Understanding the cyber threat landscape, what a cyber-attack is, and how your organization may be vulnerable to attacks is the first step toward prevention. While there are many different types of attacks, some of them are more commonly used than others and have proven to be more dangerous.
In this two-part blog post, we will look at the most common types of cybersecurity attacks, what they do, and how attackers execute them.
What is a cyber-attack?
A cyber-attack is a deliberate attempt by a malicious party to gain unauthorized access to a computer system, network, IT infrastructure, or device with the intention of accessing, stealing, modifying, controlling, or destroying information or system resources.
Cyber-attacks and cyberwar are motivated by different reasons, with the most prominent factors being spectacularity, vulnerability, and fear.
Spectacularity refers to the impact or harm that an attack can cause - such as reputational or material damages. Vulnerability refers to the ease with which an attack can be executed due to outdated systems or weak cyber security. Fear refers to the fear that an attacker can instill in their victims and force them to act in specific ways.
How often are cyber-attacks launched?
The number of cyber-attacks varies from year to year but has been increasing steadily for over a decade. With the start of the COVID-19 pandemic, all types of attacks increased drastically, with some, such as encrypted threats and ransomware, increasing over 100% over the course of 2021.
This trend is expected to continue with the increase in digitalization and in systems and devices that are connected to the Internet.
What are the most common types of cyber-attacks?
There are many ways for attackers to conduct an attack. Frequently, more than one technique is utilized, based on the specifics of their target. Following is part one of our list of the most common techniques that are currently used in cyberwar.
Social engineering refers to all forms of attacks that rely on some kind of psychological manipulation to achieve their goals. Such manipulation typically seeks to force people to perform a certain action or to disclose sensitive information such as login credentials. There are many different attacks that utilize some kind of social engineering approach.
Phishing attacks attempt to trick unsuspecting users into sharing sensitive data or clicking a fraudulent link that leads to a malicious script or file being executed or downloaded on their device. These attacks are frequently conducted via emails that look like they are coming from a legitimate source and fake websites (also known as spoofing), as well as direct messages on social media.
There are several variations of phishing attacks, known as whale phishing, spear phishing, and pharming.
Whale phishing is the activity of targeting “whales”, i.e. “big fish”, within an organization who are in possession of important information and may also have greater access to systems. These individuals are also more likely to pay a ransom if they fall prey to such an attack.
While regular phishing attacks may target hundreds or thousands of users, spear phishing is the activity of targeting specific individuals or organizations. This type of attack is based on research about the target and may be harder to spot than blanket phishing attempts.
Pharming is the activity of creating a fake website, such as a login landing page that mimics one trusted by users and diverting traffic to it. It is used to capture login credentials.
Ransomware has grown immensely in popularity over the last few years due to the emergence of the ransomware-as-a-service (RaaS) model. Even though this model is fairly new, ransomware as an attack is more than 30 years old.
This type of attack is a form of malware that attackers seek to deploy on a system, typically by tricking users into downloading a file. Once there, the malware will lock access to the system and/or encrypt the data, threatening to either make it public, make it unavailable, or destroy it. This approach is also known as cryptoviral extortion which makes it largely impossible to retrieve the data without the decryption key held by attackers.
To regain access to information, victims are asked to pay a ransom. However, paying a ransom does not guarantee that data will be retrieved by the victims. This is particularly valid with the advent of digital and cryptocurrencies that make it difficult to track down attackers. As a result, even when a ransom is paid, attackers may choose to withhold access to data or request further payment.
DoS and DDoS Attack
The denial of service attack (DoS) and the distributed denial of service attack (DDoS) are both about denying access to a network or a service by flooding them with false requests. This overwhelms the bandwidth of the target, making it impossible for legitimate requests to get through and be serviced.
The final goal of these attacks is always about crashing the target system or network or simply making it unable to respond. These attacks do not lead to data or systems damage or data theft, yet they still consume time and resources and may sometimes continue for months.
DoS and DDoS attacks differ mostly in how they are executed. While DoS is typically performed through one machine, a DDoS attack uses many machines to launch the attack, making it more difficult to block. DDoS attacks are frequently launched via botnets - networks of compromised devices that are used in a synchronized manner.
These scripts are typically injected into a trusted website that a user visits for their own purposes. I.e. the website or application is vulnerable to such malicious input and does not sanitize it. When the user visits the website, the script that is hosted is automatically delivered to them along with the rest of the content from the website and runs in their web browser.
Since the source of the content, i.e. the website, is trusted this allows attackers to hijack sessions on websites in which users are logged in, steal their cookies or credentials, personal data, or even impersonate them and make requests on their behalf.
DNS tunneling has gained greater prominence over the last several years. This is due to the fact that it is relatively easy to deploy and because organizations sometimes do not monitor domain name system (DNS) traffic for malicious activity.
This allows attackers to use DNS traffic to insert malware via DNS queries. If a DNS tunneling attack is successful it provides attackers with a “tunnel” that is under the radar of a firewall. Through this channel, they can then gradually steal a victim’s data or perform command-and-control callbacks, allowing them to perform actions on the compromised device or system.
Protect your organization with MXDR
Organizations sometimes struggle with maintaining the necessary level of preparedness to be able to meet the current cybersecurity challenges. Having an in-house team is not always possible, due to skill shortages or financial considerations.
This is where Managed Extended Detection & Response (MXDR) can help ensure that your security needs are met. MXDR combines automated threat monitoring, detection, and response, with the expertise and experience of cybersecurity professionals to provide complete security coverage on endpoints and networks.
Want to know more about how MXDR can help you protect your data and systems? Get in touch and let’s discuss your cybersecurity needs!