With the digital transformation in general (and the expansion of the digital workplace in particular), the world has experienced increased cyber attacks in many forms and shapes. Simply put, they consist of an intentional act of using a computer to disrupt or damage a system, network, program, or data. They can happen in many ways and can be done by anyone with an internet connection.
The consequences of a cyber attack can range from minor annoyances to major disasters, depending on what was attacked and how badly it was. For instance, the damage caused by an unauthorized access to a computer with no privileges can't be compared to not having a secure service desk.
Since the first step to be prepared to face this is to be familiar with the different types of cyber attacks, we created a thorough list with the 14 most common ones, and the preventive measures you can take to save your organization a lot of headaches.
What is a cyber attack?
In more precise terms, cyber attacks are attempts to expose, steal, change or destroy sensitive data or harm a network through unauthorized access. According to CheckPoint, cyber attacks increased by 50% globally in 2021 compared to 2020.
These threats are designed to hurt companies — and sometimes even nations. The latter refers to damages caused by cyber warfare. The types of cyber attacks shown below can belong to one of these broader categories:
- Denial-of-Service Attack: Those that shut down a site by overwhelming it with traffic from multiple sources.
- Distributed Denial-of-Service Attack: When they use multiple computers to send traffic simultaneously to overwhelm the target website.
- Malware Attack: In charge of installing malware on your computer that can steal information from you or your company.
Now, let’s get more specific.
14 common types of cyber attacks
The first type of cyber attack is one that you're surely familiar with. Malware is a broad term that includes different types of malicious software, including viruses, worms, and spyware. Malware attacks exploit a vulnerability and break into the network to plant the malicious code.
Phishing refers to different scams that can trick a user into revealing credentials or any other form of confidential information. This type of cyber threat resorts to technology and social engineering to have the person disclose sensitive data that will then be used for fraudulent purposes.
The attacker might call, send an email or WhatsApp to the victim telling this person that a particular organization is contacting them to update information, and ask the person to reveal a PIN or password, for instance. Phishing is an example of social engineering.
As part of a phishing attack, the hacker might also send the victim a message with a malicious attachment or a link that redirects the person to a website that fools the user into downloading malware.
It might even be a fake website that emulates a legitimate one, such as a social media site, in which the user is asked to log in. When the victim does so, the attacker gets hold of their username and password. These last examples of phishing combine social engineering with technology (malicious code) designed to trick the person into revealing sensitive data.
3. Zero-day exploit
A zero-day exploit is a vulnerability that has not been publicly disclosed. Hackers typically exploit them before the vendor has a chance to fix them. They can be very dangerous because there is no protection until the patch is released.
Zero-day exploits can affect any company and provider, no matter how big or cautious the company is. For instance, Google reported six zero-day vulnerabilities in 2022. The company had to release emergency updates to address these inconveniences. Once those updates are released, users and organizations should install them. It is part of the patch management process.
Ransomware includes malicious code which encrypts data to make it inaccessible to the victim. This malicious program is usually used to demand the payment of a ransom to decrypt the files, folders, and systems held captive by the attacker.
In this kind of cyber attack, the victim downloads (without knowing it) the malicious code from a website or an attached file. Then, the malicious software exploits a vulnerability in the system and encrypts the information.
5. Password attack
In this type of attack, cybercriminals get hold of the victim's passwords. It can happen in various ways. For instance, in a brute force password attack, the hacker tries different combinations until it gets the key. The job is more accessible when the victim uses words such as “password” or combinations such as “12345” instead of a password manager.
The attacker can resort to automated password-guessing software to try every possible combination in the dictionary and thus guess the password. It’s known as a dictionary attack.
Another type of password attack is when a user falls into a trap and writes their credentials on a fake website; or even provides passwords by phone or message to a cybercriminal who pretends to be part of a bank, company, or some other organization. This is a password attack done through phishing.
Sometimes criminals try username and password combinations obtained on the dark web. These are lists of compromised data that derive from leakages or attacks.
6. DoS and DDoS attacks
A Denial of Service (DoS) attack is meant to crash a network by flooding it with traffic. The site receives many requests, and the resources get overwhelmed. Consequently, the website cannot respond, shutdowns and becomes inaccessible to users.
