softtell updates 

Different types of cyber attacks

A lot of organisations have experienced cyber attacks, but how are they actually hit? There are many types of cyber attack, and the one the criminal hacker chooses depends on what they are trying to do. Some want data, whereas others want a ransom to be paid.

The most common types of cyber attack are malware and vectors. Malware is designed to disrupt and gain unauthorised access to a computer system. There are the main forms:

Ransomware

Ransomware one of the fastest-growing forms of cyber attacks and has been behind a number of high-profile breaches, including the massive NHS data breach in 2017. It is a type of malicious software that encrypts a victim’s files and demands a payment to release them. However, paying the ransom does not guarantee the recovery of all encrypted data. Staff awareness is the best strategy to manage ransomware threats.

DDoS (distributed denial-of-service) attack

A DDoS attack is a malicious attempt to disrupt normal web traffic and take a site offline. This is done by flooding a system, server or network with more access requests than it can handle. DDoS attacks are often launched from numerous compromised devices, and are usually distributed globally through botnets.

Social engineering

Social engineering deceives and manipulates individuals into divulging sensitive information by convincing them to click malicious links or grant access to a computer, building or system. Two examples of social engineering are:

  • Phishing– this is an attempt to access sensitive in

A lot of organisations have experienced cyber attacks, but how are they actually hit? There are many types of cyber attack, and the one the criminal hacker chooses depends on what they are trying to do. Some want data, whereas others want a ransom to be paid.

The most common types of cyber attack are malware and vectors. Malware is designed to disrupt and gain unauthorised access to a computer system. There are the main forms:

Ransomware
Ransomware one of the fastest-growing forms of cyber attacks and has been behind a number of high-profile breaches, including the massive NHS data breach in 2017. It is a type of malicious software that encrypts a victim’s files and demands a payment to release them. However, paying the ransom does not guarantee the recovery of all encrypted data. Staff awareness is the best strategy to manage ransomware threats.

DDoS (distributed denial-of-service) attack
A DDoS attack is a malicious attempt to disrupt normal web traffic and take a site offline. This is done by flooding a system, server or network with more access requests than it can handle. DDoS attacks are often launched from numerous compromised devices, and are usually distributed globally through botnets.

Social engineering
Social engineering deceives and manipulates individuals into divulging sensitive information by convincing them to click malicious links or grant access to a computer, building or system. Two examples of social engineering are:

Phishing– this is an attempt to access sensitive information such as passwords and bank information by posing as a trusted individual. This is done via electronic communication, most commonly by email, and can inflict enormous damage on organisations.
Pharming– this is an attack that redirects a website’s traffic to a fake website, where users’ information is then compromised.
Viruses
A virus is a piece of malicious code that is loaded onto a computer without the user’s knowledge. It can replicate itself and spread to other computers by attaching itself to another computer file.

Worms
Worms are similar to viruses in that they are self-replicating, but they do not need to attach themselves to a program. They continually look for vulnerabilities and report back any weaknesses that are found to the worm author.

Spyware/adware
Spyware/adware can be installed on your computer without your knowledge when you open attachments, click links or download infected software. It then monitors your computer activity and collects personal information.

Trojans
A Trojan is a type of malware that disguises itself as legitimate software, such as virus removal programs, but performs malicious activity when executed.

Attack vectors
Attack vectors are used to gain access to a computer or network in order to infect them with malware or harvest stolen data. Vectors have four main forms:

Drive-by
A drive-by cyber attack targets a user through their Internet browser, installing malware on their computer as soon as they visit an infected website. It can also happen when a user visits a legitimate website that has been compromised by criminal hackers, either infecting them directly or redirecting them to a malicious site.

MITM (man in the middle)
An MITM attack is where an attacker alters the communication between two users, impersonating both victims in order to manipulate them and gain access to their data. The users are not aware that they are actually communicating with an attacker rather than each other.

Zero-day attack
The use of outdated (unpatched) software (e.g. Microsoft XP) opens up opportunities for criminal hackers to take advantage of known vulnerabilities that can bring entire systems down. A zero-day exploit can occur when a vulnerability is made public before a patch or solution has been rolled out by the developer. Patch management is one of the five basic cyber security controls proposed by the UK government’s Cyber Essentials scheme.

Sequel injection
An SQL (Structured Query Language) injection occurs when an attacker inserts malicious code into a server that uses SQL. SQL injections are only successful when a security vulnerability exists in an application’s software. Successful SQL attacks force a server to provide access to or modify data.

  • formation such as passwords and bank information by posing as a trusted individual. This is done via electronic communication, most commonly by email, and can inflict enormous damage on organisations.
  • Pharming– this is an attack that redirects a website’s traffic to a fake website, where users’ information is then compromised.

Viruses

A virus is a piece of malicious code that is loaded onto a computer without the user’s knowledge. It can replicate itself and spread to other computers by attaching itself to another computer file.

Worms

Worms are similar to viruses in that they are self-replicating, but they do not need to attach themselves to a program. They continually look for vulnerabilities and report back any weaknesses that are found to the worm author.

Spyware/adware

Spyware/adware can be installed on your computer without your knowledge when you open attachments, click links or download infected software. It then monitors your computer activity and collects personal information.

Trojans

A Trojan is a type of malware that disguises itself as legitimate software, such as virus removal programs, but performs malicious activity when executed.

Attack vectors

Attack vectors are used to gain access to a computer or network in order to infect them with malware or harvest stolen data. Vectors have four main forms:

  • Drive-by

A drive-by cyber attack targets a user through their Internet browser, installing malware on their computer as soon as they visit an infected website. It can also happen when a user visits a legitimate website that has been compromised by criminal hackers, either infecting them directly or redirecting them to a malicious site.

  • MITM (man in the middle)

An MITM attack is where an attacker alters the communication between two users, impersonating both victims in order to manipulate them and gain access to their data. The users are not aware that they are actually communicating with an attacker rather than each other.

  • Zero-day attack

The use of outdated (unpatched) software (e.g. Microsoft XP) opens up opportunities for criminal hackers to take advantage of known vulnerabilities that can bring entire systems down. A zero-day exploit can occur when a vulnerability is made public before a patch or solution has been rolled out by the developer. Patch management is one of the five basic cyber security controls proposed by the UK government’s Cyber Essentials scheme.

  • Sequel injection

An SQL (Structured Query Language) injection occurs when an attacker inserts malicious code into a server that uses SQL. SQL injections are only successful when a security vulnerability exists in an application’s software. Successful SQL attacks force a server to provide access to or modify data.

Related posts

Leave a Comment

[the_ad id="128"]