A secure enterprise is a successful enterprise. Security threats are a massive burden for most organizations—but in spite of the fact that cyber attacks are continually becoming more sophisticated, many of them begin with the same weaknesses: user accounts. And that includes the credentials and login policies that are supposed to protect them
Most enterprises understand that there’s a link between identity and security, but few grasp how fundamental identity can be. Identity isn’t just a first step, it’s the foundation that modern security strategies should be built on.
This threat remains persistent across various industries. In 2020, there was a record amount of data stolen through breaches as well as an unprecedented number of cyber attacks on enterprises, government bodies, and individuals. This is not entirely surprising, however. With the ongoing adoption of remote work practices where organizations have had to extend their security perimeter to their employees as well as their devices and home networks, cyber criminals are increasingly focused on obtaining workforce credentials.
This is a trend that they have been cultivating over a considerable period, capitalizing on the extensive access they can obtain by compromising employee accounts. In fact, as reported by Verizon, a substantial 81% of data breaches entail the theft of credentials or the exploitation of weak ones, and a remarkable 91% of phishing attacks aim to obtain the same type of information. This underscores the significance of identity in bolstering security.
Another key consideration is that modern attacks make all enterprise applications critical from a vulnerability standpoint. With access to applications being requested from both inside and outside the enterprise network, all business apps become subject to cyber threats. Bad actors are capitalizing on this vulnerability through phishing and social engineering attacks, and internal users with malicious intent have the opportunity to misuse their privileges and compromise corporate data. This becomes an authorization issue, where users aren’t necessarily being given the right level of access. To get ahead of this issue, enterprises need a robust identity solution that can help manage authentication and authorization in a seamless and secure way.
Today’s cybercriminals are not part-time amateurs or script kiddies, but state-sponsored adversaries and professional criminals looking to steal information. While disruption and vandalism are still prevalent, espionage has replaced hacktivism as the second main driving force behind cyber attacks, after financial profit. Whatever the motive, many security teams are struggling to keep their IT systems secure.
Organizations experience daily cyber attacks. According to Check Point Research, the final quarter of 2021 witnessed a record high of weekly cyber attacks, averaging over 900 attacks per organization. Additionally, IT Governance reported a staggering 34.9 million records breached in June 2022 alone.
A study by RiskIQ estimated that cybercrime exacts a cost of $1.79 million every minute on organizations. These costs encompass both tangible and intangible losses, encompassing direct asset loss, revenue, and productivity, as well as the erosion of business trust, confidence, and reputation.
Cybercrime thrives on the efficient exploitation of vulnerabilities, and security teams face a perpetual disadvantage as they must defend all potential entry points. In contrast, an attacker only needs to identify and exploit one weakness or vulnerability. This inherent asymmetry greatly favors attackers, making it challenging for even large enterprises to prevent cybercriminals from capitalizing on network access. These networks often need to maintain open access and connectivity while safeguarding enterprise resources.
It’s crucial to note that cyberattacks aren’t limited to large organizations; cybercriminals will target any internet-connected device, regardless of size. Smaller businesses tend to employ less sophisticated cybersecurity measures.
Here are the 13 most damaging types of cyber attacks and how to prevent them
1. Malware attack
Malware, or malicious software, is an umbrella term used to refer to a hostile or intrusive program or file that is designed to exploit devices at the expense of the user and to the benefit of the attacker. There are various types of malware, but they all use evasion and obfuscation techniques designed to not only fool users, but also evade security controls so they can install themselves on a system or device surreptitiously without permission. Here are some of the most common types of malware:
- Ransomware. Among the most dreaded forms of malware, ransomware encrypts a victim’s files and then demands a ransom to provide the decryption key. In 2021, there was an 82% increase in ransomware-related attacks compared to 2020, with some of the most significant attacks impacting critical infrastructure and facilities.
- Rootkit. Differing from other malware, a rootkit is a set of software tools used to create a secret entry point into a victim’s device, enabling the installation of additional malware like ransomware and keyloggers or achieving control and remote access to other devices on the network. To remain undetected, rootkits often disable security software. Once established, a rootkit can be employed to send spam emails, join a botnet, or harvest and transmit sensitive data to the attacker.
