Lepide Blog: A Guide to IT Security, Compliance and IT Operations

15 Most Common Types of Cyber Attack and How to Prevent Them

Common Types of Cyber Attacks

According to Statista, the average cost of a data breach is around 9.48 million USD, which includes expenses related to discovering and responding to the attack, downtime, lost revenue, and long-term damage to the business’s reputation. It is projected that cybercrime will cost the global economy approximately $10.5 trillion annually by 2025. Of course, a large number of security incidents are caused by insiders – whether through negligence or malice.

What is a Cyber Attack?

A cyberattack refers to any deliberate attempt to gain unauthorized access to a network, computer system, or device with the intention of stealing, altering, exposing, or destroying data, applications, or other assets. These attacks are carried out by threat actors who use various strategies such as malware, social engineering, and password theft. It goes without saying that cyberattacks disrupt business operations; however, in some extreme circumstances, they can also lead to their complete destruction.

15 Common Types of Cyber Attacks

While there are many different ways that an attacker can infiltrate an IT system, most cyber-attacks rely on pretty similar techniques. Below are some of the most common types of cyber-attacks:

  1. Malware
  2. Phishing
  3. Man-in-the-middle attack (MITM)
  4. Distributed Denial-of-Service (DDoS) attack
  5. SQL injection
  6. Zero-day exploit
  7. DNS Tunnelling
  8. Business Email Compromise (BEC)
  9. Cryptojacking
  10. Drive-by Attack
  11. Cross-site scripting (XSS) attacks
  12. Password Attack
  13. Eavesdropping attacks
  14. Insider Threats
  15. IoT-Based Attacks

1. Malware

Malware is unwanted software installed on a system without permission, which can infect computers through legitimate websites, applications, or file attachments. Different types of malware have varying methods of infection, such as replicating, encrypting files, blocking access to data, displaying ads, or collecting information. Malware can include viruses, worms, trojans, ransomware, spyware, adware, keyloggers, botnets, and more. Emotet, for example, is a notorious banking Trojan that has evolved into a sophisticated and polymorphic malware that primarily spreads through phishing emails. Emotet can steal sensitive data, spread across networks, and deliver other malware.

2. Phishing

Phishing is a method used to trick victims into sharing sensitive information or installing malicious files. Sometimes It involves targeted spear phishing, which targets individuals or organizations with deceitful emails. In some cases they high-ranking individuals to steal money or sensitive data. SMiShing and Vishing techniques are sometimes used to entice individuals into revealing personal information through fraudulent text messages, phone calls and voice messages to extract private information. The 2015 attack on Ukraine’s power grid, attributed to Russia, involved sending targeted phishing emails to collect login details and information, leaving many without electricity during the winter.

3. Man-in-the-middle attack (MITM)

In a man-in-the-middle attack (MITM), an attacker surreptitiously inserts themselves into a communication between two unsuspecting parties. This enables them to potentially eavesdrop on the conversation, extract sensitive information or credentials, or even manipulate the content of the communication. While MITM attacks were once relatively common, the widespread adoption of end-to-end encryption in modern email and chat systems has made them significantly less prevalent.

4. DoS and DDoS Attacks

DoS and DDoS (Distributed Denial of Service) attacks are malicious attempts to disrupt the normal functioning of a system or network by overwhelming it with excessive traffic. A DoS attack is carried out by a single attacker, while a DDoS attack involves multiple attacker-controlled machines, often infected with malware, collectively launching the attack. The primary goal of these attacks is disruption, making the targeted system or service unavailable to legitimate users. In some cases, the attacker may gain financial benefits if hired by a competing business. Successful DoS or DDoS attacks can leave the system vulnerable to further attacks. Notable examples include the massive attack on Amazon Web Services (AWS) in February 2020, which is claimed to be the largest publicly disclosed DDoS attack in history.

5. SQL Injection

In the context of SQL databases, SQL injection is a vulnerability that allows an attacker to execute SQL statements through an HTML form on a webpage. If the database permissions are not properly configured, the attacker can manipulate the HTML form to perform unauthorized database actions, such as creating, reading, modifying, or deleting data.

6. Zero-day Exploit

A zero-day exploit is a cyberattack where malicious actors exploit a recently discovered vulnerability in widely-used software applications or operating systems before a security patch is released. This allows attackers to target organizations using that software by taking advantage of the vulnerability while it remains unaddressed.

7. DNS Tunnelling

DNS tunneling is a stealthy attack strategy that allows attackers to access targeted systems consistently. Many organizations fail to monitor DNS traffic for suspicious activities, creating opportunities for attackers to include or “tunnel” malicious software into DNS queries. This software establishes a persistent communication channel that is difficult for most firewalls to identify.

8. Business Email Compromise (BEC)

BEC attacks are a type of cybercrime where the attacker targets specific individuals, typically employees with financial authorization, to deceive them into transferring funds into the attacker’s control. BEC attacks require meticulous planning and research, such as gathering information about the organization’s executives, employees, customers, business partners, and potential partners, to effectively convince the victim to release funds. BEC attacks inflict substantial financial losses, rendering them among the most damaging forms of cyber-attacks.

