- March 25, 2019 at 15:22 #2347
A cyber attack is an intentional malicious attempt to attack, damage or illegally access information systems for some benefit or ulterior motives.Recently, the gross volume of cyber attack instances have increased. This can be associated with the mass migration to digital platforms as a result of constantly evolving technology. Making computing systems lucrative targets for hackers. Business systems are particularly very vulnerable because of the ransom involved. The most common cyber attacks include:
1. Password attacks
Passwords are the most popular type of authentication to computer information systems, computer networks, personal computer devices or infrastructures. A person’s password can be obtained through:
- Guessing probable words. This can be done in either one of two ways. First, using a dictionary of common passwords where an encrypted file is copied and the same encryption applied to the dictionary for comparison. Alternatively, trying different passwords especially related to the person’s name, birthday, pet , job title among others hoping one works. It is called the brute-force method.
- Looking over the shoulder as a person keys in the password
- Looking around the person’s desk since some people actually write on sticky note pads or post its and stick it on the desk or computer itself
- Using social engineering
- Accessing a password database
- Hacking the connection to a network for unencrypted passwords
The best way to deal with this is to implement an account lockout policy, which basically blocks an account after a couple incorrect passwords.
2. Malware attacks
Malware is derived from the two terms “malicious software”. There are different types of malware:
Usually, they come in form of a link or email attachments. Once clicked, the malware is installed then it can:
- Disrupt some components
- Make the system totally inoperable
- Transmit data from the hard drive
- Instal addition risky software
- Block access to major components
To prevent malware attacks, you can adapt practices such as getting rid of outdated software, keep internet activity active, log out when you’re done, upgrade your password among others.
3. Phishing attacks
These also include spear phishing attacks. They are the offensive actions of sending fraudulent communication that seems to come from a trusted source, commonly via email. Phishing attacks have become increasingly infamous cyberthreats. The goal is to get personal data like credit card and login information or manipulate the victim to do something. It can be a link to a scam website that can trick you into handing over personal information or an attachment that loads dangerous software onto your device.
Hackers rely on technical tricks and social engineering to achieve this. In spear phishing, attackers conduct research of their target on social media or other platforms and create an email that is relatable to the user. This makes it very hard to identify as an attack or protect against it.
For example: they can see from social media that you love The Big Bang Theory. So they will draft an email claiming to give you full access to watch all the episodes of the series, actually for free with only the click of a single link. As a fan, you end up clicking the link without giving it any further thought. Techniques that scammers use include:
- Website cloning
Here they copy legitimate websites to trick you into entering login credentials or personally identifiable information, abbreviated as PII
- Email spoofing
They impersonate a trusted source like a partner, a loved one or your management and falsify the “From” section of the email, making it appear as if it’s an email from a person you know well.
To defend yourself against such attacks you can practice some of the following:
- Carefully examine email headers
The “Return-Path” and the “Reply-to” parameters should lead to the same stated domain.
- Critical thinking
Take your time and analyze every unread email in your inbox. In addition, decipher the URLs of the links.
Test the content of the email in a sandbox environment.
- Hovering over suspicious links
Drag your mouse over the link but do not click. See where it could take you.
4. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
DoS and DDoS attacks are meant to exhaust resources and bandwidth by overwhelming servers, systems or networks with traffic. DDoS use botnets to achieve this. Botnets are a network of computers infected with malware, which can be operated as a group without the owners’ knowledge. They can be mitigated by:
- Black hole filtering
Drops unwanted traffic before it enters a protected network.
- RFC3704 filtering
Ensure traffic is traceable to its correct network source and reject traffic from spoofed addresses.
Unlike most attacks, attackers don’t benefit directly from it and usually use this attack to sabotage a system and launch another attack. There are different types of DoS and DDoS. Among them are:
5. Teardrop attacks
They cause confusion and subsequently crash a system. This is done by overlapping the length and fragmentation offset fields in sequential Internet Protocol (IP) packets.
- TCP SYN flood attacks
The system becomes unusable when the connection queue fills up.Hackers manipulate the function of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. This system is flooded with minute in-process queue with connection requests, it replies to these requests but are not responded to and times out waiting for a response.
To prevent this, you can decrease timeouts on connections, increase the size of connection queues or place servers behind a firewall configured to stop inbound SYN packets
6. Smurf attacks
They generate huge amounts of network congestion. ICPM echo requests originating from a seemingly spoofed victim address targeted at broadcast IP addresses are used. IP spoofing and the ICMP saturate the system with traffic.
To counter such attacks, you need to configure the end systems to defend them against responding to ICMP packets from broadcast addresses. Secondly, you can disable IP-directed broadcasts at their routers. This disables ICMP echo broadcast requests at network devices.
7. Ping of death attacks
Causes systems experience buffer overflows among other crashes reassembling IP packets. The maximum IP size is 65,535 bytes. Attackers use IP packets to ping systems with an IP size exceeding this limit, resulting in fragmentation of the packet. These attacks can be stopped by getting a firewall that will check fragmented IP packets for maximum size.March 25, 2019 at 17:27 #2350
we still need to figure out the threats and the difficulties in our actual life, and now we have to be aware about the other threats that comes from the cyber world.
great information!March 25, 2019 at 18:07 #2351
Great article. There are many ways we can adapt to prevent these threats. The most and recommended one is you should avoid replying or clicking on the link send to your email. By clicking on these links, you will be giving hackers access to your personal data like password among others.April 1, 2019 at 21:26 #2527
It’s been featured on our medium: https://medium.com/@cybersecurecentral/7-most-common-types-of-cyber-attacks-and-how-to-prevent-them-from-our-forums-ae4c127eeb68November 7, 2019 at 18:25 #5944
Extremely accurate and relevant article. I have to admit that I myself have fallen prey to a few these, back when I opted for using easily guessable personal information for passwords. I now admit humbly that this wasn’t a genius move. Yet, it has never gone as far as someone looking over my shoulder to try and catch my keystrokes. That would be next level idiocy on my part. In any case, good articles, great information, and further proof on the importance of cyber security and the need for caution.November 18, 2019 at 19:22 #6060
So many ways that people can penetrate systems and whisk away information and cause damage. I was barely aware of these attacks, and I am sure I am in the majority. In this day and age, cyber warfare is the real threat, and it is there every day. We need to all ride the wave and seek to be very well versed in the matter.November 23, 2019 at 22:05 #6122
I found the Ping of death to be quite amusing, and the fact is that articles like this are extremely important, as they details types of attacks that are seen every day, yet the majority don’t know how to deal with them or what they are. If we’re being realistic, how many people really know about smurf attacks?November 25, 2019 at 22:08 #6151
Tear drop attacks, smurf attacks, weird names for weird types of attack I have never before heard of. That is what makes this a great article, as it has informed of things I otherwise had no clue about, and opened my eyes as to how far behind I am on all matters which relate to cyber security, and why I should I am to catch up.November 26, 2019 at 11:34 #6155
I like this article, because it touches on some very unique and technical methods that cyber criminals implement in their attacks, most of which I was unfamiliar with before I read it. The fact that I was able to learn so much and glean so much from it is evidence that, at least for me, it’s a very useful piece. Well done.
You must be logged in to reply to this topic.