- Trojan. A Trojan horse is a seemingly harmless program downloaded and installed on a computer but is actually malicious. Typically, this malware lurks in seemingly innocuous email attachments or free downloads. When users open the email attachment or download the free program, the concealed malware is transferred to their computing device. Once inside, the malicious code executes the tasks designed by the attacker, often leading to an immediate attack or creating a backdoor for future exploitation.
- Spyware. Spyware, once installed, monitors the victim’s internet activities, tracks login credentials, and clandestinely collects sensitive information without the user’s knowledge or consent. Cybercriminals employ spyware to obtain data such as credit card numbers, banking details, and passwords, which are then transmitted to the attacker. Notable targets have included Google Play users in South and Southeast Asia, and it is also utilized by government agencies in various countries. For instance, Pegasus spyware has been employed to spy on activists, politicians, diplomats, bloggers, research institutions, and allies.
2. Password attack
Despite their many known weaknesses, passwords are still the most common authentication method used for computer-based services, so obtaining a target’s password is an easy way to bypass security controls and gain access to critical data and systems. There are various methods attackers use to obtain a user’s password:
- Brute-force attack. An attacker can try well-known passwords, such as password123, or passwords based on information gathered from the target’s social media posts, like the name of a pet to guess a user’s login credentials through trial and error, while others deploy automated password cracking tools to try every possible combination of characters.
- Dictionary attack. Similar to a brute-force attack, a dictionary attack uses a preselected library of commonly used words and phrases, depending on the location or nationality of the victim.
- Social engineering. It is easy for a hacker to craft a personalized email or message that looks genuine to someone by collecting information about them from their social media posts. These messages, particularly if they are sent from a fake account impersonating someone the victim knows, can be used to obtain login credentials under false pretenses.
- Password sniffer. This is a small program installed on a network that extracts usernames and passwords that are sent across the network in cleartext. It’s no longer the threat it used to be as most network traffic is now encrypted.
- Keylogger. This secretly monitors and logs a user’s every keystroke to capture passwords, PIN codes and other confidential information entered via the keyboard. This information is sent back to the attacker via the internet.
- Stealing or buying a password database. Hackers can try to breach an organization’s network defenses to steal its database of users’ credentials to either sell the data to others or use it themselves.
A 2022 survey by Identity Defined Security Alliance found that 84% of respondents had experienced an identity-related breach. Recent high-profile examples are the successful identity-based attacks against SolarWinds and Colonial Pipeline. Verizon’s “2022 Data Breach Investigations Report” found 61% of all breaches involved exploited credentials.
2. Password attack
Despite their many known weaknesses, passwords are still the most common authentication method used for computer-based services, so obtaining a target’s password is an easy way to bypass security controls and gain access to critical data and systems. There are various methods attackers use to obtain a user’s password:
- Brute-force attack. An attacker can try well-known passwords, such as password123, or passwords based on information gathered from the target’s social media posts, like the name of a pet to guess a user’s login credentials through trial and error, while others deploy automated password cracking tools to try every possible combination of characters.
- Dictionary attack. Similar to a brute-force attack, a dictionary attack uses a preselected library of commonly used words and phrases, depending on the location or nationality of the victim.
- Social engineering. It is easy for a hacker to craft a personalized email or message that looks genuine to someone by collecting information about them from their social media posts. These messages, particularly if they are sent from a fake account impersonating someone the victim knows, can be used to obtain login credentials under false pretenses.
- Password sniffer. This is a small program installed on a network that extracts usernames and passwords that are sent across the network in cleartext. It’s no longer the threat it used to be as most network traffic is now encrypted.
- Keylogger. This secretly monitors and logs a user’s every keystroke to capture passwords, PIN codes and other confidential information entered via the keyboard. This information is sent back to the attacker via the internet.
- Stealing or buying a password database. Hackers can try to breach an organization’s network defenses to steal its database of users’ credentials to either sell the data to others or use it themselves.