9. Cryptojacking

Cryptojacking involves cybercriminals secretly using a victim’s computer resources, without their knowledge, to mine cryptocurrencies. Organizations often lack visibility into this type of attack, making it challenging to detect and respond. While cryptojacking may not directly result in data theft, it can still lead to significant resource drain and increased energy costs for the affected organization. It’s important for organizations to take appropriate measures to protect their networks and systems from cryptojacking attempts.

10. Drive-by Attack

In a “drive-by-download” attack, an unsuspecting victim stumbles upon a website that surreptitiously infects their device with malicious software. This website can be under the direct control of the attacker or may have been compromised. In some instances, the malware is cunningly embedded within content like banners and advertisements. The prevalence of exploit kits has lowered the barrier to entry for aspiring hackers, enabling them to effortlessly create malicious websites or disseminate harmful content through various channels.

11. Cross-site Scripting (XSS) Aattacks

Cross-site scripting attacks, akin to SQL injection attacks, focus on infecting site visitors rather than extracting database data. An illustration of this is the comments section of a webpage. If user input is not filtered before publishing a comment, an attacker can insert a hidden malicious script. When a user visits the page, the script executes, potentially infecting their device, stealing cookies, or extracting credentials. The attack may also redirect the user to a malicious website.

12. Password Attack

A password attack involves an attacker attempting to predict or discover a user’s password to gain unauthorized access to a device or account. Numerous methods exist for cracking passwords, including Brute-Force, Dictionary, Rainbow Table, Credential Stuffing, Password Spraying, Keylogger, and even Phishing techniques aimed at tricking users into revealing their credentials.

13. Eavesdropping Attacks

Eavesdropping attacks, often called “snooping” or “sniffing,” occur when an attacker looks for network communications that lack security to intercept and access the data being sent across the network. To protect against this, companies often ask employees to use a Virtual Private Network (VPN) when accessing the company network from public Wi-Fi hotspots, which are not secure.

14. Insider Threats

Insider threats, often consisting of current or previous employees, pose a significant risk to organizations due to their flexible access to the company network, including confidential data and intellectual property. Their understanding of business processes and policies makes it easier for them to carry out malicious activities, such as trading confidential information on the dark web for monetary gain. Of course, not all insider threats are malicious. It’s often the case where users simply send sensitive data to the wrong recipient.

15. IoT-Based Attacks

IoT-based cyber-attacks exploit vulnerabilities in internet-connected devices, such as smart POS, Lighting, and Security systems, to launch denial-of-service, malware and phishing attacks for the purposes of disrupting critical infrastructure, business operations, and obtaining personal data.

How to Prevent Cyber Attacks

Preventing cyber-attacks requires a multi-pronged approach that encompasses a wide range of security solutions. While I won’t discuss the preventative measures for all possible attack vectors, below are some of the most notable ways that businesses can prevent common attack types.

Malware: To prevent malware infections, implement anti-malware and spam protection software, train staff to recognize malicious emails and websites, enforce strong password policies, keep software updated, and control access to systems and data.

Phishing: To prevent phishing attacks, security awareness training is essential to educate employees about suspicious emails and links.

Man-in-the-middle: In the case of MITM attacks, using a VPN is crucial when connecting through public Wi-Fi, being cautious of fake websites, intrusive pop-ups, and invalid certificates.

DoS and DDoS: Preventing DoS and DDoS attacks requires robust network infrastructure with firewalls, traffic filtering, rate limiting, and collaboration with ISPs.

SQL injection/Cross-site scripting: These attacks can be prevented by properly sanitizing inputs and ensuring that special characters entered by users are not rendered on web pages.

Zero-day exploits: Traditional antivirus solutions may not be effective against zero-day exploits, but Next-Generation Antivirus (NGAV) solutions can offer some protection.

DNS tunneling: DNS tunneling can be prevented with specialized tools that block malicious DNS queries and blacklist suspicious destinations.

Business Email Compromise: To prevent BEC attacks, employees should be trained to scrutinize emails for fake domains, urgency, and other suspicious elements.

Cryptojacking: Protecting against cryptojacking involves monitoring network device CPU usage and training employees to spot performance issues or suspicious emails.

Drive-by attacks: To minimize drive-by attacks, remove unnecessary browser plug-ins, install ad-blockers, and disable Java and JavaScript when possible.

Password attacks: Preventing password attacks involves strong password policies, Multi-Factor Authentication (MFA), and penetration testing.

Eavesdropping: Eavesdropping attacks can be mitigated by encrypting sensitive data at rest and in transit, using firewalls, VPNs, and intrusion prevention solutions, and educating employees about phishing attempts.

Insider threats: To address insider threats, implementing strict access controls, regularly monitoring user behavior, conducting thorough background checks, and educating employees about security risks are essential.

IoT attacks: Protecting against IoT attacks requires changing default router settings, using strong and unique passwords, disconnecting devices when not in use, and keeping them updated with the latest patches.

How Lepide Helps

The Lepide Data Security Platform gives you visibility over critical changes being made to your systems and interactions with your sensitive data. The platform enables you to locate and classify your sensitive data, govern access by removing excessive permissions and analyze user and entity behavior.

By getting visibility over your data, you’ll have the ability to detect security threats in real-time and react to quickly shut down the threat with Lepide’s automated, pre-defined threat models. If you’d like to see how Lepide can help you defend against cyber-attacks, schedule a demo of the Lepide Data Security Platform today.