Damaging cyber attacks are a rising concern as organizations increasingly rely on digital technology for managing sensitive data and running core business operations. While technology can increase business efficiency, without security measures in place, a digital-first approach can end up introducing vulnerabilities and putting data at risk.
In this article, we will discuss the main types of cyber attacks you should be aware of today as well as a ways to protect against attacks, and the top tool features you should look for if you’re choosing a security solution.
What Is a Cyber Attack?
Cyber attacks are malicious actions carried out with the aim of accessing or damaging data or otherwise disrupting digital operations. An attacker may seek to may steal sensitive information, access financial accounts, or block a company’s access to its own files.
Who carries out cyber attacks? Various actors may be responsible for hacks, whether it’s individual hackers, criminal organizations, or disgruntled employees. It’s impossible to predict where an attack may come from or when it will occur.
High-profile hacking events in recent years have shown the critical importance of taking preventative measures. From government offices and hospitals to hotels and credit bureaus, many types of workplaces have sensitive data needing protection. When customer data is stolen, it tends to make the news and have a damaging impact on how the public views the company.
What are the damaging effects of cyberattacks? Of course, sensitive data loss or manipulation is inherently damaging. Hacks can also lead to financial loss. Organizations may have to contend with the loss of customer trust and damage to their reputation, especially if customer data has been stolen in the attack. And if the company is shown to be negligent in protecting against attacks, regulatory bodies may fine them for non-compliance and the company may open itself up to legal action.
8 Common Types of Cyber Attacks
There are many ways that a hacker can infiltrate your network or IT system. But in most cases, hackers aren’t trying to invent a new method. They are likely to take advantage of existing means for exploiting your system’s weaknesses.
If you understand what typical cyber attacks might entail, you can better prepare and be proactive in defending against threats. The following is an extensive list of the most common types of attacks you are likely to encounter. As you go through the article, take note of suggestions for how to protect against some of these attacks.. For more extensive protection you will want to consider investing in software designed to improve security.
Put simply, malware, an abbreviation of “malicious software,” allies to a range of malicious programs, such as viruses and trojans. These codes or files are designed to infect systems or networks, gain access to your sensitive data, and otherwise wreak havoc in whatever way the attacker intended.
Malware’s destructive impact can take various forms. Some types create ongoing network access, while others might allow the hacker to obtain valuable data, like credentials, on a one-time basis. Others aim to simply disrupt IT operations, bringing business grinding to a halt.
Ransomware is one of the most well-known forms of malware. Ransomware’s purpose is to encrypt a victim’s important data rendering it inaccessible. The information is held for ransom forcing the victim to pay a sizable fee to obtain the decryption key — although there is no guarantee the hacker will provide the key upon payment. In the last couple years, continuing to hold a victim’s data for ransom after the initial payment has become common.
Spyware is a kind of malware that gathers information about users, such as visited websites, downloads, emails sent, and even passwords or payment data. Spyware is designed to evade detection — it can sneak its way into your operating systems without your knowledge and can piggyback on what appears to be a seemingly legitimate software download. Then it runs in the background, collecting data and monitoring what users do.
Trojans are either malware pretending to be a legitimate program or a harmless program used to deliver dangerous malware under the radar. A worm is a type of Trojan malware built to self-replicate independently of human activity. Once launched, it can propagate automatically across networks through a variety of means, such as file sharing, messaging platforms, emails, and more.
Adware is malware that displays banners and advertisements as pop-up windows in a program’s user interface. Adware is typically introduced through a security vulnerability, such as through a software download containing adware. The goal is to get users to engage with the ads, which makes money for the distributors. Adware is not always malicious, but users should look out for signs their device has been infected with malicious adware, including unusual advertisement placement, new plugins or unwanted applications, redirected web searches, and slow or crashing web browsers.
Preventing malware from taking over your IT environment is not simple, as it requires a multi-faceted approach, making use of a variety of tactics. Off the top, a few key cybersecurity measures you need to take include:
- Be sure you train employees to identify potentially malicious emails, websites, and links.
- Implement strong password policies including multi-factor authentication.
- Keep software updated and implement patches right away.
- Assign permissions using the principle of least privileges, where accounts are limited in their data access to only the necessary files and systems.
- Implement network monitoring to stay on the lookout for suspicious traffic, files, or performance slowdowns.
- Ensure you have high-quality anti-malware software installed.
