What is Cyberattack? It's Types and Real Life Examples.

-


 A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Cyber attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems. Any individual or group can launch a cyber attack from anywhere by using one or more various attack strategies.

How do Cyberattacks Happen?

Cyberattacks occur when an individual, group, or organized gang attempts to maliciously breach the security system of another person or organization. While this might prompt you to envision hackers breaking into an online banking system to steal billions, the most common example of a cyber attack is a data breach. Data breaches take place when hackers bypass a company or organization’s security and steal sensitive information. They use this information for extortion, to commit other frauds, or to sell it on the Dark Web. 

                  In 2021, the number of data breaches rose by a staggering 68%. But data breaches are only one of the consequences caused by cyber attacks. Attacks can be used to gain personal information and allow cybercriminals to commit identity theft. Or, they could be used by malicious groups to cripple an organization’s networks. 

Types Of Cyberattacks


1.)  Phishing Attack

 Phishing attacks are one of the most prominent widespread types of cyberattacks. It is a   type of social engineering attack wherein an attacker impersonates to be a trusted        contact and sends the victim fake mails. Unaware of this, the victim opens the mail and clicks on the malicious link or opens the mail's attachment. By doing so, attackers gain access to confidential information and account credentials. They can also install malware through a phishing attack. 

Phishing attacks can be prevented by following the below-mentioned steps:

  • Scrutinize the emails you receive. Most phishing emails have significant errors like spelling mistakes and format changes from that of legitimate sources.
  • Make use of an anti-phishing toolbar.
  • Update your passwords regularly.
Example:- Phishing Attack on WIPRO
 There were reports about an attack on the Wipro system by major online news portals.  Attack as per reported was a phishing attack and was done by a group through gift card fraud.
Even though the attack was not a massive one, many employees and client accounts were compromised. And the attack became notorious for one of the major Cyber Attacks on India.

LinkedIn Phishing Scam
Another big attack of 2021 was a phishing scam attack on the social networking site LinkedIn. LinkedIn is one of the biggest social networks where people connect with people of their related job profiles. This networking site accounts for 756 million members across 200 countries worldwide. The company was perturbed when the data of 500 million LinkedIn users were under a security breach. The data of these account holders were sold online. The attackers had sent these users fake job offering mail which forced them to click the link and instilling malicious software on their systems.

2.) Malware Attack

This is one of the most common types of cyberattacks. “Malware” refers to malicious software viruses including worms, spyware, ransomware, adware, and trojans. The trojan virus disguises itself as legitimate software. Ransomware blocks access to the network's key components, whereas Spyware is software that steals all your confidential data without your knowledge. Adware is software that displays advertising content such as banners on a user's screen. Malware breaches a network through a vulnerability. When the user clicks a dangerous link, it downloads an email attachment or when an infected pen drive is used. 

Let’s now look at how we can prevent a malware attack:

  • Use antivirus software. It can protect your computer against malware. Avast Antivirus, Norton Antivirus, and McAfee Antivirus are a few of the popular antivirus software.
  • Use firewalls. Firewalls filter the traffic that may enter your device. Windows and Mac OS X have their default built-in firewalls, named Windows Firewall and Mac Firewall.
  • Stay alert and avoid clicking on suspicious links.
  • Update your OS and browsers, regularly.
Example:- Malware attack on Kudankulam Nuclear Power Plant (KKNPP)
Authorities on October 20, 2019, confirmed that the nuclear power station in Kudankulam faced a cyber attack.  The attack was initiated by the North Korean hacker group- Lazarus. This attack was done to get information on thorium-based reactors, an alternative to uranium. Initially, National Power Corporation of India (NPCI) denied the hacking attack news but later they accepted that the hackers had hacked one of their systems. They used a malware named ‘Dtrack’ to get inside the company’s system through a couple of loopholes that persisted in their security systems.
 

3.) Man-in-the-Middle Attack

A Man-in-the-Middle Attack (MITM) is also known as an eavesdropping attack. In this attack, an attacker comes in between a two-party communication, i.e., the attacker hijacks the session between a client and host. By doing so, hackers steal and manipulate data. As seen below, the client-server communication has been cut off, and instead, the communication line goes through the hacker.

MITM attacks can be prevented by following the below-mentioned steps:

  • Be mindful of the security of the website you are using. Use encryption on your devices.
  • Refrain from using public Wi-Fi networks.
Example:- In 2017, credit score company Equifax removed its apps from Google and Apple after a breach resulted in the leak of personal data. It was found that the attackers were intercepting data, in the form of a man in the middle attack, as users accessed their accounts.
4.) SQL Injection Attack 

A Structured Query Language (SQL) injection attack occurs on a database-driven website when the hacker manipulates a standard SQL query. It is carried by injecting a malicious code into a vulnerable website search box, thereby making the server reveal crucial information.  This results in the attacker being able to view, edit, and delete tables in the databases. Attackers can also get administrative rights through this. 

