initial idias 2

What is a Cyber Attack?

A cyber attack refers to an action designed to target a computer or any element of a computerized information system to change, destroy, or steal data, as well as exploit or harm a network. Cyber attacks have been on the rise, in sync with the digitization of business that has become more and more popular in recent years. (Fortinet, 2023)

(Fortinet, 2023)

Top 20 Most Common Types of Cybersecurity Attacks

1. DoS and DDoS Attacks

A DoS attack is when someone tries to stop a website or service from working by sending too many fake requests. This makes it so the website or service can't respond to real requests from users.(Fortinet, 2023)

A DDoS attack is similar but uses many infected computers to overwhelm the website or service. These attacks are called "denial of service" because they stop people from being able to use the website or service.(Fortinet, 2023)

DoS and DDoS attacks are different from other cyber attacks because they just want to stop the website or service from working. They don't try to steal or damage anything. Sometimes, attackers do this to help a business competitor or for other bad reasons.(Fortinet, 2023)

DoS attacks can also make the website or service more vulnerable to other types of attacks. To prevent DoS attacks, a firewall can be used to check if requests are real or fake. In February 2020, Amazon Web Services (AWS) was hit with a big DoS attack.(Fortinet, 2023)

2. MITM Attacks

A man-in-the-middle (MITM) cyber attack happens when a hacker intercepts the data being exchanged between two parties. The attacker secretly listens in on the conversation and can modify the messages being sent. The victim may not know that their messages are being altered or spied on.

To protect against MITM attacks, you can use encryption or a VPN to secure your communication.(Fortinet, 2023)

3. Phishing Attacks

A phishing attack occurs when a malicious actor sends emails that seem to be coming from trusted, legitimate sources in an attempt to grab sensitive information from the target. Phishing attacks combine social engineering and technology and are so-called because the attacker is, in effect, “fishing” for access to a forbidden area by using the “bait” of a seemingly trustworthy sender. (Fortinet, 2023)

4. Whale-phishing Attacks

A whale-phishing attack is so-named because it goes after the “big fish” or whales of an organization, which typically include those in the C-suite or others in charge of the organization. These individuals are likely to possess information that can be valuable to attackers, such as proprietary information about the business or its operations. (Fortinet, 2023)

5. Spear-phishing Attacks

Spear phishing refers to a specific type of targeted phishing attack. The attacker takes the time to research their intended targets and then write messages the target is likely to find personally relevant. These types of attacks are aptly called “spear” phishing because of the way the attacker hones in on one specific target. The message will seem legitimate, which is why it can be difficult to spot a spear-phishing attack.(Fortinet, 2023)

6. Ransomware

With Ransomware, the victim’s system is held hostage until they agree to pay a ransom to the attacker. After the payment has been sent, the attacker then provides instructions regarding how the target can regain control of their computer. The name "ransomware” is appropriate because the malware demands a ransom from the victim.(Fortinet, 2023)

7. Password Attack

Passwords are the access verification tool of choice for most people, so figuring out a target’s password is an attractive proposition for a hacker. This can be done using a few different methods. Often, people keep copies of their passwords on pieces of paper or sticky notes around or on their desks. An attacker can either find the password themselves or pay someone on the inside to get it for them.  (Fortinet, 2023)

8. SQL Injection Attack

Structured Query Language (SQL) injection is a common method of taking advantage of websites that depend on databases to serve their users. Clients are computers that get information from servers, and an SQL attack uses an SQL query sent from the client to a database on the server. The command is inserted, or “injected”, into a data plane in place of something else that normally goes there, such as a password or login. The server that holds the database then runs the command and the system is penetrated.(Fortinet, 2023)

9. URL Interpretation

With URL interpretation, attackers alter and fabricate certain URL addresses and use them to gain access to the target’s personal and professional data. This kind of attack is also referred to as URL poisoning. The name “URL interpretation” comes from the fact that the attacker knows the order in which a web-page’s URL information needs to be entered. The attacker then “interprets” this syntax, using it to figure out how to get into areas they do not have access to.(Fortinet, 2023)

