-
saka
-
April 02, 2022
-
No Comments
Last updated: Sep 19, 2022
What are cyber attacks?
- Cyber attacks are conducted by individuals in order to gain access to a device that is not necessarily authorized for them.
- They do so with the intention of destroying or changing information, or to cause some sort of damage to a computer system or computer network.
- Cyber attacks might also disable or block a computer system or even potentially steal sensitive and important information.
- Those conducting cyber attacks don’t all look or act the same nor do they all have the same intention.
- A cyber attacker might be a group of people or an individual who wishes to gain, destroy or alter information.
- It is additionally imperative to note that cyberattackers are not always “outsiders” and can merely be an employee within an organization who has some sort of negative feelings towards their organization.
- These cyber attackers are called “cybercriminals”, referred to as “hackers” who have great computer skills who are able to design and conduct evil attacks.
Why do cyber attacks occur?
There are multiple objectives as to why cyber attacks might occur, more often than not with a malicious mindset. Three reasons why they might occur will be discussed in great detail.
Financial Gain:
- The first reason for conducting a cyber attack might be for financial gain.
- Majority of cyber attacks that occur are conducted by “hackers” or “bad actors” in order to gain some monetary reward.
- The attackers will steal private and sensitive information from individuals, for example confusing people into giving their credit card details, bank details or important and private information.
- Cyber attackers can then go on to steal money from their accounts as they have now gained access into their online banking or now know someone else’s credit card information thus are able to steal the money and use it.
- Moreover, cyber attackers might have a different motive in mind, for example, they might steal sensitive information, diable divides or lock computers so that those who “own” this information and these devices cannot gain access to their devices or information.
- The cyber attacker might go on to request ransom money in response to unblocking their devices or giving their information back.
- Usually people are so scared of losing their information or having it leaked that they are willing to do and pay whatever is necessary in order to protect themselves, their devices and retain all their private and personal information.
Disruption and Revenge
- The second reason for a cyber attack to be conducted by “bad actors” or “hackers” might be to cause some sort of detrimental disruption or get revenge over an individual or organization.
- Some hackers might wish to cause bad to others, releasing private information or stealing it for their own benefit.
- This in turn can cause damage to an individual or an organization’s reputation, making others no longer trust them or have any sort of belief in them, causing them to go on a downward spiral, possibly resulting in becoming bankrupt.
- These sort of attacks might be aimed towards government-run organizations.
- “Hacktivists” is a term coined for these types of attackers, who might be conducting attacks as a form of protest, rioting against a particular organization or group.
- Again, it is imperative to note at this point again that these attacks are not necessarily conducted by outsiders but can also be conducted by insider threats – employees within an organization with some sort of evil intent.
Cyber Warfare
- Cyber attacks are also likely to occur against governments from around the world, or various different countries in response to economic or political disputes; this is regarded as cyber warfare.
Common types of cyber attacks
There are various different cyber attacks that might occur against individuals or organizations and a couple of them will be highlighted in great detail.
- Phishing.
- Phishing is a type of cyber attack that involves hackers socially engineering messages that will make people want to open them.
- This could be in the form of emails, clicking on links or receiving whatsapps, sms or any message on a social media platform.
- Once the recipient clicks on the message, they land up mistakenly downloading malware.
- This type of attack attempts to steal the recipients data and information, including login details or bank account details.
- The attacker sends a message or email that looks trustworthy, often from an email address similar to that of one’s bank etc and tricks the recipient into clicking on the message or link.
This can result in so many negative consequences for the recipient, including someone stealing their money, using their credit card details or potentially even identity theft.
Two types of phishing techniques:
Although phishing might occur in multiple ways, 2 techniques will be highlighted; namely “email phishing scams” and “spear phishing”.
Email phishing scams:
- A hacker or “bad actor” will send thousands of the same email out.
- These emails are fraudulent and can gain access to great amounts of money and sensitive information.
- The hacker is aware that a lot of people won’t click on the link or email but it is for sure that a small percentage will, leading the attacker to succeed in his mission.
- The attacker is smart, he knows what lingo companies use, their logos and signatures, thus making the messages that he sends out seem very trustworthy and legit.
Spear phishing:
- Secondly, another type of phishing is spear phishing.
- This type of attack targets an organization or an individual.
- This differs from the previous type of attack which is more about reaching as many different random users as possible.
- This attack is targeted against someone in particular.
For example, an attacker might figure out one of the employees’ names and roles within an organization. The attacker might “act” as his manager and send an email to him. It looks legit so the employee trusts this message. The employee is requested to “log in” to see the document. This is how the hacker steals his details, gaining access into the organization.
- Man-in-the-middle
- Another type of attack is “man-in-the-middle”, or otherwise known as “MitM”.
- This is the type of attack where a hacker will place himself in between two people or institutions.
For example, an individual and their bank. The hacker will eavesdrop on two parties who are communicating or potentially even impersonate one of the parties. The intent behind this attack is to steal important and private data or information, for example credentials and credit card details.
Some tips on how to avoid man-in-the-middle attacks:
- Firstly, don’t connect to any WiFi, only those that you trust.
- It is human instinct to arrive in a foreign airport or be in a foreign country and go to a coffee shop to use their wifi.
- This WiFi is not protected by passwords and thus interceptors might be able to gain access to our information after we login and “accept” terms and conditions.
- Secondly, whilst using devices, pay careful attention to any notifications that might pop up, stating that a website is unsecure.
- Note these websites and don’t allow yourself to use them or go onto them as this could put you at great risk.
- Thirdly, when an application holding sensitive and private information is not in use, log out of it.
