If you’ve ever researched history’s famous fights. Then you’ll know no two are exactly the same. Nevertheless, similar strategies and tactics are often used in combat. As they are proven to be effective over time.
Likewise, when a hacker attempts to hack an organisation, they will not reinvent the wheel unless they have to: they will rely on standard hacking techniques proven to be highly effective. Such as ransomware, phishing, or cross-site scripting (XSS). Whether you’re trying to make sense of the latest news headline on data breach or analyzing an incident in your own organization. It can help you understand the various attack vectors that a malicious actor may be trying to cause harm. Here’s an overview of some of today’s most common kinds of attacks.
If you’ve ever seen an antivirus alert pop up on your screen. If you’ve wrongly clicked on a malicious email attachment, then you’ve had a close malware call. Attackers like to use malware to gain a foothold in computers of users— and therefore the offices in which they operate — because it can be so productive.
“Malware” refers to different forms of malicious malware, including viruses and ransomware. When malware is on your computer. It can cause all kinds of havoc, from taking control of your system to tracking your actions and keystrokes, to transmitting all kinds of confidential data secretly from your device or network to the attacker’s home base.
Attackers will use a variety of methods to get malware into your computer. But it often requires that the user take action to install the malware at some point. This may include clicking a link to download a file or opening an attachment that may look harmless (such as a Word document or a PDF attachment), but is actually hidden within a malware installer.
Chances are, of course, that you wouldn’t just open a random attachment or click on a link in any email that comes your way — there must be a compelling reason for you to act. Attackers too know this. When an intruder needs you to install malware or reveal sensitive information. They frequently turn to phishing tactics, or pretend to be someone or something else to get you to take an action that you wouldn’t usually do. Since they rely on human curiosity and desires, phishing attacks can be hard to halt.
An attacker can send you an email in a phishing attack that appears to be from someone you trust, like your boss or a company you are doing business with. The email will seem genuine, and it will have some urgency (e.g., fraudulent activity on your account has been detected). There is an attachment to open in the file, or a button to click on. When you open the malicious attachment, you will install malware on your computer thereby. By clicking on the link you will be able to send it to a legally-looking website requesting your login to a major file, unless it is actually a trap for recording your credentials when trying to log in.
It is essential to understand the importance of verifying e-mail senders and links in order to combat phishing efforts.
SQL Injection Attack
It is a programming language used to interact with databases. SQL stands for structured query language. Many of the servers that hold critical data in their databases use SQL to administer them. A SQL attack specifically targets this type of server and uses malicious code to obtain information that the server typically does not reveal. This is particularly problematic if the server saves information to the private customer on the website, for example credit card numbers, user names, passwords or other personally identifiable details that are enticing and lucrative targets for attackers.
An SQL injection attack uses one of the documented SQL vulnerabilities to execute malicious code on the SQL server. For example, if a SQL server is susceptible to an injection attack, an attacker can access a website’s search box and type code to force the SQL Server to discharge all the usernames and passwords stored on the site.
Cross-Site Scripting (XSS)
An attacker goes after a compromised website to access his stored data, such as user credentials or confidential financial data, in an SQL injection attack. But if the attacker wants to target the users of a website directly, they may choose to attack a cross-site script. Compared to an SQL injection assault, this assault involves the insertion into a website of malicious code but in this case, it does not target the website itself. Alternatively, when the attacker visits the targeted site, the malicious code invoken by him runs on the user’s browser and goes after the user directly, not the site.
Cross-site scripting attacks can seriously damage the reputation of a website by placing the information about the users at risk without any suggestion that anything malicious has even occurred. Any sensitive information that a user sends to the website— such as their passwords, credit card details or other private data— can be accessed via cross-site scripting without the website owners knowing that there was even an issue first.
Imagine being stuck on a one-lane country road in traffic, with vehicles back up as far as the eye can see. Usually this road rarely sees more than a car or two, but around the same time a county fair and a major sporting event have ended and this road is the only way tourists can leave town. The road cannot accommodate the immense amount of traffic, and as a result it gets so back up that almost nobody can leave.
Essentially, this is what occurs during a Denial-of-Service (DoS) attack on a website. When you overwhelm a website with more traffic than it was design to handle, you can congest the website’s server and the website will be unable to deliver the content to people who are trying to access it.
This can of course happen for innocent reasons, say if a massive news story breaks and the website of a newspaper is flood with traffic from people trying to find out more. But this kind of traffic overload is often malicious, as an attacker floods a website with an excessive amount of traffic to shut it down for all users.
In some cases, several machines execute such DoS attacks at the same time. This attack scenario is known as Distributed Denial-of-Service (DDoS) Attack. This type of attack can be even harder to overcome, as the attacker occurs simultaneously from many different IP addresses around the world, making it even more difficult for network administrators to determine the source of the attack.
Session Hijacking and Man-in-the-Middle Attacks
When you’re on the internet, your machine will have a lot of small back-and-forth interactions with servers around the world. That will let them know who you are and ask for specific websites or services. In return, if everything goes as it should, the web servers will address your question by supplying you the information. Whether you are actually browsing or logging into a website with your username and password, this process or session happens.
The session between your computer and the remote web server is given a unique session ID. Which should remain private between the two parties; however, an intruder can hijack the session by catching the session ID and posing as the requesting machine, allowing them to log in as an unaware user and gain access to unauthorized web server information. An attacker may use a number of methods to steal the session ID, such as a cross-site scripting attack used to hijack session IDs.
An intruder may also attempt to hijack the session and insert itself between the requesting device and the remote server, pretending to be the session’s other party. It helps them to intercept information both ways and is commonly refer to as a man-in – the-middle attack.
Users today have so many logins and passwords to recall that reusing credentials here. Also, there is a temptation to make life a little easier. While security best practices unanimously suggest that you have unique passwords for all of your applications and websites. Many people still reuse their passwords — a reality that attackers depend on.
When attackers have a list of usernames and passwords from a hacked website or service. They know that if they use the same credentials on other websites, they will be able to log in. Regardless of how tempting it might be to reuse your password, bank account. It favourite sports forum passwords. It’s likely that one day the forum will get hacked. Giving an intruder easy access to your email and bank account. Variety is key when it comes to credentials. Password managers are available and can be helpful when handling the various passwords you are using.
This is just a set of common types of attacks and techniques. It is not mean to comprehensive and attackers evolve and develop new methods as need; however, becoming aware of these types of attacks and mitigating them will significantly improve your security posture.