A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer code, logic or data and lead to cybercrimes, such as information and identity theft. We are living in a digital era. Now a day, most of the people use computer and internet. Due to the dependency on digital things, the illegal computer activity is growing and changing like any type of crime. Cyber-attacks can be classified into the following categories:
These are the attacks which occur on a website or web applications. Some of the important web-based attacks are as follows –
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS resolver’s cache causing the name server to return an incorrect IP address, diverting traffic to the attacker?s computer or any other computer. The DNS spoofing attacks can go on for a long period of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create cookies to store the state and user sessions. By stealing the cookies, an attacker can have access to all of the user data.
Phishing is a type of attack which attempts to steal sensitive information like user login credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number of guesses and validates them to obtain actual data like user password and personal identification number. This attack may be used by criminals to crack encrypted data, or by security, analysts to test an organization’s network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It accomplishes this by flooding the target with traffic or sending it information that triggers a crash. It uses the single system and single internet connection to attack a server. It can be classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured in bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a web server to deliver web pages for which he is not authorized to browse.
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is available on the web server or to execute malicious files on the web server by making use of the include functionality.
10. Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and server and acts as a bridge between them. Due to this, an attacker will be able to read, insert and modify the data in the intercepted connection.
These are the attacks which are intended to compromise a computer or a computer network. Some of the important system-based attacks are as follows-
It is a type of malicious software program that spread throughout the computer files without the knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed. It can also execute instructions that cause harm to the system.
It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It works same as the computer virus. Worms often originate from email attachments that appear to be from trusted senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even when the computer should be idle. It misleads the user of its true intent. It appears to be a normal application but when opened/executed some malicious code will run in the background.
It is a method that bypasses the normal authentication process. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes.
A bot (short for “robot”) is an automated process that interacts with other network services. Some bots program run automatically, while others only execute commands when they receive specific input. Common examples of bots program are the crawler, chatroom bots, and malicious bots.
6. DoS and DDoS Attacks
A denial-of-service (DoS) attack is designed to overwhelm the resources of a system to the point where it is unable to reply to legitimate service requests. A distributed denial-of-service (DDoS) attack is similar in that it also seeks to drain the resources of a system. A DDoS attack is initiated by a vast array of malware-infected host machines controlled by the attacker. These are referred to as “denial of service” attacks because the victim site is unable to provide service to those who want to access it. With a DoS attack, the target site gets flooded with illegitimate requests. Because the site has to respond to each request, its resources get consumed by all the responses. This makes it impossible for the site to serve users as it normally does and often results in a complete shutdown of the site.
DoS and DDoS attacks are different from other types of cyber attacks that enable the hacker to either obtain access to a system or increase the access they currently have. With these types of attacks, the attacker directly benefits from their efforts. With DoS and DDoS network attacks, on the other hand, the objective is simply to interrupt the effectiveness of the target’s service. If the attacker is hired by a business competitor, they may benefit financially from their efforts.
A DoS attack can also be used to create vulnerability for another type of attack. With a successful DoS or DDoS attack, the system often has to come offline, which can leave it vulnerable to other types of attacks. One common way to prevent DoS attacks is to use a firewall that detects whether requests sent to your site are legitimate. Imposter requests can then be discarded, allowing normal traffic to flow without interruption. An example of a major internet attack of this kind occurred in February 2020 to Amazon Web Services (AWS).
7. MITM Attacks
Man-in-the-middle (MITM) types of cyber attacks refer to breaches in cybersecurity that make it possible for an attacker to eavesdrop on the data sent back and forth between two people, networks, or computers. It is called a “man in the middle” attack because the attacker positions themselves in the “middle” or between the two parties trying to communicate. In effect, the attacker is spying on the interaction between the two parties.
In a MITM attack, the two parties involved feel like they are communicating as they normally do. What they do not know is that the person actually sending the message illicitly modifies or accesses the message before it reaches its destination. Some ways to protect yourself and your organization from MITM attacks is by using strong encryption on access points or to use a virtual private network (VPN).
