×
most common cyber attacks

Simply put, a Cyber Attack is an offensive maneuver via cyberspace that targets computer networks, information systems, infrastructure, and personal computers and uses various means to destroy, steal or alter data.

There exists a myriad of cyber attacks but this article focuses on the top 10 most prevalent as outlined below.

Here’s the Most Common Cyber Attacks of 2021:

1. Password attack:

This type of attack is very common as passwords are the most widely used means of authentication.

A person’s password can be obtained by snooping around their workspace, accessing a password database, “sniffing” their network connection, or outrightly guessing.

A report published by The Times of India on June 6, 2020 shows that this kind of attack is usually traceable to bad password habits such as using the same password for all accounts/logins, and the use of weak passwords1.

Password attacks can also be prevented by implementing multi-factor authentication.

 

2. Malware attack:

Malware (“MALicioussoftWARE”) is the term used to refer to unwanted software installed on a computer system without the consent of the owner. It can attach itself to useful applications or replicate across the internet.

Types of malware include:

  • Macro viruses,
  • Trojan,
  • Worm,
  • Bots,
  • Adware, C
  • rypto-malware,
  • Ransomware,
  • Logic bomb,
  • Keylogger,
  • Rootkit,
  • Backdoor,
  • Polymorphic viruses,
  • Stealth viruses,
  • RAT (Remote Access Trojans)
  • and many others12.

 

3. Birthday Attack:

This is a Brute-force attack that works on the cryptographic phenomenon of hash collisions.

It derives its name from the birthday paradox (In a room full of people, what is the probability that two will share the same birthday?).

Birthday attacks are used to verify the integrity of a message, software or digital signature.

A message processed by a hash algorithm results in a unique message digest (MD) whose length is fixed and independent of the original length of the input.

In consonance with the birthday paradox, the birthday attack thrives on the probability that two random messages will generate the same MD when processed by a hash algorithm.

When an attacker is able to generate the same MD as the user, he simply replaces the user’s message with his and goes undetected11.

 

4. Drive-by Attack:

A drive-by download attack takes place when a user unintentionally downloads malicious code to their computer or mobile device, leaving them vulnerable to cyber-attacks.

This is a very common means of spreading malware.

Cybercriminals plant malicious scripts into the HTTP or PHP code of an insecure website. This script can either install malware directly to the user’s computer on visiting such site, or re-direct the victim to another site that the hackers have control of.

A typical example of a drive-by attack is when you accidentally give consent for an-unwanted software to be installed to your computer, by clicking “next” and “accept” during an installation or while using a website, without properly reading instructions.

This may give the software elevated permission, leading to adverse effects.

 

5. DoS & DDoS Attacks:

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are another common category of attacks.

A DoS attack overwhelms a system’s resources with more traffic than it can accommodate, preventing it from responding to service requests.

The DDoS attack is also similar to a DoS attack but it is launched from a large number of host machines which are infected by malware controlled by the cyber criminal.

In 2016, Dyn, a major domain name system (DNS) provider was hit by a massive DDoS attack that took down major sites and service providers like Amazon, AirBnB, Spotify, Visa, Reddit, CNN, Netflix, PayPal, The New York Times, and GitHub3.

 

6. MitM Attack:

MitM stands for Man-in-the-Middle. This type of attack occurs when a hacker gets in the middle of the communication between client and server. It can take on various forms including

  • IP Spoofing:
    An attacker gets access to a system by convincing it that it is communicating with a trusted entity.
  • Replay:
    An attacker intercepts and saves messages then sends them later impersonating the original sender. This can be prevented by the use of session timestamps.
  • Session Hijacking:
    Here the attacker hijacks a session between a server and one of its trusted clients. It then replaces the client IP address with its own while the server continues communication without detecting that the client has been swapped.

In 2019, an MitM attack was used to steal one million dollars from an Israeli startup by intercepting a wire transfer from a Chinese venture-capital firm intended for the new business4.

 

7. SQL Injection (SQLi) attack:

This is a type of an injection attack that makes it possible to execute malicious SQL statements, resulting in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information.

