The 6 Types of Cyber Attacks Everyone Should Know About
May 21, 2020
Long gone are the days when cybersecurity incidents were only related to computers that are infected with viruses. Today there are countless ways your computer, email, social media accounts, and even your IoT devices can be hacked. The more technology we use, the more we are vulnerable to hacking. Cybersecurity attacks are not only targeting individuals, but they are also targeting small businesses and big corporations. With the rise of the smartphone, attackers are trying to get access to the phone owner�s data.�� Cybersecurity is one of the major challenges that our world is facing, and more than ever the profession of cybersecurity experts is in demand.
There are many ways a hacker can get access to your smartphone, computer, or other IoT device, but the following few are well-known to cybersecurity experts.
Ransomware is a type of attack during which a computer is infected with malware and access to the computer and its files are being blocked. Such malware is usually received by email that is disguised as a normal email, often pretending to be a letter from a legitimate organization or even from a person you know. Once the malware is installed on the computer, it will prevent any access to the operating system and its files.
Some of the malware is easily removed by security experts, others are very sophisticated and almost impossible to be removed without paying the ransomware. Such malware was the WannaCry cryptovirus in 2017. The estimated number of computers that suffered the attack is to be close to 200 000 across 150 countries.
It is very difficult to trace the originator of malware because the ransomware is only to be paid in cryptocurrency, usually bitcoins, which is untraceable.
2. SOCIAL ENGINEERING AND PHISHING
Social engineering is another more sophisticated way of exploiting the vulnerabilities of a system. Through social engineering, hackers are trying to get access to passwords or credit and debit card numbers of either individuals or companies. As a common practice in social engineering, called phishing, attackers send out emails pretending to be CEOs of companies, bank associates, lawyers, or even utility companies. The emails look as they were really sent out from a legitimate organization, they might have the same text structure, logos, and they will be signed as if a person from the organization was really writing the email.
These kinds of attacks have increased dramatically in numbers in the past five years. They have also become much more personalized. While a couple of years ago such emails were sent out in bulk, today we see that some of the emails are addressed by first or last name. This personalization makes the phishing email looks more credible and makes it easier for a person to click on the link provided. Usually, those links will lead to a fake website that resembles the website of a legitimate organization. The user will be asked to enter their username and password, thus giving it away to the hackers.
3. BRUTE-FORCE ATTACK
Brute-force attack, unlike the previous two, is not sophisticated. This cybersecurity issue is trying to blindly guess the password of the use by trying all possible combinations. Password-guessing can work on virtually any password-protected account. Shorter passwords are easier and faster to guess than longer ones. This is the reason many websites ask new users to create passwords that are long and contain letters, symbols, and numbers.
Different algorithms are used during a brute-force attack, but at the very beginning, the hacker will try the well-known passwords like �password�, �password1234�, etc. Then he will continue with the so-called dictionary attack. The name comes from the notion that it uses words from the human language. Passwords that do not contain human-recognizable words, numbers, and symbols are harder to crack and while not impossible, it takes a lot of time to do so.
4. MAN IN THE MIDDLE
Another form of cybersecurity issue is the Man in the middle attack. Here, the attacker usually can hijack the messages between two parties so he will be able to see all the data that is passing between the two ends of a connection.
This is a very common attack on unencrypted WiFi access points, and it is also one of the reasons why it is not advisable to enter sensitive information on publicly accessible open WiFi networks.
As the name suggests, spyware is a type of malware that is capable of spying on the computer on which it is injected. This type of malware can be left unnoticed for a long time, and that is why it can bring more damage to the owner of the computer than any other type of malware.
A botnet is evolving alongside the development of the Internet of Things. A botnet is called the network of connected devices that have been infected with malware.
Each device, or the bot, can be controlled by the hacker. Cheap devices with no or low-security standards are prone to botnet attacks.