TYPES OF ATTACKS
Common types of hacking techniques that are known to be highly effective, such as Malware, Phishing, SQL Injection or Cross-Site Scripting (XSS). Here’s an overview of some of the most common types of attacks seen today.
If you’ve ever seen an antivirus alert pop up on your screen, or if you’ve mistakenly clicked a malicious email attachment, then you’ve had a close call with malware. Attackers love to use malware to gain a foothold in users’ computers—and, consequently, the offices they work in—because it can be so effective.
“Malware” refers to various forms of harmful software, such as viruses and ransomware. Once malware is in your computer, it can wreak all sorts of havoc, from taking control of your machine, to monitoring your actions and keystrokes, to silently sending all sorts of confidential data from your computer or network to the attacker’s home base.
Attackers will use a variety of methods to get malware into your computer, but at some stage it often requires the user to take an action to install the malware. This can include clicking a link to download a file, or opening an attachment that may look harmless (like a Word document or PDF attachment), but actually has a malware installer hidden within.
Of course, chances are you wouldn’t just open a random attachment or click on a link in any email that comes your way—there has to be a compelling reason for you to take action. Attackers know this, too. When an attacker wants you to install malware or divulge sensitive information, they often turn to phishing tactics, or pretending to be someone or something else to get you to take an action you normally wouldn’t. Since they rely on human curiosity and impulses, phishing attacks can be difficult to stop.
In a phishing attack, an attacker may send you an email that appears to be from someone you trust, like your boss or a company you do business with. The email will seem legitimate, and it will have some urgency to it (e.g. fraudulent activity has been detected on your account). In the email, there will be an attachment to open or a link to click. Upon opening the malicious attachment, you’ll thereby install malware in your computer. If you click the link, it may send you to a legitimate-looking website that asks for you to log in to access an important file—except the website is actually a trap used to capture your credentials when you try to log in.
In order to combat phishing attempts, understanding the importance of verifying email senders and attachments/links is essential.
sql injection attack (SQLi)
SQL (pronounced “sequel”) stands for structured query language; it’s a programming language used to communicate with databases. Many of the servers that store critical data for websites and services use SQL to manage the data in their databases. A SQL injection attack specifically targets this kind of server, using malicious code to get the server to divulge information it normally wouldn’t. This is especially problematic if the server stores private customer information from the website, such as credit card numbers, usernames and passwords (credentials), or other personally identifiable information, which are tempting and lucrative targets for an attacker.
An SQL injection attack works by exploiting any one of the known SQL vulnerabilities that allow the SQL server to run malicious code. For example, if a SQL server is vulnerable to an injection attack, it may be possible for an attacker to go to a website’s search box and type in code that would force the site’s SQL server to dump all of its stored usernames and passwords for the site.
Cross-site scripting (XSS)
In an SQL injection attack, an attacker goes after a vulnerable website to target its stored data, such as user credentials or sensitive financial data. But if the attacker would rather directly target a website’s users, they may opt for a cross-site scripting attack. Similar to an SQL injection attack, this attack also involves injecting malicious code into a website, but in this case the website itself is not being attacked. Instead, the malicious code the attacker has injected only runs in the user’s browser when they visit the attacked website, and it goes after the visitor directly, not the website.
Cross-site scripting attacks can significantly damage a website’s reputation by placing the users’ information at risk without any indication that anything malicious even occurred. Any sensitive information a user sends to the site—such as their credentials, credit card information, or other private data—can be hijacked via cross-site scripting without the website owners realizing there was even a problem in the first place.
Imagine you’re sitting in traffic on a one-lane country road, with cars backed up as far as the eye can see. Normally this road never sees more than a car or two, but a county fair and a major sporting event have ended around the same time, and this road is the only way for visitors to leave town. The road can’t handle the massive amount of traffic, and as a result it gets so backed up that pretty much no one can leave.
That’s essentially what happens to a website during a denial-of-service (DoS) attack. If you flood a website with more traffic than it was built to handle, you’ll overload the website’s server and it’ll be nigh-impossible for the website to serve up its content to visitors who are trying to access it.
