Cyber-attacks have increased exponentially in the last few years as technology has become more advanced. It can be defined as a malicious attempt made by a person or a group of people to breach the information security of any individual or organization and their attempt is to destroy or modify important data. The most common types of cyber security attacks are as follows:
Malware includes different kinds of attacks that can lead to denial of critical access to the network. They can obtain important information and disrupt the system. The most common types of malware are
- Virus – Viruses attach themselves to the initialization sequence and keeps on replicating to infect other codes in the system.
- Trojans – This program hides inside other important programs and is used by attackers to establish a backdoor, which can be exploited.
- Worms – These are self-contained programs that are most commonly installed via email attachments. They infect the email list and send copies to every contact.
- Ransomware – These deny access to important data and threaten to publish them unless a ransom is paid.
- Spyware – These programs collect user information, browsing habits etc. and send it to a remote user. This information can be used for blackmailing purposes.
Phishing is a common form of attack through which attackers try to extract useful user information. The attackers can make phishing pages look exactly the same as web pages to gather your data. For instance, they might clone some reputed online betting webpage such as that of Betonline (Betonline sportsbook here) and try to target novice punters. Some common types of phishing attacks include:
- Whaling – Senior executives and stakeholders are targeted.
- Pharming – DNS cache is used to collect user credentials through a fake login page.
- Spear phishing – Attacks specific companies or individuals.
Man-in-the-middle (MitM) attacks involve attackers intercepting a transaction between two parties and manipulate data in between. They mostly exploit security vulnerabilities in a network and insert themselves between the visitor’s device and network. The major problem with this type of attack is that it is extremely difficult to detect it because the user thinks that the information is going to the desired destination.
Denial-of-service attacks flood the system with traffic to overload resources and bandwidth. Hence the system is unable to fulfil legitimate requests. Another similar type is attack is the distributed-denial-of-service (DDoS) attacks which are launched from infected host machines. The most common types of DOS and DDoS include teardrop attack, botnets, smurf attacks, flood attacks and ping-of-death attacks.
There has been a rise in the cyber security attacks to breach government data and the most common tool used for it is SQL Injection. Here, the attacker inserts malicious code using SQL and extract-protected information. If an SQL command uses parameters instead of values, malicious queries can be run in the backend. Secure coding practices should be followed to minimise this type of attack.
Cyber security attacks can sometimes be unavoidable despite all precautionary measures. However, it is our duty to try and keep important data safe to whatever extent possible.