A 2022 survey by Identity Defined Security Alliance found that 84% of respondents had experienced an identity-related breach. Recent high-profile examples are the successful identity-based attacks against SolarWinds and Colonial Pipeline. Verizon’s “2022 Data Breach Investigations Report” found 61% of all breaches involved exploited credentials.
3. Ransomware
Ransomware is now the most prominent type of malware. It is usually installed when a user visits a malicious website or opens a doctored email attachment. It exploits vulnerabilities on the device to encrypt important files, such as Word documents, Excel spreadsheets, PDF files, databases and critical system files, making them unusable. The attacker then demands a ransom in exchange for the decryption key needed to restore the locked files. The attack may target a mission-critical server or try to install the ransomware on other devices connected to the network before activating the encryption process so they are all hit simultaneously. To increase the pressure on victims to pay, the attackers often threaten to sell or leak data exfiltrated during the attack if the ransom is not paid.
Everyone is a possible target, from individuals and small businesses through to major organizations and government agencies. The attacks can have a seriously damaging impact on the victim and its clients. The WannaCry ransomware attack in 2017 affected organizations in over 150 countries, with the disruption to hospitals costing the U.K.’s National Health Service alone around $111 million. More recently, an attack on the meat retailer JBS Foods in 2021 caused meat shortages across the U.S. To avoid ongoing disruption, the company paid a ransom of $11 million, while Colonial Pipeline paid a $5 million ransom after a ransomware attack shut down one of the country’s largest pipelines. Ransomware is such a serious problem that there is an official U.S. government website called StopRansomware that provides resources to help organizations prevent ransomware attacks, as well as a checklist on how to respond to an attack.
4. DDoS
A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems.
2021 saw another large rise in the number of DDoS attacks, many of them disrupting critical infrastructures around the world; ransom DDoS attacks increased by 29%. Attackers are also harnessing the power of AI to understand what kinds of attack techniques work best and to direct their botnets — slave machines used to perform DDoS attacks — accordingly. Worryingly, AI is being used to enhance all forms of cyber attack.
5. Phishing
A phishing attack is a form of fraud in which an attacker masquerades as a reputable entity, such as a bank, tax department, or person in email or in other forms of communication, to distribute malicious links or attachments to trick an unsuspecting victim into handing over valuable information, such as passwords, credit card details, intellectual property and so on. It is easy to launch a phishing campaign, and they are surprisingly effective. Phishing attacks can also be conducted by phone call (voice phishing) and by text message (SMS phishing).
Spear phishing attacks are directed at specific individuals or companies, while whaling attacks are a type of spear phishing attack that specifically targets senior executives within an organization. One type of whaling attack is the business email compromise (BEC), where the attacker targets specific employees who have the ability to authorize financial transactions in order to trick them into transferring money into an account controlled by the attacker. The FBI’s Internet Crime Complaint Center said that BEC attacks made up the majority of incidents reported in 2021, accounting for 19,954 complaints and losses of around $2.4 billion.
6. SQL injection attack
Any website that is database-driven — and that is the majority of websites — is susceptible to SQL injection attacks. An SQL query is a request for some action to be performed on a database, and a carefully constructed malicious request can create, modify or delete the data stored in the database, as well as read and extract data such as intellectual property, personal information of customers, administrative credentials or private business details. SQL injection is third in the 2022 top list of the most dangerous weaknesses compiled by Common Weakness Enumeration (CWE) Top 25 and continues to be a common attack vector. PrestaShop, a developer of e-commerce software used by some 300,000 online retailers, recently warned users to update to its latest software version immediately as certain earlier versions are vulnerable to SQL injection attacks that enable an attacker to steal customer credit card data.
7. Cross-site scripting
This is another type of injection attack in which an attacker injects data, such as a malicious script, into content from otherwise trusted websites. Cross-site scripting (XSS) attacks can occur when an untrusted source is allowed to inject its own code into a web application and that malicious code is included with dynamic content delivered to a victim’s browser. This allows an attacker to execute malicious scripts written in various languages, like JavaScript, Java, Ajax, Flash and HTML, in another user’s browser.