- Don’t allow websites to remember credit card details or allow banking apps to naturally remember login details, this is very dangerous and should be avoided at all costs.
- Lastly don’t use public networks, not even those in 5 star hotels when conducting transactions.
- Someone could be gaining access to your information and steal from you.
Denial-of-service attack (DDoS)
- This type of attack is conducted by overloading servers with data requests all at the same time. The server crashes as there are too many requests at once.
- Additionally, the attacker disrupts the network and normal traffic of information thus preventing anyone from using it normally.
- In other words, this type of attack is like a traffic jam, preventing people from getting to their destination normally.
How to notice a DDoS attack:
- An obvious way to identify this type of attack is noticing one’s system slowing down at an exceptional rate with no real meaning.
- However, since other things could be the reason for the slowing down, such as an actual spike in traffic coming in, it is necessary to use analytical tools to properly assess whether or not you or your organization are experiencing a DDoS attack.
For example, a sign of an attack might be a large amount of traffic (of information) coming in from one IP address or a singular IP range. This shows to be suspicious and could be someone conducting an attack.
- Secondly, if one notices traffic of information coming from various different people sharing the same behavioral profile, for example geolocation or web browser version. They could be working together and planning together to attack you or your organization.
- Thirdly, if traffic patterns are weird and are spiking at random times or consecutively, for example a spike every 20 minutes, this could be a sign of a DDoS attack.
Malware
- This type of cyber attack is in the form of evil software, aimed to attack systems and devices. There are various types of malware, for example: ransomware, Trojans and spyware.
- Malware is used by hackers to steal important and private information, potentially copy or mimic information, block access and turn functioning systems into no longer functioning ones.
Ransomware:
- This type of malware encrypts files, making them and the systems on which they rely completely futile and inoperative. This type of malware denies authorized users access into their systems and almost “kicks” them out.
- The attacker might demand ransom money in order to give the user their complete and full access back.
Trojans:
- This type of malware fools recipients into thinking a file is completely harmless and makes the file seem trustworthy.
How to identify a Trojan Virus:
There are various signs of malicious or evil software which might show proof that ones system or device has been attacked by a Trojan Virus.
- Firstly, if you notice your device performing badly, meaning it’s become very slow or crashing more often than usual, this might be a sign that your device has been infected.
- Secondly, if your device is acting strangely, meaning there are websites open and programs running that you didn’t execute.
- Lastly, another sign of this type of virus are pop-ups or spams, meaning lots of pop-ups are occurring when browning on your device and you might be receiving many email spams, much more than usual.
Spyware:
- This is a type of malware that actually installs itself onto devices.
- It monitors all online behavior without the permission from the users.
- It gains access into private and personal information which might be detrimental if leaked.
SQL injection
- This type of cyber attack is a code insertion technique, which hackers use in order to destroy information inside someone’s database.
- This is the most common type of hacking.
- This attacker can use this SQL injection to read private information, change data or destroy it.
Zero-day exploit
- This is a type of cyber attack that actually aims at attacking a software vulnerability or weakness.
- This weakness is not known by the antivirus vendors and thus the attacker can use this to his advantage. He notices the weakness, exploits it and uses it for an attack against an individual or organization.
- It is called a “zero-day” exploit as the hacker is aware of the weakness before the developer sees it and can fix it, thus leaving him with “zero days” to address the problem and fix it.
- This creates great problems for individuals and organizations as they are not even aware of the weakness to try to fix it, potentially resulting in a large set-back for them and hurting their reputation.
Who are the ones to conduct these zero-day attacks?
- Firstly, “cybercriminals’ ‘ might be the ones to design and conduct these attacks as they have one motivation in mind and that is money, they are wishing to be paid out a large sum of money in exchange for “taking back” their attack.
- Secondly, “hacktivists’ ‘ might conduct these attacks as they have a cause for which you are fighting. They are motivated to conduct these attacks in order to highlight their reason for fighting.
- Thirdly, “corporate espionage” might conduct these attacks. They are individuals who eavesdrop on organizations and attempt to gain knowledge about them, their existence and their people.
Lastly, countries and political members might attack another government or another country’s cyberinfrastructure, and this is regarded as “cyber warfare”, fighting with cyber!!
Example of Zero-day attacks:
In 2020, Zoom fell victim to a zero-day attack. Hackers were able to access devices that were running on earlier (or older) versions of Windows. This additionally could allow the hacker to take over the device as a whole and gain access to all the files on that device.
How to safeguard oneself against zero-day attacks:
- Ensure that you run only essential applications, ones that are not completely necessary, remove, so that you do not run into problems with it in the future.
- Use a firewall, this protects your device and data by configuring it.
- Educate employees and staff members about these attacks.
- Attacks can occur from human error, ensuring that all staff members are aware of the necessary security habits that will ensure they remain safe online and that they protect the sensitive, private and important information about the organizations in which they work.
Drive-by
- This is a type of cyber attack that simply occurs after a user uses a website that infects his or her device with malware.
- It is the unintentional download of evil code. It is not necessarily even after clicking on something, or opening something, simply by using the website it can occur.
3 reasons for drive by attacks:
- Firstly, the attacker might be wishing to spy on your whereabouts, stealing online login information or financial information.
- Secondly, the attacker might wish to destroy your device, to cause you lots of trouble and hard times.
- Thirdly, an attacker might wish to hijack your device.
Credential-based attacks
- This type of cyberattack occurs when a hacker will steal login details to illegally get into devices or computers in order to steal important information and in order to disrupt the usual runnings of an organization.
It is imperative to be aware of these attacks, and the signs that show when they might be occurring in order to protect yourself and your organization.