SQLi is also used to issue commands to the Operating system in some cases. Websites and web applications that are built with PHP and ASP, as well as those that use dynamic SQL are vulnerable to SQL injection.

In May 2020, it was reported that a hacker in New York along with his gang used SQL injection techniques to hack into vulnerable e-commerce websites and steal credit card information6.

 

8. Cross-site scripting (XSS) attack:

In this type of attack, the attacker runs a script in the victim’s web browser or scriptable application using third-party web resources.

As the victim attempts to access a web page, the page is transmitted with a payload (injected by the attacker and containing malicious JavaScript) as part of the html body.

XSS is also used by cybercriminals to steal cookies, log key strokes, collect network information, take screenshots, and gain access and control of the victim’s system. In order to prevent XSS attacks, developers should consider sanitizing and validating user input data using HTTP requests before sending it back.

A recent report by SC Media showed that nearly 1 million WordPress Sites were attacked with the same payload, using XSS10.

 

9. Phishing & Spear Phishing Attacks:

Phishing attack is a type of cyber attack that takes place when emails, appearing to be from trusted sources are sent with the aim of obtaining personal information from recipients or influencing them to do something.

It may come in the form of an email attachment that loads malware into the victim’s computer, or a link to a malicious website that downloads malware into their computer or collects personal information.

Spear Phishing is a peculiar type of phishing where an attacker creates messages that are specifically targeting a particular victim.

The attacker researches properly and composes personalized and relevant messages.

Attackers falsify the “From” section of the email to make it look like it was sent by someone you know. Alternatively, they may clone a website to dupe victims into entering login credentials.

On July 15, 2020 a targeted phone spear phishing attack was launched on some twitter employees in order to mislead them and gain access to the internal systems8.

 

10. Eavesdropping Attack:

This type of attack takes place when network traffic is intercepted, enabling the attacker to get a hold of passwords, credit card details or other kinds of confidential user information sent over the network.

Eavesdropping can be done actively (hacker obtains information by disguising himself and sending queries to transmitters) or passively (hacker listens as message is transmitted over the network).

In 2015, owing to a bug in the open source code library AFNetworking, over 25,000 iOS apps were vulnerable to eavesdropping attacks9.

The best way to prevent eavesdropping is data encryption.

 

Conclusion

In order to defend against an enemy, it is important to understand the enemy and their strategies in the first place.

In this article, we have examined the most common attacks used by cyber-criminals to compromise information systems.

It is imperative that basic measures be put in place in order to guard against these threats.

These include: use of strong passwords, installing reliable antiviruses and regularly updating virus databases, proper firewall configuration and whitelisting, as well as continuous audits of IT systems.

 

References:

  1. https://timesofindia.indiatimes.com/gadgets-news/80-hacking-attacks-linked-to-bad-password-habits-report/articleshow/76234888.cms
  2. https://www.technadu.com/what-are-drive-by-downloads-why-you-should-be-careful/221698/
  3. https://us.norton.com/internetsecurity-emerging-threats-what-is-a-ddos-attack-30sectech-by-norton.html#:~:text=What%20are%20distributed%20denial%2Dof,the%20website%20or%20service%20inoperable.
  4. https://threatpost.com/ultimate-mitm-attack-steals-1m-from-israeli-startup/150840/
  5. https://portswigger.net/web-security/sql-injection
  6. https://securityboulevard.com/2020/06/sql-injection-attack-a-major-application-security-threat/
  7. https://portswigger.net/web-security/sql-injection
  8. https://www.bbc.com/news/technology-53607374
  9. https://www.dynamicnetworksgroup.co.uk/resources/news-and-views/may-2019/cyber-security-spotlight-eavesdropping-attacks/
  10. https://www.scmagazine.com/home/security-news/vulnerabilities/900000-wordpress-sites-attacked-via-xss-vulnerabilities/
  11. https://app.pluralsight.com/course-player?clipId=6f6c6a3f-af4d-4bdf-a4cf-8dce342a4209
  12. https://app.pluralsight.com/course-player?clipId=f65d3c8b-3f4e-40e9-ac90-f443dae2867c

Leave a Reply

Your email address will not be published. Required fields are marked *