Cyber attacks take various forms—depending on their intended outcome—that can range from preventing someone from legitimately accessing a system to futzing with data that you shouldn’t have access to. Let’s explore some common examples.
APT (Advanced Persistent Threat)
APT are very sophisticated, sustained attacks in which an attacker illegally accesses network for the purposes of stealing sensitive data over a period of time. These attacks are carefully planned and strategically targeted and require a high degree of resources. Because of this requirement, the perpetrator of an APT could ostensibly be a state-sponsored actor or a state itself. APTs can comprise espionage (state or corporate), hacktivism, or cybercrime (e.g., financial theft).
Denial of Service (DoS)
A DoS attack involves the deliberate preventing of legitimate users from accessing networks, computer systems, devices, or other resources (e.g., websites, email, banking). When a DoS attack comes from multiple systems, it is called a Distributed Denial of Service (DDoS). Because of the multiple attacker systems, DDoS attacks can be quite difficult to defend against.
Malware
A portmanteau of malicious software, malware is software specifically designed to cause deliberate damage to systems. Typical types of malware include:
- Viruses act like actual physical viruses, infecting systems and self-replicating to other systems.
- Trojan horses, like the eponymous historical horse, hide their true intent, disguising their malicious payloads for covert insertion into the intended target system. (e.g., DarkComet, Magic Lantern)
- Ransomware holds a system ransom, threatening to block access to a system, delete data, or publish embarrassing information unless a fee is paid, usually via untraceable digital currency. (e.g., Bad Rabbit, WannaCry)
- Spyware is designed to steal information about a user or organization.
- Adware often installs itself onto a system with the user’s knowledge for the purposes of generating revenue for its developer
Man-in-the-Middle
In a MITM attack, the attacker surreptitiously intercepts (and possibly relays, after select alteration/editing) communication between two people, potentially changing the intended message or merely eavesdropping on the conversation. MITM attacks can occur when an unsuspecting user joins an unknown WiFi hotspot in public (which could actually be malicious in nature). Endpoint encryption and the use of known WiFi access points can be used to mitigate MITM attacks. Successful MITM attacks can involve someone impersonating a trusted contact.
Phishing
Phishing (ph- [hacker L337 speak for f-] + fishing) involves an attacker attempting to fraudulently gather sensitive data (e.g., usernames, passwords, credit card information) by disguising him/herself as a known, trusted person via electronic communications (e.g., email, text/instant messaging). There are several types of phishing.
- Spear Phishing is phishing targeted against an organization or specific individuals within that organization.
- SMS Phishing/Smishing is phishing carried out via text messages. To protect yourself from Smishing attempts, avoid clicking unexpected links in SMS/text messages unless they are from a verifiable, trusted person and you know what the link contains.
- Vishing uses voice (often a phone call) to gain access to sensitive information. An unsuspecting victim might be willing to give up PIN and bank account numbers to someone appearing to call from their bank.
- Whaling is phishing directed at senior corporate executives and other high-profile targets such as senior government officials. These will often take the form of communications that these executives expect to see and deal with on a daily basis.
SQL Injection
SQL injection attacks are directed against database-driven websites (think anything with a “search” textbox). SQL commands can be entered into these systems and used to retrieve/modify database entries without proper authorization, including giving oneself full access to a system or stealing protected information. Having developers follow OWASP® procedures (e.g., the use of prepared statements, stored procedures, whitelisting input validation, and escaping all user-supplied input) can help mitigate SQL injection attacks.
Zero Day Vulnerability
Zero Day refers to a vulnerability that is unknown to the developers of a particular piece of software or antivirus creators. While this vulnerability may be unknown to the developers and public in general, it may be known to malicious actors and/or security researchers. Because it takes time to develop and distribute security patches, this creates a window in which attackers have time to exploit the vulnerability.
