password of all employees in that organization. But using brute force will not only consume too many resources, but it will also trip the company’s security. So, when using brute force, hackers usually concentrate on one or two accounts.

If they use a shorter list of common passwords on a large number of accounts, they might get lucky and find some employees who use a common password such as 1234, abcde, or get this: password.

Defeating password spraying attempts is simple: force your users to use complex passwords.

Credential Surfing

Another type of password attack involves using stolen credentials to access other services. How does this work? So let’s say a hacker can guess your work email’s password. For example, hackers were able to guess that Alita uses the password TheFatAlleyCat4 for her Alita@yourwork.com email. 

Hackers will be trying that password on other email sites such as Yahoo Mail or Gmail. They will also try to log into other sites using your email and your password.

You will not believe just how many people use the same password for every account they have, as this Security Boulevard[15] article points out. Around six out of 10 people use the same password for all of their accounts.

How to avoid falling victim to credential surfing?

You should use a different password for different services or accounts.

The Most Common Cyber Attacks: Don’t Be a Victim

For the most part, there are several cyber security best practices that you can do to mitigate the risks and protect yourself from becoming the next hacking victim. 

However, it helps to know the most common cyber attacks and how they are carried out, so you can employ special measures to protect your network and data from these cyber attacks.

References:
[1] https://eng.umd.edu/news/story/study-hackers-attack-every-39-seconds
[2] https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124-billion-in-2019
[3] https://www.techrepublic.com/article/33-of-businesses-hit-by-ddos-attack-in-2017-double-that-of-2016/
[4] https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/soti-summer-2018-web-attack-report.pdf
[5] https://www.cloudflare.com/learning/ddos/famous-ddos-attacks/
[6] https://www.csoonline.com/article/3340117/what-is-a-man-in-the-middle-attack-how-mitm-attacks-work-and-how-to-prevent-them.html
[7] https://www.av-test.org/en/statistics/malware/
[8] https://support.google.com/google-ads/answer/2375413?hl=en
[9] https://enterprise.verizon.com/resources/reports/dbir/2019/summary-of-findings/
[10] https://images.idgesg.net/images/article/2020/02/vs_infographic_phishers_favorites_q4_2019_en-2-100832176-orig.jpg
[11] https://www.darkreading.com/attacks-breaches/sql-injection-attacks-represent-two-third-of-all-web-app-attacks/d/d-id/1334960
[12] https://www.zdnet.com/article/zero-days-fileless-attacks-are-now-the-most-dangerous-threats-to-the-enterprise/
[13] https://betanews.com/2018/08/28/fileless-malware-rises/
[14] https://www.intelligonetworks.com/blog/fileless-malware
[15] https://securityboulevard.com/2018/05/59-of-people-use-the-same-password-everywhere-poll-finds/

Recent Posts