This article describes about Types of cyber-attacks with examples.
In fact, cybercrimes increase day-by-day because it is perceived to be the easiest source of committing crimes. People with a lot of computer knowledge (software and hardware), but who are unemployed or do not have much money, frequently use the internet in a bit of a malicious way.
Today the internet has evolved into a global system essential to our daily life, global commerce and national security. With technology advances every day our society is becoming more connected than ever before. while these advantages make our daily life easier and also adding extra risk to our personal information. Most people do not think about their identities getting stolen when they make online purchases, check their email, or use social media.
However, some time we may put our personal information on the internet that leads address gets stolen. There are some cyber security techniques like Authentication, Encryption, Digital Signature, Firewall which will protect from cyber-attacks.
Cyber Threats is a specific methodology of a cyber security attack. You would have mostly come across malware, phishing, password Attacks, DDoS , Man in the Middle, Drive-By Downloads ,Malvertising , Rogue Software. According to statistics, businesses experienced 60% more attacks per week in 2021 compared to 2020. Last year (2021), the Log4J vulnerability was one of the major causes of an increase in malicious activity.
Types of cyber-attacks:
It has been reported that the credentials of close to 10,000 employees have been compromised in a sophisticated attack involving simple phishing kits. Last year, hackers accessed phone numbers and SMS verification codes of 1,900 users of end-to-end encrypted messaging app Signal because of a breach at communications giant Twilio.
Eight types of cyber attacks
Cyber Security Examples
-
Malware:
It is basically malicious code which was written by a hacker. It could go into your system, make configuration changes and eventually lead to some disruption in your assets.
Example: It could be your servers, laptop, mobile phone. Basic idea behind developing or creating this malware ideally to bridge the system to penetrate into the system. Either you make those systems unavailable, or you establish a covered channel from that system to somewhere where you can control the system. You can steal the data by controlling a covered channel.
-
Phishing:
It is a more social engineering type of attack this also mostly people would have experienced.
Example: whenever you open a mail you would have seen some mail from anonymous entity or unknown entity asking to click on a certain link, so extending that link it would lead to some other place or website which could potentially monitor your end assets. If it is asked to change some password or if you try to reset the password ,then password can be captured by an attacker so those kind of social engineering technique is generally called as phishing attack which uses one of this method as an email as a source .Mostly you get an email within a link from an unknown entity if you are not aware and click that most probably it would lead on a dangerous site which could monitor your system frequently.
-
Password Attacks:
It is a very simple straight forward mechanism.
Example : if someone is trying to even hack your Facebook account, they will try to do some sort of brute force attack against your user id if they know your Facebook user id and they will use some tools to identify possible password to your account they can run but an organization like Facebook would have had in a control at the back end to check if there are consecutive atoms it would block the password item. But generally, like end user system if the password is not complex if it is a weak there are chances to hack, then exploit tool could run against your user id and password database and can find the password matching to your user id.
-
Distributed Denial-of-Service (DDoS):
It is a very common attack which cannot be prevented because it is against your service.
Example: It would be we all intend to do our online banking so if you try to do a cash transfer, you try to log into application, but if the application is not available as a legitimate user your rights are denied. You cannot do your cash transfer so the purpose of the online bank banking is defeated so those kind of attacks are called denial of service attack ,where attacker could even get into the database and bring down those online banking application .so what happens you are denied to your legitimate rights to use that specific application or in some cases the if you are trying to access certain information it may not be available because that specific information data would have been down by an attacker.
-
Man-in-the-Middle:
It is more stealthy attack, likely between two established legitimate connectivity and malicious attacker would be sitting and watching the traffic or even some cases they could also manipulate the traffic.
Example: Let us take the same online banking example so I am initiating an online banking fund transfer. I have logged in with my user id and password and using the fund transfer page where I am initiating the fund transfer most probably this kind of web browser connection would have been protected using the Secure Sockets Layer (SSL) certificate you would have seen something like padlock kind of symbol which says that it is an SSL protector but still there are a skilled attacker who can get into the who can sniff those kind of traffic he would be sitting in between your browser communication to the banking server and he would monitor what you’re doing in some cases he would steal the password some cases he would redirect the transfer to his bank account.
-
Drive-By Download:
It’s likely that most of us would have done this without knowing in the sense.
Example : Would be visited certain websites and there would be some potential pop-up would be coming which you by mistake you have clicked and you would be seeing that the browser some long lengthy payload is operating right that’s nothing, but there is a malware code downloading at your system those kind of potentially dangerous downloads are clubbed as a drive by download attack because you drive that you visit those pages and then inverted in by mistake you click that or by mistake you try to by clicking you are going to another redirected page all these are all an example of drive by download attacks.
-
Malvertising :
it is mostly an annoying unsolicited advertisement appearing on legitimate websites.
Example: in IRCTC some of the advertisements are legitimately put in by the IRCTC sometimes you would see some kind of unsolicited advertisements appearing on the websites.
-
Rogue:
Rogue software is like impersonated software. You would mostly have a tendency to download some software for you know installing and doing some sort of work.
Example : Microsoft Excel people try to find out on a free version of the excel sheet or similar software for example they would be thinking that they are downloading actually the excel which is available freely there are some malicious websites where it would be displaying that these software are freely available you would want click the icon would be showing that it is an excel but beneath that you know there would be a rogue software developed by a hacker would be downloading at your machine.
Conclusion:
Types of cyber-attacks have been explained in detail. In India, the laws are well drafted and capable of handling all kinds of challenges posed by cyber criminals. However, enforcement agencies are required to be up to date with the changing technologies and laws.
Cybercrime is on the rise as internet technology advances. In times like these, we must take precautions against cybercrime. In my next article discussed some key point and guidance to protect our infrastructure from hackers.
