Welcome to 2022, where there are over 20 types of cyber security threats (and we promise, more on the horizon.) Cyber threats change as rapidly as technology changes with the methods, size, and tactics of attacks morphing daily.
Our best counter-attack against the bad actors out there is to be knowledgeable about the techniques they are using. Cybersecurity thrives on knowledge and preparedness, two things we at Cyber Phoenix take very seriously. Aside from adopting cybersecurity safety practices, or taking training courses, the best way to keep your data, company information, and systems safe is to learn the ways bad actors are trying to gain access to them. If you are thoroughly in the know, you can be thoroughly prepared. So let’s take a deep dive into the world of cyber-attacks and stay on top of these malicious attackers and their methods.
In a recent post, we explored the current definition of cyberattack and how we got here. As it stands today, a cyber attack is any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. The path of acquiring the information cybercriminals seek is an attack vector. The attack vectors cybercriminals are currently using vary vastly, as you soon will find out. But they all fall under the following main types of attacks:
- Malware Attacks
- Social Engineering Attacks
- Injection Attacks
- Software Supply Chain Attacks
- Advanced Persistent Threats (APT)
- Distributed Denial of Service (DDoS)
- Man-in-the-middle Attacks (MitM)
- Password Attacks
Who Is Behind Cyberattacks?
There is a lot we can’t even begin to know about the people hiding behind the veil of cybercriminal activity. What we do know is that there are networks of individuals acting in coordination with each other from all parts of the world for a variety of reasons. These cybercrime rings can be state-sponsored by governments for military or political purposes, domestic or international terrorist groups targeting governments or other militaries, organized crime groups seeking monetary and political gain, spies with financial motives, hacktivists making a statement, insiders exploiting their access and knowledge for financial gain, or sometimes hackers are hacking simply because they can.
Whatever their motive, they all use intricate methods to take advantage of vulnerable systems, which leads to the loss of data, information, intellectual property, and funds. You have most likely heard of a handful of the ways they get at this stuff – malware, phishing scams, spyware – but for each of these, there are a dozen other methods to their madness. Let’s explore each one.
Malware is a shortened term for malicious software. Malware gets secretly inserted into a system in several ways to compromise data. Once malware is installed, attackers have access to personal data, can monitor user activity, penetrate other in-network targets, and use all of this maliciously for their own personal gain.
Malware attacks come in a variety of forms:
Trojan virus — a user clicks on a seemingly benign file which unleashes an attack on their system. A backdoor is then created which gives the attacker access to the system.
Ransomware — criminals use public-key encryption to enter a network and encrypt files. The cybercriminals then hold the key which gives access to the victim’s data and prevents or limits the victim’s access. They then threaten to delete or publish the data until the victim pays a ransom.
Wiper malware — in an attempt to hide their hacking activity, hackers attempt to wipe out data by overwriting files or destroying the entire system.
Worms — malware specifically designed to gain access to operating systems via the exploitation of network vulnerabilities and backdoors.
Spyware — malware secretly installed on devices that give hackers access to data, personal credentials, information, and payment details.
Fileless malware — this type of malware does not need to be installed on an operating system, but instead makes native files editable to allow for malicious activity.
Social Engineering Attacks
Social engineering attacks are achieved by victims being tricked into sharing sensitive information which attackers then use to gain access to corporate or personal networks. Social engineering attacks are increasingly common and come in many forms.
Phishing — Unsuspecting victims are tricked into performing an action, such as clicking a malicious link or providing personal information. Typically via email, cybercriminals send seemingly legitimate correspondence that either prompts the recipient for information or exposes them to malware from an infected attachment. These emails may look legitimate with recognizable names and logos and often include a warning message regarding the account of the recipient to which they need to respond to remedy the issue.
Spear phishing — a type of phishing that targets system administrators or senior executives.
Malvertising — an infected online advertisement that infects a user’s computer with malware when seen or clicked.
Drive-by downloads — malware installed directly onto a computer from a hacked website. Hackers insert malicious script onto a website that redirects the site visitor to a secondary malicious website. The malicious webpage then downloads malware onto the user’s system.
Scareware security software — Victims are alerted to a fake threat with warnings and prompted to pay for threat removal or to register fake detection software. Financial details are then stolen by the attacker. Similarly, a victim may be led to believe that they downloaded something infected or illegal. The cybercriminal will provide a fake solution to the fake problem and trick the victim into installing malware.
Baiting — Malicious actors trick unsuspecting victims into using malware-infected devices, such as USB devices.
Vishing — Voice Phishing, or Vishing, prompts victims over the phone to share personal or financial information.
Whaling — Whales are high-profile employees of a company, such as the CFO or CEO, who are manipulated into sharing privileged company information.
Pretexting — Data is accessed by a scammer when they allege that the victim needs to confirm their identity by providing personal or financial information.
Honey trap — Similar to the well-known catfishing schemes, a cybercriminal creates a fake online identity and steals sensitive information from an unsuspecting victim who believes themself to be in a relationship with the online persona.
