HOSTED NEWS
There are a lot of cyberthreats out there: different attack types and vectors designed to penetrate companies and home users cybersecurity.
While cybercriminals usually pursue specific goals like money, data, or disruption, they use a wide array of malware and vectors of infection to achieve these goals. Good cyber protection and cybersecurity solutions should be able to deal with all of these.
What is a cyberattack?
A cyberattack, on a high level, is a digital assault on a computer, smart device, or network. Cybercriminals use a variety of attack vectors and techniques to compromise and infect the system, and finally achieve their malicious goal.
It is important to distinguish mass and targeted attacks. Mass attacks are usually done via campaigns and involve an “as-a-service” scheme with a broad spectrum of victims. Campaigns can be spam, phishing, mass infection of legitimate sites, and so on. These kinds of attacks are automated and everyone can be a victim. On the other hand, targeted attacks are when the victim was specifically chosen and profiled in advance and such attacks are often performed manually. The most sophisticated targeted attacks are called advanced persistent threats (APTs) and these attacks usually involve many stages, can last for months, and are hard to detect.
All attacks include basic stages: preparation, infection, and post-execution. As you can imagine, if your security solution can’t react to some of these stages, there’s a high risk that the threat will be missed or detected too late.
Cyberattack techniques
Social Engineering
Social engineering is all about the human element. The attacker creates a convincing story that will trick the user into performing certain actions. This is the most dangerous and effective cyberattack technique today. People are always the weakest link in security, because if you’re creative enough you can convince people of doing practically anything. Social engineering can be combined with an account takeover and impersonation attack, making it very difficult to discover. For example, if your boss’s account is compromised, it will be difficult to verify that an email with instructions to open an attachment, was not sent by your boss. That is why even if you properly train your personnel regarding phishing scams, you still need to have a proper cybersecurity solution in place.
Password Attacks
A password attack is an attempt to obtain or use a user’s password with illegal intentions. Cybercriminals can use password sniffers, dictionary attacks, and cracking programs to get a user’s password. While largely useless with two-factor authentication in place, in some cases password attacks can be enough to get bad guys what they want. Password attacks can be prevented by simple common sense (do not tell anyone your password, do not write it down, do not use the same password on multiple services, etc.) and the usage of strong, long passwords or password managers.
Phishing and spear-phishing attacks
Phishing is a technique that employs fraudulent communications (emails, messages, SMS, and websites) that appear to come from a reputable source. The attacker impersonates legitimate service brands in other to use that inherent trust to trick people into sharing their credentials. For example, by creating a page that looks like the Office 365 web portal cybercriminals can steal user credentials in the background. It is a very popular attack technique and often goes hand-in-hand with social engineering. Phishing can lead you to disclose your confidential data (PII, financial data like credit card numbers, etc.), make you install malware, or visit an infected or malicious site.
Spear-phishing has the same goal but is specifically targeted to a person who is typically profiled over social networks in real-life before the attack. Spear-phishing is typically very convincing and hard to recognize unless detected by cybersecurity products.
Drive-by attacks
A drive-by attack is a stealthy and dangerous method of distributing malware. It’s also a good example you can point to with friends who argue against needing cybersecurity by saying “I don’t click on any links and don’t visit any shady sites”.
Typically drive-by works this way: cybercriminals utilize poorly configured or unpatched websites and inject malicious script into one of the pages. Once a user visits the website, this script will exploit a vulnerability in the browser or a plug-in and install malware into the computer. In most cases, these scripts are obfuscated and not easy to detect. These attacks are called drive-by because they don’t require any action on the victim’s part except visiting the compromised website.
Exploitation of a zero day vulnerability
A zero-day vulnerability is a software vulnerability that was not yet known to the vendor when it appeared in the wild and therefore has no patch available. Because of this, there are zero days available to protect yourself by patching. A zero-day vulnerability often comes with a zero-day exploit that can abuse the flaw. It is not easy to detect with average cybersecurity solutions as it requires deep system knowledge and constant monitoring of all applications. Eventually, every vulnerability becomes known, and the hole will be closed with a security patch. The problem is that sometimes it can take months, if not years.
SQL injection attacks
The Structured Query Language (SQL) is very often used in a servers, including web servers. SQL injection means that an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. For example, an attacker could carry out a SQL injection simply by submitting malicious code into a vulnerable website search box and receive all user accounts for this web application.
Cross-site scripting attacks
Similar to SQL injection, cross-site scripting (XSS) is a kind of injection breach where the attacker sends malicious scripts into content from otherwise reputable websites. It happens because poor configuration or vulnerabilities make it possible to attach code into web applications, the malicious code is bundled together with dynamic content that is then sent to the victim’s browser. The exploits can include malicious scripts in many languages including JavaScript, Flash, HTML, Java, and Ajax.
Malware attacks
A lot of cyberattacks involve malicious software (malware for short). As we already explained, malware can get into the system in a variety of ways: downloaded and launched by a user, silently installed through a drive-by, silently downloaded and executed via a vulnerability, and so on..
Man in the middle attacks
Man-in-the-middle (MitM) attacks occur when attackers intercept traffic in order to steal or modify transmitted data: namely login information, passwords, financial data, and so on. The attackers pose as a legitimate service and will pass all traffic like a proxy. These attacks typically take place on unsecured public Wi-Fi networks, where attackers easily can insert themselves between a visitor’s device and the network. Doing so they can install malware or redirect users to a malicious website. HTTPS is believed to help prevent these attacks but this is not true. Simple HTTPS encryption only secures the traffic to the server end, but does not verify the authenticity of the server endpoint.
Source: Acronis
