Cyber Attack

 

A cyber attack is the process of attempting to steal data or gaining unauthorized access to computers and networks using one or more computers. A cyber attack is often the first step an attacker takes in gaining unauthorized access to individual or business computers or networks before carrying out a data breach.

Cyber criminals use a range of methods and techniques to gain unauthorized access to computers, data, and networks and steal sensitive information.

A cyber attack is any type of offensive action that targets computer information systems, infrastructures, computer networks or personal computer devices, using various methods to steal, alter or destroy data or information systems

The goal of a cyber attack is either to disable the target computer and take it offline or gain access to the computer’s data and infiltrate connected networks and systems. Cyber attacks also differ broadly in their sophistication, with cyber criminals launching both random and targeted attacks on businesses. Attackers deploy a wide range of methods to begin a cyber attack, such as denial of service, malware, phishing, and ransomware.

An example is CMA CGM, one of the largest container shipping companies in the world. The firm suffered a cyber attack that originally targeted its servers, which then led to a data breach. The September 2020 attack occurred as malware was used to target the firm’s peripheral servers, which led to CMA CGM taking down access to its online services.

Malware: A company does not take the appropriate cyber attack prevention steps and allows its employees to visit any website they like. An employee goes to a fake site that automatically downloads malware onto their computer. The malware sets up a backdoor for a future ransomware attack.

Phishing: A phishing email, one of the most common cyber attack types, gets sent to an employee telling them they need to update their bank account password. They are led to a fake site, and a hacker collects all the information they put in.

These cyber attack examples are fairly simple not the sophisticated types some criminal syndicates unleash but they are still some of the most common methods malicious actors use to exploit companies and their employees.

Types of cyber attacks

1. Malware

Malware is malicious software designed to cause damage to computers, networks, and servers. There are different forms of malware, including Trojans, viruses, and worms, and they all reproduce and spread through a computer or network. This allows the hacker to gain deeper access into the target network to steal data, cause damage to devices, render networks inoperable, or take control of systems.

• Trojans :- A Trojan or a Trojan horse is a program that hides in a useful program and usually has a malicious function. A major difference between viruses and Trojans is that Trojans do not self-replicate. In addition to launching attacks on a system, a Trojan can establish a back door that can be exploited by attackers. For example, a Trojan can be programmed to open a high-numbered port so the hacker can use it to listen and then perform an attack. 
•  Logic bombs :- A logic bomb is a type of malicious software that is appended to an application and is triggered by a specific occurrence, such as a logical condition or a specific date and time. 
• Worms :- Worms differ from viruses in that they do not attach to a host file, but are self contained programs that propagate across networks and computers. Worms are commonly spread through email attachments; opening the attachment activates the worm program. A typical worm exploit involves the worm sending a copy of itself to every contact in an  infected computer’s email address In addition to conducting malicious activities, a worm spreading across the internet and overloading email servers can result in denial-of-service attacks against nodes on the network. 
• Droppers :- A dropper is a program used to install viruses on computers. In many instances, the dropper is not infected with malicious code and, therefore might not be detected by virus-scanning software. A dropper can also connect to the internet and download updates to virus software that is resident on a compromised system. 
• Ransomware :- Ransomware is a type of malware that blocks access to the victim’s data and threatens to publish or delete it unless a ransom is paid. While some simple computer ransomware can lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called crypto viral extortion, which encrypts the victim’s files in a way that makes them nearly impossible to recover without the decryption key.
• Adware :- Adware is a software application used by companies for marketing purposes; advertising banners are displayed while any program is running. Adware can be automatically downloaded to your system while browsing any website and can be viewed through pop-up windows or through a bar that appears on the computer screen automatically. 
• Spyware :- Spyware is a type of program that is installed to collect information about users, their computers or their browsing habits. It tracks everything you do without your knowledge and sends the data to a remote user. It also can download and install other malicious programs from the internet. Spyware works like adware but is usually a separate program that is installed unknowingly when you install another freeware application. 

2. Phishing

A phishing attack tricks a target into downloading malware or entering sensitive information into spoofed websites. These cyber attack methods are typically launched via email, with the attacker creating messages that look legitimate and may appear to be from a trusted sender. However, they will contain malware within an attachment or a malicious hyperlink that takes the recipient to a fake website that asks them to enter their login credentials or banking details.

Some phishing attacks take a blanket approach to try and catch as many victims as possible, but others are highly targeted and carefully researched to steal data from valuable individuals. Phishing is not restricted to email, however, as attacks are increasingly targeting mobile devices.

3. Ransomware

Ransomware attacks are a financially fueled form of malware attack. Attackers send messages containing a malicious attachment that, when downloaded, encrypts specific data and files or entire computers. The attacker will then demand a ransom fee from the victim and will only release or restore access to the data upon payment.

Ransomware attacks accounted for $8 billion of damage in 2018, of which only $1 billion came from ransom payments, and the rest was from reputational damage and lost revenue caused by downtime.

4. Denial of Service (DoS)

A denial-of-service (DoS) attack is designed to prevent online services from working efficiently, also known as a brute-force attack. It is typically caused by an attacker flooding a website with huge amounts of traffic or requests, in an attempt to overwhelm its systems and take them offline. A more advanced DoS form is a distributed denial-of-service (DDoS) attack, through which an attacker takes control of several computers to overload its target.

5. Man-in-the-Middle (MITM)

MITM attacks enable a malicious actor to position themselves between the target victim and an online service the user accesses. An example of this is an attacker creating a spoofed, free-to-access Wi-Fi network. When the user connects to or signs in to the network, the attacker can steal the login credentials and data they use while on it.

6. Cryptojacking

A cryptojacking attack occurs when a bad actor takes control of a computer, mobile device, or server to mine for online currency or cryptocurrency. The attack either begins with malware being installed on a computer or by running code in JavaScript to infiltrate the user’s browser.

Cryptojacking is financially motivated, and the method is designed to remain hidden from the target while using their computing resources to mine cryptocurrency. Often, the only sign of cryptojacking is a loss or reduction in computer performance or overactive cooling fans.

7. SQL injection

Attackers use Structured Query Language (SQL) injection to exploit vulnerabilities and seize control of a database. Many websites and web applications store data in SQL and use it to share user data with databases. If an attacker spots a vulnerability in a webpage, they can perform an SQL injection to discover user credentials and mount a cyber attack.

In some cases, they may be able to alter and add data within a database, delete records, transfer money, and even attack internal networks.

8. Zero-day exploits

Zero-day attacks target vulnerabilities in software code that businesses have not yet discovered, and as a result, have not been able to fix or patch. Once an attacker spots a code vulnerability, they create an exploit that enables them to infiltrate the business before it realizes there is a problem. They are then free to collect data, steal user credentials, and enhance their access rights within an organization.

Attackers can often remain active within business systems without being noticed for months and even years. Zero-day vulnerability exploit techniques are commonly available on the dark web, often for purchase by government agencies to use for hacking purposes.

9. DNS tunneling

DNS tunneling is a cyber attack method that targets the Domain Name System (DNS), a protocol that translates web addresses into Internet Protocol (IP) addresses. DNS is widely trusted, and because it is not intended for transferring data, it is often not monitored for malicious activity. This makes it an effective target to launch cyber attacks against corporate networks.

One such method is DNS tunneling, which exploits the DNS to tunnel malicious data and malware. It begins with an attacker registering a domain with the name server pointing to the attacker’s server, which has a tunneling malware program installed on it. The attacker infiltrates a computer and is free to send DNS requests through their server, which establishes a tunnel they can use to steal data and other malicious activity.