This can happen for innocuous reasons of course, say if a massive news story breaks and a newspaper’s website gets overloaded with traffic from people trying to find out more. But often, this kind of traffic overload is malicious, as an attacker floods a website with an overwhelming amount of traffic to essentially shut it down for all users.
In some instances, these DoS attacks are performed by many computers at the same time. This scenario of attack is known as a Distributed Denial-of-Service Attack (DDoS). This type of attack can be even more difficult to overcome due to the attacker appearing from many different IP addresses around the world simultaneously, making determining the source of the attack even more difficult for network administrators.
Session Hijacking and MITM Attacks
When you’re on the internet, your computer has a lot of small back-and-forth transactions with servers around the world letting them know who you are and requesting specific websites or services. In return, if everything goes as it should, the web servers should respond to your request by giving you the information you’re accessing. This process, or session, happens whether you are simply browsing or when you are logging into a website with your username and password.
The session between your computer and the remote web server is given a unique session ID, which should stay private between the two parties; however, an attacker can hijack the session by capturing the session ID and posing as the computer making a request, allowing them to log in as an unsuspecting user and gain access to unauthorized information on the web server. There are a number of methods an attacker can use to steal the session ID, such as a cross-site scripting attack used to hijack session IDs.
An attacker can also opt to hijack the session to insert themselves between the requesting computer and the remote server, pretending to be the other party in the session. This allows them to intercept information in both directions and is commonly called a man-in-the-middle attack.
BRUTE-FORCE & DICTIONARY ATTACKS
Brute-force and dictionary attacks are types of cybersecurity attacks in which an attacker tries to log in to a user’s account by systematically checking and attempting all possible passwords and passphrases until the correct one is found.
After all, the easiest way to attack a system is through the front door, and there must be some way to log in. If you have credentials, you can log in as a normal user would, likely without generating suspicious log entries, tripping IDS signatures, or needing an unpatched vulnerability. If you have the credentials for the system administrator, life is even easier. Attackers have neither of these luxuries; here’s an overview of how they utilize brute-force and dictionary attacks to gain access.
SPEAR PHISHING ATTACKS
Spear phishing is a common type of cyber attack in which attackers take a narrow focus and craft detailed, targeted email messages to a specific recipient or group. This requires the attacker to research their target to find important details that can give their messages a thin veneer of plausibility—all in the hopes of fooling and ensnaring a valuable target into clicking or downloading a malicious payload, or into initiating an undesired action such as a wire transfer.
Spear phishing attacks may target just one organization at a time, or even specific teams within one organization. When spear phishing attacks get even more granular, they often go after the biggest possible targets with a laser focus, such as C-level executives or senior managers; this kind of hyper-specific phishing attack is colloquially called whaling.
A whaling is a common cyber attack that occurs when an attacker utilizes spear phishing methods to go after a large, high-profile target, such as the c-suite. Malicious actors know that executives and high-level employees (like public spokespersons) can be savvy to the usual roster of spam tactics; they may have received extensive security awareness training because of their public profile, and the security team may have more stringent policies and heftier tools in place to protect them. This leads attackers who try to phish these targets to look beyond the same old tried-and-true tactics to more sophisticated, targeted methods.
Users today have so many logins and passwords to remember that it’s tempting to reuse credentials here or there to make life a little easier. Even though security best practices universally recommend that you have unique passwords for all your applications and websites, many people still reuse their passwords—a fact attackers rely on.
Once attackers have a collection of usernames and passwords from a breached website or service (easily acquired on any number of black market websites on the internet), they know that if they use these same credentials on other websites there’s a chance they’ll be able to log in. No matter how tempting it may be to reuse credentials for your email, bank account, and your favorite sports forum, it’s possible that one day the forum will get hacked, giving an attacker easy access to your email and bank account. When it comes to credentials, variety is essential. Password managers are available and can be helpful when it comes to managing the various credentials you use.
This is just a selection of common attack types and techniques (follow this link to learn more about web application vulnerabilitites specificially). It is not intended to be exhaustive, and attackers do evolve and develop new methods as needed; however, being aware of, and mitigating these types of attacks will significantly improve your security posture.