Types of Cyber Attacks – Part II

Takeshi EtoWe learned recently that October has been designated National Cybersecurity Awareness month, so we are posting on the topic of Cybersecurity.

In a previous post, we discussed a partial list of common types of Cyber Attacks and here we continue listing out some more types of threats.

Zero-day Exploits
Zero-day exploits are attacks that take advantage of a newly reported network or software vulnerabilities. The hacker tries to exploit the vulnerability during the window of time before a security patch is developed, released and installed on a network.

Password Attack
Because passwords are the most widely used method to authenticate users, hackers have developed many techniques to try to guess a user’s password. One brute force method would be to use a “dictionary” of common passwords. In addition, because of the sheer number of logins that a user manages nowadays, it is common for people to reuse their passwords across many sites/services. So a hacker may obtain one set of username/password for a site/service, but then use that information to test other sites/services to see if they can gain access.

SQL Injection
This occurs when a hacker inserts malicious code into a server using SQL (server query language) to gain access to data or a network. Typically, the malicious code is submitted into unprotected website comment boxes, search boxes, or form fields.

Cross-site Scripting (XSS)
While SQL Injection attacks target the website and the web server infrastructure, a Cross-site scripting attack involves malicious code injected into a website but the target is the visitor to the website. One common method used by hackers is injecting malicious code into a comment that is posted on a website or blog.

Rootkit
A Rootkit attack is a particularly dangerous type of software that allows a hacker to stealthily access a computer network without detection. For example, kernel-mode rootkits changes components in the computer’s operating system allowing the hacker unfettered access. User-mode rootkits are installed in shared libraries. Because the compromise is deep within the operation of the computer, such an attack is very difficult to detect.

Cryptojacking
Cryptojacking is when a hacker compromises a user’s computer and uses its resources to mine for cryptocurrencies. Data may not be stolen, but server resources and bandwidth are abused without the user’s knowledge.

Internet of Things (IOT) Attacks
With the proliferation of devices connected to the internet at home and at businesses, hackers are targeting these IoT devices (think doorbells, security cameras, smart thermostats, medical devices…etc.), many of which are less secure than your desktop or laptop. This is a new type of attack that is evolving.

Final Thoughts
As things evolve in the Cybersecurity space, devious techniques based on methods listed in the blog, and new types of attacks are always evolving. I’m sure I missed some techniques on this list. In any case, it is important to have some knowledge of the types of attacks that the security experts are seeing, so that you can take preventative measures to not become a victim to such malicious activities and also plan for resiliency in the event that you do get hacked.

Visit our website to learn more about Cybersecurity solutions offered at Everleap.

Rate this article
   

No responses yet

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.



oui décor