Cross-site Scripting (XSS) Attacks
Cross-site scripting or XSS take advantage of security vulnerabilities in web applications. Cross-site scripting attacks are used to infect visitors to a site. The attacker “injects” the malicious script into a website otherwise considered trustworthy. The attack may start when the victim clicks on a malicious link, which then executes the harmful code on the user’s system. This allows the hacker to steal data or user insights, whether user keystrokes or cookie information from a user. It can also direct the user to a malicious site or crash the browser.
With cross-site scripting (XSS), attackers take advantage of vulnerabilities in web applications to misrepresent the site. Their victims interact with these illegitimate pages, unwittingly clicking on a malicious script or entering their login credentials.
There are many creative methods used in an XXS attack. For instance, an attacker could publish a hidden malicious script in a comments section on a webpage. When users visit the page, this script may then infect the user’s device, steal their credentials or cookies, or redirect them to a malicious site.
There are a few different types of cross-site scripting, including stored, reflected, and DOM-based XSS. Stored XSS occurs when the code is stored within a database and it launches when a data request occurs. Reflected XXS is when the web app sends the attack to the victim’s browser. DOM-based XSS is when the malicious code is within a response, such as a malicious URL link, allowing the attacker to steal the user’s session information.
At minimum to help prevent XXS, a web application needs sufficient validation, encoding, and input sanitization.
A drive-by or drive-by-download attack occurs when a victim’s website visit infects their device with damaging malware, without their consent. To set up this hack, the attacker may control or compromise a website otherwise appearing legitimate or embed the malware in on-page banners or ads. If a website has vulnerabilities, such as due to a lack of updates, it’s all too easy for the hacker to seize the opportunity.
Unfortunately, it’s difficult to protect against drive-by attacks because they can occur even if the user doesn’t click on anything. The hacker may be launching the attack for one of several reasons, with the intention to hijack the user’s device for a botnet, spy on the user’s activity, steal credentials or data, or simply disable the device or destroy its data.
Distributed Denial-of-Service (DDoS) Attack
DDoS attacks have become more sophisticated and damaging, increasing in frequency and becoming a real threat to business operations.
DDoS attacks occur when hundreds or thousands of computers participate in a botnet, remotely incapacitating an online service or website. Cybercriminals tend to target edge networking devices like routers and switches, overwhelming the devices providing bandwidth for the network.
DDoS attacks don’t allow the attacker to access the target. They are intended to sabotage the target or potentially divert attention from IT security while other attacks occur. The aim of DDoS attacks is to manipulate normal network services and protocols. The target organization is flooded with HTTP requests and disruptive traffic, leading to its services being interrupted. While this is happening, legitimate users can’t achieve access.
A DDoS attack differs from a DoS attack. For one, typical firewalls can typically detect and protect against DoS attacks. But a DDoS attack bombards the target to such an extent that it’s harder to guard against.
You can take steps to prevent a DDoS attack, including the following:
- Traffic analysis and monitoring helps identify malicious traffic and look out for unusual network slowdowns.
- Using a sophisticated intrusion prevention system (IPS) can provide network admins with real-time insights so you have visibility into traffic blips and network performance problems.
- You may want to set up server failover in case of an attack, as well as server backup and recovery in case an attack occurs so that you can get back online more quickly and avoid business disruptions.
A password attack is when a hacker steals a user’s password for nefarious purposes. Password attacks are one of the most common types of hacks, especially in corporate business settings. This is partly because passwords are often poorly designed or not kept secure. It’s also because login credentials are powerful, as they provide access verification to user data and all manner of sensitive business information.
Hackers are creative in how they seek to steal passwords, which has led to a proliferation of attack types that may use social engineering, guessing, and brute-force methods.
In general, there are steps individuals and businesses can take to strengthen password policies and lower the risk of an attack. Strong policies include the following:
- Use multi-factor authentication (MFA) whenever possible
- Use alphanumeric passwords containing special characters
- Don’t reuse the same password for multiple logins
- Update passwords regularly
Beyond that, admins should have a proactive solution for handling login credentials across an organization. Utilizing a tool, such as SolarWinds® Access Rights Manager (ARM), helps admins manage users at scale and assign permissions based on the least-privilege principle for greater security. It can also make it easier to automatically monitor suspicious login attempts and perform automated responses when anomalies occur.
There are a few common types of password attacks admins should be aware of and protect against.
