In today’s digital world, cyber-attacks are an absolute certainty. While the basic types of attacks are still prevalent, new types of attacks have also metamorphosized, creating more monetary and physical destruction. Here are the Top 10 Cyber Security Attacks that are highly prevalent today.
The use of “passwords” is still the most popular way to authenticate a user. When an attacker tries all possible alphabet and number combinations to crack a password, that is a “brute force attack”. The attack is normally carried out by bots or computers. There are different tools that are used to perform brute force attacks like John the Ripper, Aircrack-ng, L0phtCrack, and RainbowCrack.
Brute force attacks are more successful if the length of the password is less. For example, a 8 character password can be cracked in a few seconds or a few hours using the tools mentioned. On the other hand, if the password is long and has more characters, it will take more time to crack it.
According to https://howsecureismypassword.net/, a 8 character password can be cracked within a few minutes to hours.
Did you know that – 5% of attacks in 2017 were due to brute force attacks?
Ways to prevent brute force attacks:
Since brute force attacks rely on weak and vulnerable passwords, it is good to follow the following tips to prevent them:
DoS or Denial of Service attack is probably the most commonly encountered type of attack in the digital world. In this, as the name indicates, the host is attacked and denied from serving genuine client requests. How is this done? DoS attacks can be made in many ways. One way is to bombard the server with unlimited requests such that the server finds it difficult to respond if many such attackers attack a system in a similar way the server will be brought to a standstill in a very short time.
The other way is to send malformed packets to the server. The server does not know how to react and crashes, sending genuine requests to be rejected. The other types of denial of service attacks are distributed denial of service attacks (DDoS), Smurf attacks, teardrop attacks, fraggle attacks, and SYN flood attacks.
Ways to prevent DoS attacks:
Even though it is tough to predict DoS attacks, these measures if taken, can reduce the intensity of DoS attacks:
A DDoS is similar to a DoS but is more large scale and more sinister in its workings. In a DDoS, instead of one attacker or a few attackers trying to overwhelm a system, there are multiple computers taking part to overwhelm the system and bring it down. A master computer gives directions to other slave computers, and they, in turn, will cripple systems or ruin major corporations.
There are different types of DDoS attacks, such as traffic attacks, bandwidth attacks, and application attacks.
Ways to prevent DDoS attacks:
While large scale, global DDoS attacks is difficult to predict there are again a few steps that can be taken to minimize its impact:
A ‘Smurf’ attack is a Distributed Denial of service attack that started to appear in the late 1990s. In a Smurf attack, the attacker makes use of the ICMP or the Internet Control Message Protocol to carry out their attack. These are the steps in a Smurf attack:
Ways to prevent Smurf attacks:
Since Smurf attacks are DDoS attacks, preventing them is similar to preventing DDoS attacks.
‘Social engineering’ may be the most passive, yet the most effective cybersecurity attack. It does not need excessive knowledge of cybersecurity tools or any other specialized knowledge of Information security.
A social engineering attack only needs a smooth and cunning individual to convince an innocent user to part with their bank account details, password details, and any other financial and personal information.
Ways to prevent a social engineering attack:
‘Dumpster diving’ is a different type of attack wherein the attacker gathers information about the victim by looking at the information that has been discarded in the dumpster or trash can. They then use this information and attack the user.
Information that can give an attacker clues may be passwords written down and discarded, access codes and even a calendar and organizational charts that may reveal more about an organization. This is the information gathering phase, which in turn can be used to attack the organization.
Ways to prevent dumpster diving:
Ways to prevent XSS attack:
The memory locations where data is stored are “buffers.” When we enter data for more than the data locations allocated, it spills over onto subsequent locations of memory. This is “buffer overflow” or “buffer overrun.” As an example, we can have
In this case, ‘C’ has been allocated only 7 bytes. But, since the word ‘INFOSECURITY‘ is more than 7 bytes, the buffer overruns into subsequent memory locations.
When this happens, the program starts corrupting other areas of memory and starts behaving strangely. It may also expose the personal information of the site and give hackers the key to exploit systems. Old programming languages such as ‘C’ and ‘C++’ are more prone to buffer overflow attacks.
Hackers study the code and make use of this vulnerability and cause the system to behave erratically or crash.
Ways to prevent buffer overflow attacks:
The act of hacking a website and redirecting users to a fake website is known as “Pharming”. In this case, users will not know that they have been redirected to a fake website. Banking sites and e-commerce organizations are popular targets of this type of attack.
Ways to stay away from “Pharmed” sites:
Alertness is the key to stay away from pharmed sites.
‘Keystroke loggers’ or ‘Keyloggers’ are another way of passively attacking a system. This is done by recording the keystrokes of a user and sending it to the attacker, who then uses the information to perform other large scale attacks. This surreptitiously stolen information can also be sold to other party criminals for malicious purposes.
‘Keystroke loggers’ are not totally illegal since they can be used by employers to keep tabs on employees, parents to keep tabs on children, and so on. But when it is done mischievously, without the knowledge of an unknown user, it causes monetary and personal damage to the user.
There are two categories of keystroke loggers – hardware and software. While the hardware keystroke logger has to be physically installed on the system, the software loggers can just be downloaded by clicking on a malicious link through text messages, email, or any social media site. The unfortunate part of keyloggers is that they do not make any difference in the functioning of a system and cannot be detected easily.
Ways to prevent and detect Keyloggers:
We have seen some of the most popular cybersecurity attacks. There will be more attacks as the days unfold, but it is our knowledge and determination that will keep them away!