To prevent a SQL injection attack:

  • Use an Intrusion detection system, as they design it to detect unauthorized access to a network.
  • Carry out a validation of the user-supplied data. With a validation process, it keeps the user input in check.

5.) Password Attack

It is a form of attack wherein a hacker cracks your password with various programs and password cracking tools like Aircrack, Cain, Abel, John the Ripper, Hashcat, etc. There are different types of password attacks like brute force attacks, dictionary attacks, and keylogger attacks.

Listed below are a few ways to prevent password attacks: 

  • Use strong alphanumeric passwords with special characters.
  • Abstain from using the same password for multiple websites or accounts.
  • Update your passwords; this will limit your exposure to a password attack.
  • Do not have any password hints in the open.
Example:- Back in August of 2021, the Canada Revenue Agency was a victim of a password cyber attack, whereas their online systems were shut down for several days, and over 5000 accounts were compromised! This was due to the technique called credential stuffing. This is where the hackers buy or steal users’ passwords from other sources and data breaches, and they use those passwords to try to log into the CRA accounts. 
6.) Denial-of-Service Attack

A Denial-of-Service Attack is a significant threat to companies. Here, attackers target systems, servers, or networks and flood them with traffic to exhaust their resources and bandwidth. When this happens, catering to the incoming requests becomes overwhelming for the servers, resulting in the website it hosts either shut down or slow down. This leaves the legitimate service requests unattended. It is also known as a DDoS (Distributed Denial-of-Service) attack when attackers use multiple compromised systems to launch this attack. 

Let’s now look at how to prevent a DDoS attack:

  • Run a traffic analysis to identify malicious traffic.
  • Understand the warning signs like network slowdown, intermittent website shutdowns, etc. At such times, the organization must take the necessary steps without delay.
  • Formulate an incident response plan, have a checklist and make sure your team and data center can handle a DDoS attack.
  • Outsource DDoS prevention to cloud-based service providers.
Example:- On Sept. 9, 2021, there was a huge cyber attack on the Russian Tech powerhouse, Yandex, and is believed to be the biggest DDoS attack ever seen. Yandex reported that their “experts did manage to repel a record attack of nearly 22 million requests per second (RPS). This is the biggest known attack in the history of the internet.”



Comments

  1. James Zicrov4 April 2023 at 12:44

    I appreciate you taking the time and effort to share your knowledge regarding cyber security. This material proved to be really efficient and beneficial to me. Thank you very much for providing this information.

    ReplyDelete

Post a Comment

Popular posts from this blog

What is Cybersecurity and Why it is important in today's time?

-
Image
     You must be hearing about cybercrimes these days like online fraud, leaking personal details online and blackmailing, etc. These crimes are increasing rapidly.  According to Indian Computer Emergency Response (CERT-In), the first two months of 2022 has reported more cybercrimes than the entire 2018. India reported 2,08,456 incidents in 2018 and 2,12,485 incidents in the first two months of 2022. Majorly, the cybercrime is increasing through Internet.  Thus, it is important to know what is cybersecurity.                    Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. Before moving further, lets know what are the types of cyber threats: 1.    Cybercrime:  Cybercrime is any criminal activity that involves a computer, networked device or a network. While most cybercrimes are carried out in order to generate profit for the cybercriminals, some cybercrimes are carried out against computers
Read more

RANSOMWARE

-
Image
 What is Ransomware  Ransomware is a type of sophisticated Malware which has been created for a specific purpose. If this Malware gets loaded in our computer system, then in a few seconds it will encrypt or lock all the files and documents and also prevent us from running our system. It is known that it comes to our computer or mobile only through Spam links or Email.  Types of Ransomware  If seen in today's era, these are mainly of two types. Which these attackers use to fulfill their purpose.  Encryptors  This is a special type of Ransomware which has been created using Advanced Encryption Algorithms. It has been made in such a way that it will completely encrypt your machine in no time. And it is almost impossible to open it without Encryption Key.  Lockers  This type of Ransomware is very dangerous which locks a user from running his own system. They directly lock the Operating System of your Computer System. So that you cannot access any Apps or other programs. Files are not e
Read more

Cyber Security

-
Image
  Role of Cyber Security in National Agency The role of cyber security is to protect digital assets, including networks, devices, and data, from unauthorized access, theft, or damage. Cyber security measures are designed to prevent cyber-attacks, detect and respond to security incidents, and ensure the confidentiality, integrity, and availability of digital information. National agencies hold sensitive information that is critical to the security and well-being of their countries. This information includes classified military intelligence, diplomatic communications, financial information, and personal data of citizens. If this information falls into the wrong hands, it could be used to harm the country, its citizens, or its allies. National agencies also operate critical infrastructure such as power grids, transportation networks, and communication systems. If these systems are compromised, it could lead to widespread disruption and even loss of life. For example, a cyber-attack on a p
Read more