A Distributed Denial of Service (DDoS) attack is a DoS attack that uses multiple machines to flood the targeted network. This attack employs various remote devices, bots, or zombies, allowing the attacker to send vast amounts of traffic from different locations simultaneously. The server is overloaded more rapidly than in a regular DoS attack.
7. DNS Spoofing
Domain Name Server (DNS) spoofing is a cyber attack that alters DNS to redirect online traffic to a fake website that emulates a legitimate one. In this type of cyber attack, the victim introduces their username and password to log in, thus giving this data to hackers.
8. MitM or Man-in-the-middle attacks
In a Man in the Middle Attack (MitM) attack, the attacker secretly intercepts and may even alter the communications between two people. The attacker gets between these two people, and that's why it's called “man in the middle.”
The attacker might perform a MitM by intercepting communication held through an unencrypted Wi-Fi access point. The people having the conversation don't know that the attacker is eavesdropping or modifying the information they are sharing.
9. Trojan horses attack
A trojan horse attack resorts to malware that hides inside a bona fide file or application to trick the user. Trojans are designed to inflict different types of damage to the network, and various types depend on the action they are meant to perform.
More often than not, they are used to establish a backdoor into the network. This way, the attacker can steal sensitive data or install other malware into the system. Unlike a virus, a trojan doesn't replicate itself.
10. SQL injection attack
A Structured Query Language (SQL) injection or SQL injection is a cybersecurity threat that targets sites that use databases to serve users. The attacker gets unauthorized access to a web application database by adding a string of malicious code to a database query. This SQL code manipulation allows the attacker to obtain confidential, sensitive data, such as credit card information.
11. Cross-site scripting
12. Birthday attack
A birthday attack is a type of cryptographic attack in which the cybercriminal targets hash algorithms — which are digital signatures meant to verify the authenticity of communications. If a criminal creates a hash identical to the one sent, the hacker can replace the original message with his, and the receiving party will get it without suspecting the content has been altered.
This type of brute force cyber attack exploits the mathematics behind the birthday paradox in a probability theory. The birthday paradox says that in a random group of 23 people, there is a 50% chance that two of them will have the same birthday.
Rootkits refer to a group of software tools that allow criminals to get unauthorized access to a system without being detected. A rootkit hides malicious programs that reach into devices through spam or other ways. When the rootkit is activated, a backdoor is set up, and criminals might install other forms of malware such as ransomware or trojans.
14. Insider threat
The last type of cyber attack refers to persons who work within an organization that will use their authorized access or knowledge about the entity to launch an attack. The insider threat attack may result in data harm and loss and affect the company's reputation.
How to prevent cyber attacks
The first step to preventing cyber attacks is to create a cybersecurity culture in your organization. This means educating everyone in the company about cyber security risks and how to protect themselves. No matter how strong your organization's security policies are, employees need to take precautions and be aware of the different tramps and scams they might be exposed to, such as the ones used in phishing.
In this sense, red teams are an excellent way to prepare everyone in the company. Remember that red teams look for vulnerabilities or cybersecurity holes in the system by simulating a cyberattack. This helps identify what needs to be improved so that the organization is well-prepared to defend itself against a real-life cyber threat.
The following are some general recommendations that everyone in your organization should consider to prevent cyber attacks.
1. Use complex passwords
Passwords should be eight characters long and combine numbers, letters, symbols, and cases. You shouldn't use the same passwords in all your accounts; they should be changed every time. Since remembering so many different passwords could be a real mess, you could resort to password generators.
2. Enable multi-factor authentication
Passwords are only the first layer of protection and can be easily attacked and deciphered. You should also enable multi-factor authentication on all your accounts with an authenticator app or a physical security key. Using SMS is not recommended because attackers might intercept this information.