XSS enables an attacker to steal session cookies, allowing the attacker to pretend to be the user, but it can also be used to spread malware, deface websites, create havoc on social networks, phish for credentials and — in conjunction with social engineering techniques — perpetrate more damaging attacks. XSS has been a constant attack vector used by hackers, ranking second on the CWE Top 25 in 2022.
8. Man-in-the-middle attack
A man-in-the-middle (MiTM) attack is where attackers secretly intercept and relay messages between two parties who believe they are communicating directly with each other, but in fact, the attackers have inserted themselves in the middle of the online conversation. The attackers can read, copy or change messages before forwarding them on to the unsuspecting recipient, all in real time. A successful MiTM attack can allow hackers to capture or manipulate sensitive personal information, such as login credentials, transaction details and credit card numbers.
9. URL interpretation/URL poisoning
A URL is the unique identifier used to locate a resource on the internet and tells a web browser how and where to retrieve it. It is easy for hackers to modify a URL to try and access information or resources to which they shouldn’t have access. For example, if a hacker logs in to their account at awebsite.com and can view their account settings at https://www.awebsite.com/acount?user=2748, they can easily change this URL to https://www.awebsite.com/acount?user=1733 to see if they can access the account settings of user 1733. If the awebsite.com web server doesn’t check if each user has the correct authorization to access the requested resource, particularly if it includes user-supplied input, then the hacker is able to view the account settings of user 1733 and probably every other user.
This type of attack is used to gather confidential information, like usernames, files, and database data or access admin pages that are used to manage the entire site. If an attacker does manage to access privileged resources through URL manipulation, it is called insecure direct object reference.
10. DNS spoofing
Hackers have long exploited the insecure nature of DNS to overwrite stored IP addresses on DNS servers and resolvers with fake entries so victims are directed to a hacker-controlled website instead of the legitimate one. These fake sites are designed to look exactly like the site the user was expecting to visit so they are not suspicious when asked to enter login credentials to what they think is a genuine site.
11. Botnet
A botnet comprises a collection of internet-connected computers and devices that are infected and controlled remotely by cybercriminals. Vulnerable IoT devices are also being used to increase the size and power of botnets. They are often used to send email spam, engage in click fraud campaigns and generate malicious traffic for DDoS attacks. The Meris botnet, for example, launches a DDoS attack against about 50 different websites and applications every day, having launched some of the largest HTTP attacks on record. The objective for creating a botnet is to infect as many connected devices as possible and to use the computing power and resources of those devices to automate and magnify the malicious activities.
12. Watering hole attack
In a drive-by attack, an attacker embeds malicious code into a legitimate but insecure website so, when anyone visits the site, the code automatically executes and infects their device without any interaction from the visitor. As it is hard for users to identify this type of compromised website, it is a highly effective way to install malware on a device. Cyber attackers have finessed this random attack by identifying sites that are frequently visited by users they wish to target, e.g., employees of a specific organization or even an entire sector, such as defence, finance or healthcare. This is called a watering hole attack. As the site is trusted by the victim, the malware may even be hidden in a file that they intentionally download from the site. The malware is often a remote access Trojan giving the attacker remote access to the target’s system.
13. Insider threat
Employees and contractors have legitimate access to an organization’s systems, and some have an in-depth understanding of its cybersecurity defenses. This can be used to gain access to restricted resources, make system configuration changes or install malware. It was widely thought that attacks by malicious insiders outnumbered those caused by other sources, but research in Verizon’s “2022 Data Breach Investigations Report” shows that 80% of breaches are caused by those external to an organization. However, some of the largest data breaches have been carried out by insiders with access to privileged accounts. For example, Edward Snowden, a National Security Agency contractor with administrative account access, was behind one of the largest leaks of classified information in U.S. history.