10. DNS Spoofing

With Domain Name System (DNS) spoofing, a hacker alters DNS records to send traffic to a fake or “spoofed” website. Once on the fraudulent site, the victim may enter sensitive information that can be used or sold by the hacker. The hacker may also construct a poor-quality site with derogatory or inflammatory content to make a competitor company look bad.(Fortinet, 2023)

11. Session Hijacking

Session hijacking is one of multiple types of MITM attacks. The attacker takes over a session between a client and the server. The computer being used in the attack substitutes its Internet Protocol (IP) address for that of the client computer, and the server continues the session without suspecting it is communicating with the attacker instead of the client. This kind of attack is effective because the server uses the client's IP address to verify its identity. If the attacker's IP address is inserted partway through the session, the server may not suspect a breach because it is already engaged in a trusted connection.(Fortinet, 2023)

12. Brute force attack

A brute-force attack gets its name from the “brutish” or simple methodology employed by the attack. The attacker simply tries to guess the login credentials of someone with access to the target system. Once they get it right, they are in.(Fortinet, 2023)

13. Web Attacks

Web attacks refer to threats that target vulnerabilities in web-based applications. Every time you enter information into a web application, you are initiating a command that generates a response. For example, if you are sending money to someone using an online banking application, the data you enter instructs the application to go into your account, take money out, and send it to someone else’s account. Attackers work within the frameworks of these kinds of requests and use them to their advantage.(Fortinet, 2023)

14. Insider Threats

Sometimes, the most dangerous actors come from within an organization. People within a company’s own doors pose a special danger because they typically have access to a variety of systems, and in some cases, admin privileges that enable them to make critical changes to the system or its security policies.(Fortinet, 2023)

15. Trojan Horses

A Trojan horse attack uses a malicious program that is hidden inside a seemingly legitimate one. When the user executes the presumably innocent program, the malware inside the Trojan can be used to open a backdoor into the system through which hackers can penetrate the computer or network. This threat gets its name from the story of the Greek soldiers who hid inside a horse to infiltrate the city of Troy and win the war. Once the “gift” was accepted and brought within the gates of Troy, the Greek soldiers jumped out and attacked. In a similar way, an unsuspecting user may welcome an innocent-looking application into their system only to usher in a hidden threat.(Fortinet, 2023)

16. Drive-by Attacks

In a drive-by attack, a hacker embeds malicious code into an insecure website. When a user visits the site, the script is automatically executed on their computer, infecting it. The designation “drive by” comes from the fact that the victim only has to “drive by” the site by visiting it to get infected. There is no need to click on anything on the site or enter any information.(Fortinet, 2023)

17. XSS Attacks

With XSS, or cross-site scripting, the attacker transmits malicious scripts using clickable content that gets sent to the target’s browser. When the victim clicks on the content, the script is executed. Because the user has already logged into a web application’s session, what they enter is seen as legitimate by the web application. However, the script executed has been altered by the attacker, resulting in an unintended action being taken by the “user.”(Fortinet, 2023)

18. Eavesdropping Attacks

Eavesdropping attacks involve the bad actor intercepting traffic as it is sent through the network. In this way, an attacker can collect usernames, passwords, and other confidential information like credit cards. Eavesdropping can be active or passive.(Fortinet, 2023)

19. Birthday Attack

In a birthday attack, an attacker abuses a security feature: hash algorithms, which are used to verify the authenticity of messages. The hash algorithm is a digital signature, and the receiver of the message checks it before accepting the message as authentic. If a hacker can create a hash that is identical to what the sender has appended to their message, the hacker can simply replace the sender’s message with their own. The receiving device will accept it because it has the right hash.(Fortinet, 2023)

20. Malware Attack

Malware is a general term for malicious software, hence the “mal” at the start of the word. Malware infects a computer and changes how it functions, destroys data, or spies on the user or network traffic as it passes through. Malware can either spread from one device to another or remain in place, only impacting its host device.(Fortinet, 2023)

referencing 

Fortinet (2023) Top 20 most common types of cyber attacks, Fortinet. Available at: https://www.fortinet.com/resources/cyberglossary/types-of-cyber-attacks (Accessed: May 6, 2023).