A phishing attack occurs when a malicious actor sends emails that seem to be coming from trusted, legitimate sources in an attempt to grab sensitive information from the target. Phishing attacks combine social engineering and technology and are so-called because the attacker is, in effect, “fishing” for access to a forbidden area by using the “bait” of a seemingly trustworthy sender. To execute the attack, the bad actor may send a link that brings you to a website that then fools you into downloading malware such as viruses, or giving the attacker your private information. In many cases, the target may not realize they have been compromised, which allows the attacker to go after others in the same organization without anyone suspecting malicious activity.
You can prevent phishing attacks from achieving their objectives by thinking carefully about the kinds of emails you open and the links you click on. Pay close attention to email headers, and do not click on anything that looks suspicious. Check the parameters for “Reply-to” and “Return-path.” They need to connect to the same domain presented in the email.
9. Whale-phishing Attacks
A whale-phishing attack is so-named because it goes after the “big fish” or whales of an organization, which typically include those in the C-suite or others in charge of the organization. These individuals are likely to possess information that can be valuable to attackers, such as proprietary information about the business or its operations. If a targeted “whale” downloads ransomware, they are more likely to pay the ransom to prevent news of the successful attack from getting out and damaging their reputation or that of the organization. Whale-phishing attacks can be prevented by taking the same kinds of precautions to avoid phishing attacks, such as carefully examining emails and the attachments and links that come with them, keeping an eye out for suspicious destinations or parameters.
10. Spear-phishing Attacks
Spear phishing refers to a specific type of targeted phishing attack. The attacker takes the time to research their intended targets and then write messages the target is likely to find personally relevant. These types of attacks are aptly called “spear” phishing because of the way the attacker hones in on one specific target. The message will seem legitimate, which is why it can be difficult to spot a spear-phishing attack.
Often, a spear-phishing attack uses email spoofing, where the information inside the “From” portion of the email is faked, making it look like the email is coming from a different sender. This can be someone the target trusts, like an individual within their social network, a close friend, or a business partner. Attackers may also use website cloning to make the communication seem legitimate. With website cloning, the attacker copies a legitimate website to lull the victim into a sense of comfort. The target, thinking the website is real, then feels comfortable entering their private information. Similar to regular phishing attacks, spear-phishing-attacks can be prevented by carefully checking the details in all fields of an email and making sure users do not click on any link whose destination cannot be verified as legitimate.
With ransomware, the victim’s system is held hostage until they agree to pay a ransom to the attacker. After the payment has been sent, the attacker then provides instructions regarding how the target can regain control of their computer. The name “ransomware” is appropriate because the malware demands a ransom from the victim. In a ransomware attack, the target downloads ransomware, either from a website or from within an email attachment. The malware is written to exploit vulnerabilities that have not been addressed by either the system’s manufacturer or the IT team. The ransomware then encrypts the target’s workstation. At times, ransomware can be used to attack multiple parties by denying access to either several computers or a central server essential to business operations. Affecting multiple computers is often accomplished by not initiating systems captivation until days or even weeks after the malware’s initial penetration. The malware can send AUTORUN files that go from one system to another via the internal network or Universal Serial Bus (USB) drives that connect to multiple computers. Then, when the attacker initiates the encryption, it works on all the infected systems simultaneously.
In some cases, ransomware authors design the code to evade traditional antivirus software. It is therefore important for users to remain vigilant regarding which sites they visit and which links they click. You can also prevent many ransomware attacks by using a next-generation firewall (NGFW) that can perform deep data packet inspections using artificial intelligence (AI) that looks for the characteristics of ransomware.
11. Password Attack
Passwords are the access verification tool of choice for most people, so figuring out a target’s password is an attractive proposition for a hacker. This can be done using a few different methods. Often, people keep copies of their passwords on pieces of paper or sticky notes around or on their desks. An attacker can either find the password themselves or pay someone on the inside to get it for them. An attacker may also try to intercept network transmissions to grab passwords not encrypted by the network. They can also use social engineering, which convinces the target to input their password to solve a seemingly “important” problem. In other cases, the attacker can simply guess the user’s password, particularly if they use a default password or one that is easy to remember such as “1234567.”