Pharming — Malicious code installed on a computer redirects a user to a fraudulent website, which then prompts them to provide personal information.
Many websites are critically vulnerable to injection attacks due to code vulnerabilities. Attackers inject web applications with malicious input, allowing the attacker to take control of or change the application.
Common Types of Injection Attacks:
SQL Injection Attack — Attackers inject malicious SQL code into a vulnerable search box of a database-driven website. This gives the attacker access to sensitive company data, such as user lists, and customer details, and gives them the ability to view, edit, and delete data from the database.
Cross-Site Scripting (XSS) Attack — An attacker injects malicious code into an otherwise trustworthy website. When users engage with the website, the web page executes malicious code onto the user’s browser, opening up the user to more serious attacks.
Code Injection Attack — Malicious code is injected into an application when an attacker exploits existing vulnerabilities. Once injected, the attacker gains access to the server and can further escalate the attack.
Command Injection Attack — An attacker exploits an application vulnerability to access a system, retrieve unauthorized data, or take over an entire server. The vulnerability allows an attacker to gain command of the host operating system.
CCS Injection Attack — Attackers exploit a client-server handshake session by sending invalid signals, allowing them to steal encryption keys and gain access to sensitive information.
Software Supply Chain Attacks
Organizations rely on a software supply chain that connects them to the networks that aid in the creation, sale, and distribution of goods and services. A software supply chain attack targets and exploits weak links in software patches and updates, particularly when third-party vendors perform updates. Network monitoring tools, AI and smart technologies, control systems, and network-enabled systems that use vendor CI/CD software can all leave a software supply chain open to attack. These attacks come in the form of compromised dev/test infrastructure or software building tools, compromised accounts or devices of privileged third-party vendors, malicious apps signed with stolen developer IDs or certificates, malicious code on hardware, or spyware.
Advanced Persistent Threats (APT)
ATPs are sophisticated attacks by malicious groups or individuals wherein they access a network and avoid detection by security personnel for some time. During their extended presence, they steal sensitive data, often from high-level companies and governments.
Look out for new account creation with elevated privileges, abnormal or inconsistent account and database activity, heightened malware detection, and the presence of unusual files.
Distributed Denial of Service (DDoS) Attacks
DDoS attacks render websites or web services unusable by overwhelming them with heavy web traffic. Cybercriminals from several locations coordinate their efforts by compromising a network of computers to target a system. This attack is often done to create a diversion while the attackers attempt other more inconspicuous forms of fraudulent and malicious activity.
Types of DDoS attacks:
Botnets — Botnets are a network of devices that have been infected with malware and have fallen under the control of hackers. The bots, which can include millions of devices spread far and wide, carry out DDoS attacks to shut down or slow a targeted server.
Smurf attack — Attackers automate a process of generating fraudulent Internet Control Message Protocol (ICMP) echo requests to overwhelm a targeted IP address.
TCP SYN flood attack — An offender exploits the first step in the typical TCP 3-way handshake by flooding the target system with requests to connect. When the target system is flooded by more requests than can be processed, the system becomes unresponsive.
AKA, the Eavesdropping Attack. Attackers take advantage of devices accessing remote servers by intercepting client-server communication. While remote-access users believe themselves to be communicating with their targeted system, they are in fact handing their sensitive data, credentials, and personal information right over to the attacker. There are several ways information hijackers accomplish this.
Man-in-the-Middle attacks include:
Session hijacking — an attacker supplants their own fraudulent IP address for the IP address of the client, thus hijacking the client-server session. A server then believes it is communicating with its client, compromising the client’s information.
IP spoofing — an attacker gains access to a system by posing as a known, trusted entity. The attacker is then able to co-opt the IP address as its own by forging the fraudulent packet with the trusted one.
Eavesdropping attack — when a client accesses a server over an insecure network, attackers are readily able to access information being transmitted between the client and server.
Bluetooth attacks — Attackers gain access to devices when Bluetooth is paired via unsecured wireless networks.
When we tell you to adhere to good password hygiene, this is why. Attackers gain access by employing several methods of password guessing:
Brute-force password guessing — Software uses information about the victim (names, dates, numbers, etc.) in an attempt to guess a password.
Dictionary attack — Words in the dictionary are systematically entered as possible passwords until the right password is guessed.
Pass-the-hash attack — an attacker captures and reuses a hashed password and passes it through the authentication protocol.
Golden ticket attack — Also known as Kerberos Attacks, attackers start by “passing the hash” and taking control of the Active Directory Key Distribution Service Account. They are then able to forge Kerberos Ticket Granting Tickets (TGTs), thus disguising the attacker as a credentialed admin, granting them indefinite access to the network domain.
Cybersecurity Starts with Cyber Phoenix
This list is not exhaustive. More attack vectors are being used every day. And more on the way. Staying ahead of cybercrime is no small feat, which is why the cybersecurity industry is booming and why cybersecurity professionals are in such high demand. If you want to break into the industry, we’ve got you. Our course subscription packages are affordable and effective. Start a free trial, and most importantly…
Stay safe out there.