A cyberattack can mean many things, but in most cases, it’s a term used to describe when an individual attempts to gain unauthorized access to another computer or network system. This is done for the purpose of either extortion, theft, disruption or some other nefarious means.
Research has shown that a significant portion of security issues are the result of insiders, whether the result of malice or negligence. However, for this article, we will be addressing things, mostly from the perspective, that the cyberattack was not carried out by someone within an organisation.
There are many different methods and techniques that a hacker can use to gain authorised access to a system, however, in most cases, you’ll find that such individuals have habits, such as attack methods they lean most towards. Below we outline the most common of these cyber-attacks.
1. Man-in-the-middle Attack (MITM)
A MITM or man-in-the-middle attack is when a hacker is able to intercept communication data between two or more parties, which is then used to either steal personal credentials and data, alter the information that is sent between the different parties or simply to just spy.
MITM attacks have become less common over the years. This is because more and more websites, chat and email services now use end-to-end encryption as standard. This makes it increasingly difficult for hackers to intercept and tamper with the data sent across a network. This means hackers, irrespective of whether a network is secure or not, are unable to decipher the data that is sent to and from said network.
2. Ransomware
Ransomware is as the name states. It’s malware that is designed to restrict access to the files and folders of a system. Hackers will typically demand a ransom in order to regain access to their restricted data. The ransomware may function very similar to a form of encryption, in that the data is encoded, making it inaccessible to the end user until a ransom is paid, and the data is decrypted, making it accessible again. The main motivation of these kinds of attacks is almost exclusively financial. This is quite different to the many other attacks out there.
These kinds of ransomware viruses are usually spread through infected applications, attachments in unsolicited emails, compromised websites and infected UBS sticks. Once an end user falls prey, they are usually notified via an exploit created by the virus itself.
3. Drive-by Attack
Computer hackers use drive-by download attacks quite often, as they have proven to be one of the most effective ways of spreading malware. A hacker will look for a website that is insecure, one that they can plant their malicious code into, which could be PHP or HTTP code, on a specific page. This script could do a number of things, such as redirect the user to a website that is controlled by the computer hacker or install a virus onto the target machine, the moment they open the web page.
These drive-by download attacks happen in two different circumstances, either during an unsolicited pop-up ad or while viewing an email. What sets drive-by download attacks a part from other cyber security attacks is that the end user isn’t required to do anything in order for an attack to be successful. They do not have to open a specific attachment in an email or click on a download button for their system to be infected. Drive-by download attacks are designed specifically to take advantage of a web browser, application or operating system security flaw – the result of lack of updates or unsuccessful updates in the past.
In order to sufficiently protect your system from such attacks, you need to ensure that both your web browser and operating system are kept up-to-date with the latest security updates and pages. You also want to avoid suspicious websites, as they could contain malicious code. It’s always best to visit websites that you are most familiar with, although you should never rule out the possibility that those websites could also become compromised in the future. The more plug-ins your web browser has, the more points of entry and possible vulnerabilities for these drive-by attacks to exploit.
4. Password Attack
Password attacks are probably the most self-explanatory, they are essentially cyber-attacks where the hacker attempts to crack an individual’s password. There are tons of different ways that they can do this. But we won’t be covering all of them, only the methods you’re most likely to fall victim to.
A quick break down of these kinds of attacks includes dictionary attacks, credential stuffing, brute-force attack, password spraying, rainbow table attack and keylogger attacks. Additionally, hackers may also try to use phishing scams in order to illegally obtain your username and password.
5. Botnet
Attackers like to target the most vulnerable machines, which means they will go after the system that is not protected with antivirus software and/or a firewall.
Botnet manipulators are designed to gain access to a system using several different methods, however, in most cases, it will do this through a worm or viruses.
Botnets are increasingly important nowadays as more and more hackers use them to carry out their illegal activities online. Essentially, they are the go-to for first time and veteran hackers.
A hacker may use a botnet for a wide range of attack types, this may include a denial-of-service attack. Other computer hackers may use a botnet simply to spam unsuspecting victims or to send out phishing scams. These phishing scams are used for a wide range of other attacks such as identify threat, password threat, etc.
A botnet is essentially a wide network of systems that have been compromised by computer hackers, which are then used to carry out attacks, like the denial-of-services attack I previously touched on. The various bots in the botnet are given distinct tasks, such as sending out emails, with other botnets, uploading viruses, or stealing confidential – essentially, the tasks are endless. It’s not impossible for an antivirus scanner to miss one of these botnets. Especially for the cheaper scanners. For this reason, it’s important that you not only go with an efficient scanner but also an antimalware scanner. As this will minimise the chance of your system failing prey to these kinds of attacks.
–AUTHOR INFO—
Uchenna Ani-Okoye is a former IT Manager who now runs his own computer support website
http://compuchenna.co.uk
0 Comments