Attackers also often use brute-force methods to guess passwords. A brute-force password hack uses basic information about the individual or their job title to try to guess their password. For example, their name, birthdate, anniversary, or other personal but easy-to-discover details can be used in different combinations to decipher their password. Information that users put on social media can also be leveraged in a brute-force password hack. What the individual does for fun, specific hobbies, names of pets, or names of children are sometimes used to form passwords, making them relatively easy to guess for brute-force attackers. A hacker can also use a dictionary attack to ascertain a user’s password. A dictionary attack is a technique that uses common words and phrases, such as those listed in a dictionary, to try and guess the target’s password. One effective method of preventing brute-force and dictionary password attacks is to set up a lock-out policy. This locks out access to devices, websites, or applications automatically after a certain number of failed attempts. With a lock-out policy, the attacker only has a few tries before they get banned from access. If you have a lockout policy in place already and discover that your account has been locked out because of too many login attempts, it is wise to change your password.
If an attacker systematically uses a brute-force or dictionary attack to guess your password, they may take note of the passwords that did not work. For example, if your password is your last name followed by your year of birth and the hacker tries putting your birth year before your last name on the final attempt, they may get it right on the next try.
12. SQL Injection Attack
Structured Query Language (SQL) injection is a common method of taking advantage of websites that depend on databases to serve their users. Clients are computers that get information from servers, and an SQL attack uses an SQL query sent from the client to a database on the server. The command is inserted, or “injected”, into a data plane in place of something else that normally goes there, such as a password or login. The server that holds the database then runs the command and the system is penetrated. If an SQL injection succeeds, several things can happen, including the release of sensitive data or the modification or deletion of important data. Also, an attacker can execute administrator operations like a shutdown command, which can interrupt the function of the database. To shield yourself from an SQL injection attack, take advantage of the least-privileged model. With least-privileged architecture, only those who absolutely need to access key databases are allowed in. Even if a user has power or influence within the organization, they may not be allowed to access specific areas of the network if their job does not depend on it.
For example, the CEO can be kept from accessing areas of the network even if they have the right to know what is inside. Applying a least-privileged policy can prevent not just bad actors from accessing sensitive areas but also those who mean well but accidentally leave their login credentials vulnerable to attackers or leave their workstations running while away from their computers.
13. URL Interpretation
With URL interpretation, attackers alter and fabricate certain URL addresses and use them to gain access to the target’s personal and professional data. This kind of attack is also referred to as URL poisoning. The name “URL interpretation” comes from the fact that the attacker knows the order in which a web-page’s URL information needs to be entered. The attacker then “interprets” this syntax, using it to figure out how to get into areas they do not have access to. To execute a URL interpretation attack, a hacker may guess URLs they can use to gain administrator privileges to a site or to access the site’s back end to get into a user’s account. Once they get to the page they want, they can manipulate the site itself or gain access to sensitive information about the people who use it.
For example, if a hacker attempts to get into the admin section of a site called GetYourKnowledgeOn.com, they may type in http://getyourknowledgeon.com/admin, and this will bring them to an admin login page. In some cases, the admin username and password may be the default “admin” and “admin” or very easy to guess. An attacker may also have already figured out the admin’s password or narrowed it down to a few possibilities. The attacker then tries each one, gains access, and can manipulate, steal, or delete data at will. To prevent URL interpretation attacks from succeeding, use secure authentication methods for any sensitive areas of your site. This may necessitate multi-factor authentication (MFA) or secure passwords consisting of seemingly random characters.
14. DNS Spoofing
With Domain Name System (DNS) spoofing, a hacker alters DNS records to send traffic to a fake or “spoofed” website. Once on the fraudulent site, the victim may enter sensitive information that can be used or sold by the hacker. The hacker may also construct a poor-quality site with derogatory or inflammatory content to make a competitor company look bad. In a DNS spoofing attack, the attacker takes advantage of the fact that the user thinks the site they are visiting is legitimate. This gives the attacker the ability to commit crimes in the name of an innocent company, at least from the perspective of the visitor. To prevent DNS spoofing, make sure your DNS servers are kept up-to-date. Attackers aim to exploit vulnerabilities in DNS servers, and the most recent software versions often contain fixes that close known vulnerabilities.