Phishing is all about social engineering, and today, social engineering can be highly creative and sophisticated. Phishing is highly common and easy for hackers to implement. Typically, the initial goal is to get an end user to click on a link within an email. And when the hacker is sending the email to many people, the odds are someone will fall for the scam. Ultimately, phishing attacks aim to trick victims into handing over valuable information, whether in the form of credit card information, passwords, or even intellectual property.
The emails appear to come from legitimate sources. The message may appear to be from a bank, the government, a boss, or another trusted contact. Once the unsuspecting victim clicks on the link, they may be taken to a website that fools them into downloading a virus or sharing private data. Many times, the target may not even realize they have been the victim of an attack, even after the hack has taken place.
To some extent, preventing phishing attacks depends on businesses providing security training for employees and individuals taking responsibility for their actions. Employees need training in how to identify suspicious emails and links, and they should be careful in where they enter their information and the sites where they download files. They must look out carefully for anomalies in email headers and discrepancies in email domains, format, and even spelling that could indicate a problem.
Another version of phishing is “spear phishing,” where attackers send carefully designed messages to people who have special privileges, whether that’s network administrators, business executives, or other employees with special access to valuable information. These messages will often leverage information the hacker could figure out about the target, which is a reason to be careful about what kind of information you share online. The messages will often have a note of urgency, ask for immediate funds for an apparently legitimate reason, or impersonate a trusted business contact.
Business Email Compromise (BEC)
A BEC attack is a version of a phishing attack that can be particularly damaging to a company in terms of its finances. In a BEC attack, the bad actor targets a specific business person, such as an employee who is authorized to handle financial transactions. The goal typically is to trick this person into unknowingly transferring business funds into an account that is controlled by the attacker. Once the funds are sent, there is little recourse for recovering them.
The bad actor plans and research in order to launch a successful attack. They use information about the target organization, noting the names of the executives, customers, and business partners. Detailed information helps the attacker trick the employee into sending the funds.
Security awareness training is critical for preventing BEC. All employees and especially those with access to funds should be trained to keep an eye out for suspicious emails.
Man-in-the-middle (MITM) Attack
A man-in-the-middle attack, a form of eavesdropping attack, is where an attacker interrupts or intercepts communication or data transfer between two parties. While in the middle of the transfer, the hacker pretends to be both participants, allowing them to spy on both parties, steal data or credentials, or share malicious links that cause additional damage. They can actually modify existing messages before they are sent to the recipient.
MITM attacks are less common these days. Typically, email and chat applications have end-to-end encryption that prevents third-party actors from tampering, even if the network in general is not particularly secure. A virtual private network (VPN) can help improve security for communication, especially when using a public network. In addition, individuals can look out for pop-ups, discrepancies in URLs, and invalid certificates that could signal a security problem.
Brute Force & Dictionary Attacks
Brute force attacks are a method that hackers use to guess passwords. They may use information about the individual or their job title, as well as birthdays, family members, hobbies, and other personal details, including details from social media. Dictionary attacks are a similar technique where a hacker draws on common words and phrases to attempt and guess a password.
These may seem like time-consuming options, but typically hackers deploy bots to help with the attack. Bots try out the list of credentials automatically until the hacker obtains access.
A simple way to prevent brute force and dictionary attacks is through lock-out policies that freeze an account after a certain number of unsuccessful attacks. Other forms of password security apply here. For instance, the use of random letters and numbers in a password can be more secure than a login that includes a reference to any form of personal information.
Keylogger attacks are an old form of cyber threat where hackers are able to remotely read and log the keystrokes that people make, recognizing patterns in a way that makes it possible to identify passwords, credit card numbers, website visits, and more. Keylogger technology can be spread using malware, software or hardware bugs, or even USB sticks. Surprisingly, not all keylogging is illegal — it can be used to watch employee activity, for instance. But when used with malicious intent, these attacks can be damaging to an individual or company.
Insider Threat Attack
Insider threats are a form of attack that actually originates from inside the organization. Because insiders often have access to a wide range of sensitive data, especially in small to medium businesses, they have the potential to cause severe damage to an organization. The attack may not actually be malicious — it could simply be carelessness. But unfortunately, there are bad actors who take advantage of their privileged access to compromise their organization and likely make money.
Preventing insider attacks requires a culture of security awareness at a company. Businesses can train employees to notice potential insider threats. Companies should limit the access that employees have to sensitive data, based on the least privilege principle, which restricts the data access of users according to what is truly necessary for their role. The right software solution can help with proactive account management.
SQL is a useful and common language used to manage data in many databases. SQL injection is a form of attack that targets these databases with SQL statements that cause negative effects.