3. Be cautious
Phishing attacks can take different forms: emails, texts, calls, etc. Avoid providing personal details or any sensitive data through these means of communication. Don't download attachments or get inside links you receive by mail, texts, or messaging apps. Double-checking with the sender if they have sent that information is preferable. Call them to ensure it is genuine if the message supposedly comes from a bank or any other entity. Or write the URL address directly on the address bar. It is preferable to do this to check that you are entering the official website and not some fake page that emulates the original one.
4. Install OS and software updates
Updates include patches that solve vulnerabilities that have been previously reported and solved. Cybercriminals use software and OS that are not updated to launch their attacks. Make sure every device used in the network complies with this policy. Some employees will use their phones, tablets, or even laptops in the company. Thus, it is crucial to ensure those devices connected to the company's network are also updated. Otherwise, they might compromise the organization's software and data.
5. Use a VPN when using public Wi-Fi
Public Wi-Fi can be easily hacked to stage a MitM attack. The best way to protect your communication in this context is to use a Virtual Private Network (VPN).
6. Be aware of your online footprint
Try to avoid oversharing personal information on social media and other online sites. Whatever you do and say online is part of your online footprint. And all that information can be used by criminals to carry out social engineering attacks.
3 extra tips for the IT Cybersecurity Department
1. Use a firewall and antivirus software with malware protection
This is a first and basic layer of protection that might prevent attackers from installing certain types of malware or viruses on the organization's device even if someone accidentally connects a USB with malicious code, clicks on a link, or downloads an attachment that poses any type of risk. In this sense, vulnerability scanning tools can help you to regularly assess threats and plug up any openings that could leak or distribute important customer data.
2. Back up information
Make sure you back up all data so that if some information gets robbed or lost during an attack, there is a way to recover it.
3. Longer hashes
We recommend using longer hashes for verification to prevent birthday attacks. Each extra digit added to the hash adds a layer of protection as it decreases the possibilities of generating the same one.
To protect your organization from an SQL injection attack, it is essential to resort to the least-privileged model. Only those who need to access critical databases will be allowed access to that information.
A cyber attack could result in data breaches and damage devices and software. This implies high costs for companies in terms of money and reputation. With the advance of digitalization, attacks have increased, and it is more important than ever to take precautions and avoid being victims of hackers.
There are various types of cyber attacks. Some take advantage of network or device vulnerabilities, and others deceive users by manipulating their minds. The last resort to social engineering techniques like the ones used in phishing. In these cases, criminals use different methods to have the person reveal their credentials and other sensitive data.
The most important way of protecting your organization from cyber attacks is to have a firm cybersecurity policy and create a cybersecurity culture. This last aspect will help everyone learn how to defend themselves: updating software, enabling multi-factor authentication, and being cautious with calls, emails, or messages they receive that could be part of scams.
Frequently Asked Questions
How to protect yourself from a cyberattack?
- Have strong security policies.
- Create a cyber security culture in your organization.
- Use strong passwords and enable multi-factor authentication.
- Install OS and software updates.
- Avoid oversharing personal information on social media.
- Don't download or click on links you get from suspicious emails, apps, or text messages.
Why do cyber attackers commonly use social engineering attacks?
It is usually easier to scam people and get them to provide sensitive data than to find a network vulnerability.
How do cyber attacks happen?
There are two significant ways cyber attacks happen: 1) hackers identify a vulnerability or security hole in the system and exploit them; 2) cyber criminals deceive users and get them to share confidential information that will help them get into the network and launch different cyber attacks.
What to do during a cyber attack?
Once the cyber attack has been confirmed, contact the Security IT department so they can monitor the breach and find out what information has been compromised. Monitor your accounts, change your login credentials, and report the situation to the corresponding authorities.
How does a cyber attack work?
In most cases, these are the main stages of cyber attacks:
- Reconnaissance - Getting information about the target network to identify vulnerabilities and security holes.
- Weaponization - creating or adapting malware to the vulnerabilities reached in the organization to be attacked.
- Delivery - Sending the malware (weapon) to the target via USB, mail, or other means.
- Exploitation - Exploiting a vulnerability that executes code in the system.
- Command and control - Getting continued access to the target to control it and manipulate it remotely.
- Actions on objectives - Taking steps to achieve the goals such as data destruction, encryption, or exfiltration.