Cyberattacks are growing in numbers, and there is an urgent need of more robust cybersecurity measures to counter these attacks. We as programmers and IT professionals must be aware of the most common types of cyberattacks that occur in top organizations over the course.
The following sections explain in detail the different types of cyberattacks which may harm any system. The knowledge of these attacks is crucial to detect and prevent further attacks, and to form defensive strategies. So, let’s begin this chapter with some of the major types of cyberattacks.
1. Computer Virus
A computer virus or simply a virus is a malicious program that attaches itself to a resource in the system and becomes active when that file is shared or accessed within the system. It is similar to a biological virus, which needs a host to become active and cause harm.
Example
The Melissa virus was a computer virus that spread via email attachments during the middle of 1999.
2. Computer Worm
A worm is a malware program that is slightly different from a virus in functioning. It actually spreads by creating copies of itself when it is accessed, and this causes an increase in memory and boot usage.
The processing of the system slows down and this causes severe harm to the system.
Example
The ILOVEYOU worm was one of the first incidents of a computer worn which spread in the year 2000.
3. Trojan Horse
The Trojan or Trojan Horse is a malware program which is not identified by the user at first. It looks like a normal working file, but in reality, it is disguised as a resource. This is similar to the story of the Trojan horse tale of Greek Mythology, which is the basis of the name “Trojan”.
When opened, it installs itself on the system and transports information to dark servers across the network.
Example
The Zeus Trojan was the first Trojan that spread from 2007-09.
4. Computer Bombs
A computer bomb is a malware program that works like a time bomb, and it needs certain conditions in order for it to get into action. Unlike any other malware, it only activates once all conditions are met. The effects can include illegal access, deleting data, corrupting information, etc.
Example
A former employee can set a trigger bomb inside a program in the system to take revenge for his/her termination.
5. Email Spoofing
Spoofing refers to the activity of faking the identity and address of the sender of emails. This can take place by changing domain names, hiding address information, and using keywords like “critical” and “urgent” for the user to be trapped in these fake emails. Once active, they can cause a variety of damage to the system.
Example
During the 2010s, a string of emails related to the King of Nigeria appeared with a message of some kind of prize. This was called the 419 email spoof scam.
6. Laptop Trapdoor
This type of cyberattack includes using a backdoor strategy to pass important and unauthorized information to outside entities without the consent of proper authorities. This can involve any loopholes in the security systems to give such information to external agents.
Example
Many Intelligence agencies like RAW, CIA, and KGB have agents who work as secret agents and pass information about other nations to their agencies.
7. Denial-Of-Service (DOS)
This type of attack uses irregular and excessive traffic and redirections on a user’s webpage, thus restricting access to the main resources required by the user. This is mainly caused by visiting unauthorized websites and pages which can flood with lots of advertisements in a short time frame. It has an evolved model as well, which is known as Distributed Denial of Service (DDoS).
Example
The GitHub DDoS attack of 2018 resulted in a very heavy traffic of about 1.35 TBps. Although it was restricted to a small time frame, it showed how systems can be vulnerable due to small loopholes.
8. Man-in-the-Middle (MiTM)
This type of attack is characterized by the intervention of a third-party entity between a private network of users/nodes. This third-party entity can gain access to data and network assets, and this may lead to loss of data as well as illegal access.
Example
Firesheep was a self-made MiTM tool developed in 2010, which allowed users to hijack unencrypted cookies of other users on the network. These cookies had private confidential information of users, and this showed the need for a strict HTTPS protocol.
9. SQL Injection
This type of attack is characterized by the insertion of malicious SQL commands inside the website backend codework. This action leads to the website working without the user’s interference on its own. This can cause major harm to the user’s private information.
Example
The Heartland Payment Systems breach of 2008 was a major incident of SQL injection. The hackers got access to users’ credit card data from the company's database.
10. Cross-Site Scripting (XSS)
This type of attack is caused when an outside entity changes the script of the website, generally introducing malware into the script, mostly in the javascript file. This redirects the user to a malicious website and causes a variety of problems for the user.
Example
Sammy was a very prominent XSS malware that infected the Myspace storage and spread via user profiles in
No comments:
Post a Comment