In SQL databases, SQL statements query the data — statements that are typically executed by an HTML form on a website. This can be a point of vulnerability if database permissions aren’t secured, as the hacker may be able to use this HTML form to run queries that attack the database — potentially reading, modifying, or deleting data. Attackers may even be able to steal administrative rights and do additional damage, even shutting down the database altogether.
Hackers may have one or several end goals for SQL injection. They may aim to bypass authentication to steal, modify, or delete data, or they may want to gain root access to the system with malicious intent. Attackers can insert specific queries that allow them to skirt security features, causing the application to perform a malicious action.
SQL injection attacks can be prevented by sanitizing webpage inputs. Rather than allowing data to move directly from an input box to the database, it must first be validated to ensure it is not a piece of malicious code. Another option is to use an intrusion detection system that can work to detect any unauthorized network access.
DNS tunneling is a kind of attack vector designed to give hackers ongoing access to their target. The hacker inserts or “tunnels” malware into DNS queries, which are the requests sent from the client to the server. If an organization doesn’t monitor DNS traffic for malicious activity, they may miss this malicious activity,
Most traditional firewalls won’t detect DNS tunneling, so you’ll need a sophisticated tool that is able to block the malware in malicious queries and analyze queries for potentially problematic patterns.
If cyber attackers know about particular vulnerabilities in popular software applications or operating systems, they may be able to take advantage of it in what’s known as a zero-day exploit. Hackers will target organizations using that software in order to exploit it before a patch or fix is made available.
To protect against zero-day exploits, it’s critical that businesses keep their software updated through a proactive patch management process. They should also deploy sophisticated antivirus software that protects attackers from installing unapproved software.
How to Protect Against Cyber Security Attacks
To protect against cyber security attacks, you will need to be proactive in monitoring, management, and automate security capabilities whenever possible. Typically, this means deploying security software offering an appropriate set of tools and features for your business security needs.
Some of the best ways to protect against many common hacking attempts include the following:
User activity monitoring
When tracking user activity you can keep track of suspicious logon and logoff attempts, with visibility across your network’s servers, devices, and workstations. You will need to monitor to see which devices were accessed, when access occur, and which user account had access.
To achieve full visibility, you’ll also want to use historical activity logs that allow you to pinpoint any abuse of privileged accounts, such as potentially problematic activity on admin accounts.
Ideally, your monitoring solution offers automatic alerts to draw your attention to suspicious activity, including unauthorized software downloads or transfers of data.
A major aspect of IT security is having processes established that comply with relevant regulations, along with a way to prove that compliance. That means you need the ability to report on and audit permission settings, account activity, and more.
A security solution can offer built-in or customizable templates that allow it to take corrective actions when it detects problematic activity. Depending on what type of anomaly occurs, a good security tool can automatically take action — whether it blocks an IP address, logs off the user, restarts a system, or simply sends an alert to the admin.
A framework for cyber threat intelligence can include an updated database of known threats, allowing for automatic comparison. If the tool discovers activity that corresponds to a known threat, or if specific security thresholds have been exceeded, it can send an immediate admin alert.
Access rights management
Being proactive about managing access rights is one of the best ways to improve security and help ensure you remain compliant with key regulations. This includes creating and shutting down accounts, adjusting permissions, and allowing for self-service from data owners — all at scale. This requires an excellent tool offering visibility, reporting, and ease of use.
ARM is an easy-to-use tool designed to offer a comprehensive access management solution. It includes integration for Active Directory, OneDrive, SharePoint, and more, with a focus on user provisioning, group management, permissions reporting, and other key functionalities. It makes it easier to identify and change permissions or run risk assessments relating to user accounts. With ARM you can set alerts for groups, users, domains, or file servers, making it easier to keep track of suspicious activity. ARM offers a 30-day free trial to get started.
SEM is a SIEM solution designed to offer 24/7 monitoring of suspicious activity as well as automated responses tohelp reduce the impact of threats. SEM offers hundreds of pre-built connections that gather logs from your sources and parses the data and puts the results in a central location for easy access and visibility. It offers logs designed to be easily readable so even non-experts can glean important insights from reporting, and the dashboard includes useful visualization options and filters. SEM alerts you to suspicious behaviors, using correlation rules and a built-in thread intelligence feed to better identify potential threats. It is also built to help businesses streamline the compliance reporting and auditing process. You can try out SEM with a 30-day free trial.