How to prevent common types of cyber attacks
The more people and devices a network connects, the greater the value of the network, which makes it harder to raise the cost of an attack to the point where hackers give up. Metcalfe’s law asserts that the value of a network is proportional to the square of its connected users. So, security teams have to accept that their networks will be under constant attack, but by understanding how different types of cyber attacks work, mitigating controls and strategies can be put in place to minimize the damage they can do. Here are the main points to keep in mind:
- Train your staff. One of the most common ways cyber criminals get access to your data is through your employees. They’ll send fraudulent emails impersonating someone in your organisation and will either ask for personal details or for access to certain files. Links often seem legitimate to an untrained eye and it’s easy to fall into the trap. This is why employee awareness is vital.One of the most efficient ways to protect against cyber attacks and all types of data breaches is to train your employees on cyber attack prevention and inform them of current cyber attacks.
- Vulnerabilities are either human- or technology-based, and according to a recent IBM “Cyber Security Intelligence Index Report,” human error was a major contributing cause in 95% of all breaches. Errors can be either unintentional actions or lack of action, from downloading a malware-infected attachment to failing to use a strong password. This makes security awareness training a top priority in the fight against cyber attacks, and as attack techniques are constantly evolving, training needs to be constantly updated as well to ensure users are alerted to the latest types of attack. A cyber attack simulation campaign can assess the level of cyber awareness among employees with additional training where there are obvious shortcomings.
- While security-conscious users can reduce the success rate of most cyber attacks, a defense-in-depth strategy is also essential. These should be tested regularly via vulnerability assessments and penetration tests to check for exploitable security vulnerabilities in OSes and the applications they run.
- End-to-end encryption throughout a network stops many attacks from being able to successfully extract valuable data even if they manage to breach perimeter defenses.
- Keep your software and systems fully up to date. Often cyber attacks happen because your systems or software aren’t fully up to date, leaving weaknesses. So cybercriminals exploit these weaknesses to gain access to your network. Once they are in – it’s often too late to take preventative action. To counteract this, it’s smart to invest in a patch management system that will manage all software and system updates, keeping your system resilient and up to date.
- Ensure Endpoint Protection. Endpoint protection protects networks that are remotely bridged to devices. Mobile devices, tablets and laptops that are connected to corporate networks give access paths to security threats. These paths need protected with specific endpoint protection software.
- Install a Firewall. There are so many different types of sophisticated data breaches and new ones surface every day and even make comebacks. Putting your network behind a firewall is one of the most effective ways to defend yourself from any cyber attack. A firewall system will block any brute force attacks made on your network and/or systems before it can do any damage, something we can help you with.
- Backup your data. In the event of a disaster (often a cyber attack) you must have your data backed up to avoid serious downtime, loss of data and serious financial loss.
- Control access to your systems. Believe it or not, one of the attacks that you can receive on your systems can be physical, having control over who can access your network is really really important. Somebody can simply walk into your office or enterprise and plug in a USB key containing infected files into one of your computers allowing them access to your entire network or infect it. It’s essential to control who has access to your computers. Having a perimeter security system installed is a very good way to stop cybercrime as much as break ins!
- Wifi Security. Who doesn’t have a wifi enabled device in 2020? And that’s exactly the danger, any device can get infected by connecting to a network, if this infected device then connects to your business network your entire system is at serious risk. Securing your wifi networks and hiding them is one of the safest things you can do for you systems. With wireless technology developing more and more everyday there’s thousands of devices that can connect to your network and compromise you.
- Access Management. One of the risks as a business owner and having employees, is them installing software on business owned devices that could compromise your systems. Having managed admin rights and blocking your staff installing or even accessing certain data on your network is beneficial to your security.
- Passwords. Having the same password setup for everything can be dangerous. Once a hacker figures out your password, they now have access to everything in your system and any application you use. Having different passwords setup for every application you use is a real benefit to your security, and changing them often will maintain a high level of protection against external and internal threats.
- Finally, security teams need to proactively monitor the entire IT environment for signs of suspicious or inappropriate activity to detect cyber attacks as early as possible — network segmentation creates a more resilient network that is able to detect, isolate and disrupt an attack. And, of course, there should be a well-rehearsed response plan if an attack is detected.
Sources :