What are the Most Common Types of Cyber Attack?
The growth of the internet has created so many effective ways for businesses to expand and for people to connect with one another. However, it also brings increased cyber security risks. Cyber criminals use various types of cyber attacks to exploit vulnerable systems and susceptible people.
Hackers who steal your personal information may use it to commit identity theft or hold it for ransom, which is damaging for anyone. The consequences can take years to rectify and have severe emotional and financial impacts on individuals and businesses alike. Therefore, it’s crucial that you understand the most common cyber attacks and how to avoid them.
What is a Cyber Attack?
Cyber attacks are an attempt to disrupt or gain access to an individual’s, or a business’s, system or data. Hackers carry out cyber attacks by using malicious programs, deceptive files, and fake web pages to infiltrate systems and online accounts.
There are three common motives behind cyber attacks:
1. Financial gain
This is the most common motive. If a hacker acquires your passwords and other personal information, or successfully installs malware on your computer, they can commit identity theft to access your money. They may also use it to commit further crimes. For example, money laundering, selling your information to other cyber criminals, or blocking it until you pay a ransom.
A recent example is the ransomware attack on the NHS in 2017, which encrypted data on infected computers across the NHS. The malware stated that the user would lose access to the files forever unless they paid a ransom fee. Fortunately, the cyber attack did not succeed in stealing patient data and the NHS did not pay any ransom, but the attack led to major disruptions that cost valuable time and money.
Hackers might also use your profiles to post spam and attack other accounts for further financial gain. Additionally, they may attack on a larger scale to commit fraud, such as sending invoices to businesses that look like they are from a legitimate supplier
2. Political or social agenda
Many hackers carry out cyber attacks to access and leak data that helps push their own political or social agendas, or, more commonly, to damage those of others.
These ‘hacktivists’ often look for data that harms their target’s reputation or campaign. Their targets may be a public business, government, other political body, or a single individual. However, not all of these types of attacks seek data. Some aim to temporarily or indefinitely shut down networks or systems. These types of cyber attacks are known as Denial of Service (DoS) attacks, and commonly target governments and political bodies.
Hacktivists can stand anywhere on the political spectrum, from far left to far right, and everywhere in between. For example, some hacktivists focus on bringing down terrorist websites, while others may be members of a terrorist group themselves.
3. Intellectual challenge
Some hackers carry out cyber attacks purely for the challenge and seek no criminal gain. These types of hackers often take on the role of a ‘white hat’, or ‘ethical’, hacker, by helping companies implement and test data security measures to prevent cyber attacks.
For example, following the cyber attack on the NHS, NHS Digital employed ethical hackers to test and improve their cyber defences. Reportedly, the person who helped the NHS recover from the attack was also a white hat hacker.
Whatever the motivation, cyber attacks are damaging and dangerous, even those that ethical hackers commit. Many of them go on to sell the software they created while hacking for sport, allowing other hackers to commit serious cyber crimes.
The Most Common Categories of Cyber Attacks
Over time, hackers have developed various types of cyber attacks to achieve different aims. These are the six most common categories:
Malware (i.e. ‘malicious software’) is one of the most common and oldest forms of cyber attacks. It refers to harmful programmes and software, such as Trojans, viruses, and worms. These allow a hacker to access or destroy data on the infected system.
Hackers often spread malware by disguising it as a downloadable file, such as a Word document, PDF, .exe file, etc. They usually attach them to emails or have download links on websites in a form that looks legitimate.
In order to infect your system, malware requires you to click and allow the download. It can only access your computer with your approval. Therefore, you can easily avoid it by only downloading files from trustworthy sites or senders.
Once malware is on your system, the hacker can access your data in numerous ways. For example, some can monitor keystrokes, activate webcams, or remotely take control of your machine. Ransomware is also a common form of malware, which locks your data and demands payment.
Similar to malware, phishing involves tricking the user into clicking false links. The hacker may send you an email that states your account requires urgent attention and directs you to a fake login page. The fake site captures any personal data you enter, which the hacker can then use to log into your actual account.
Phishing can also happen over social media, where hacked accounts share links via a status update or private message. This type of phishing is often effective, as users are likely to trust links sent by people they know.
Whatever platform hackers use, phishing messages usually incite curiosity or panic to bait vulnerable users. You can avoid phishing attacks by being wary of such messages. Always keep in mind that your bank will never contact you for personal information. Furthermore, Google accounts shouldn’t ask you to re-enter your login details if you’re already logged in.
3. Denial of Service (DoS)
A denial of service attack involves the hacker flooding a website with more traffic than the server can handle, which causes it to overload and shut down. They do this by sending a high amount of connection requests to the site from their own computer, or from several that they hacked remotely. If they use more than one, it is known as a Distributed Denial of Service (DDoS) attack.
Hackers usually carry out DoS attacks for political or social motives, rather than financial, as they cause disruption and confusion for the site owners.
4. Password attacks
Password attacks involve the hacker running a program on their system that tries to systematically guess users’ passwords. The two most common types of password attacks are dictionary attacks and brute force attacks. Dictionary attacks try common ‘dictionary’ words and letter combinations, whereas brute force attacks attempt every letter and number combination possible.
Password attacks differ from malware and phishing because they don’t require you to do anything, except have an easy-to-crack password. After a certain amount of trial and error, a dictionary attack may land on your password and access your account if it’s simple enough. If you use a unique combination of words and numbers, it will struggle to hack it. However, a brute force attack will eventually get your password no matter what, although it will take a long time to guess longer, unique passwords (for example, not 123456).
Therefore, it’s important that you follow password security guidance to come up with passwords that are difficult to hack.
5. Drive-By Downloads
This type of attack requires users to visit websites with vulnerabilities that hackers have exploited. For example, those in programmes like Java and Adobe. By visiting the site, the user unknowingly allows a hacker’s harmful code to download onto their system. This code enables the hacker to then send further downloads to hack your data.
To avoid this, make sure you only visit secure sites and keep your software up to date. Avoid downloading browser add-ons and plugins.
6. Man in the middle (MITM)
Hackers carry out MITM attacks by exploiting non-encrypted wireless connections. If you connect to a public WiFi network and then log in to pages or communicate with a service, a hacker may be able to intercept this connection by impersonating the users and manipulating both to divulge personal data.
The simplest way to prevent this type of attack is to avoid using non-encrypted wireless connections, particularly if you plan to log into a site or share personal information. For example, if you log in to your email or use a customer service live chat. Although it’s tempting to use the free data available on trains and buses, stick to using your mobile data or avoid these types of activities altogether until you’re on a safe connection, e.g. your home internet.
Knowing that all these various types of cyber attacks exist can feel intimidating. However, you will now know what to look out for, meaning you can navigate the internet and set up your accounts securely. Good cyber security helps you, and your business, stay safe from identity theft and the other complications that cyber attacks can cause.
What to Read Next:
- Guide to Selecting Suitable Data Protection Methods
- Data Protection Online Training
- Cyber Security Quiz
- Cyber Security Online Training