Cyber Attacks 101 – A Pocket Guide

A Cyber attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to, or make unauthorized use of, a computer system. This can be anything from big servers to your smartphone and anything in between.

There are various forms of Cyber Attack. The following list are just examples:

  • Brute Force Attack/Dictionary Attack
  • Business Email Promise Attack
  • Click Jacking
  • Credential Stuffing
  • Cryptojacking
  • Data Breaches
  • Denial of Service (DoS)
  • Distributed Denial of Service (DDoS)
  • DLL Hijacking
  • Elevation of Privilege
  • Keystroke Logging
  • Ransomware
  • Social Engineering
  • Tracking.

Lets dig a little deeper into what these different forms of cyber attack are.

Brute Force Attack – This is where a cyber attacker is trying to gain access to a computer system, but does not know the precise credentials to use. Therefore the attacker will try all combinations of credentials (e.g. user name/password combinations) to eventually come up with the right combination. The longer and more complex passwords are, the longer it takes for an attacker to come up with the right combination. This is typically automated.

Business Email Compromise Attack – This is a form of cyber crime (abbreviated to BEC) which uses email fraud to attack commercial, Government and non-profit organizations to achieve a specific outcome which negatively impacts the targets organization. Examples of common BEC attacks include invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities. Often consumer privacy breaches occur as a results of a BEC attack.

Clickjacking – This is is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages. This is also classified as a User Interface Redress Attack, UI Redress Attack or UI Redressing.

Credential Stuffing – This is where a cyber attacker will attempt to gain access to a computer system (e.g. your favourite shopping website) using information often gained in data breaches. The attacker will typically try previously disclosed credentials en-mass to try to gain access. This is also typically automated, resulting in thousands of credentials being tried in a very short time. See also my blogs on Effective use of Passwords and Bot Based Credential Stuffing.

Cryptojacking – This is an online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of cryptocurrencies. It can take over web browsers, as well as compromise all kinds of devices, from desktops and laptops, to smart phones and even network servers. Like most other malicious attacks, the motive is profit, but unlike many threats it’s designed to stay completely hidden from the user and often uses tactics to detect when the system is idle (i.e. not actively in use) so as to mask its activity.

Data Breach – This is where a cyber attacker has gained access to a cache of information (typically an unsecured database of some form) and extracts private information. This could typically be user names, passwords, postal addresses, credit card numbers, medical records among many others. The purpose of data breaches is to gain access to private information so that it can be exploited in other cyber attacks, for example social engineering, credential stuffing.

Denial of Service (DoS) – This is a form of cyber attack that attempts to take legitimate services (e.g. game sites, shopping sites) offline by flooding them with requests. The flood of requests is so great that the host systems cannot cope with the inbound traffic, and either slow to a halt or crash totally. Think of this as being in a crowded/noisy room and you are trying to hear someone talking to you where even if they are shouting you cannot hear them. This form of attack is often perpetrated by criminals out to either destroy, or at the very least disrupt a service.

Dictionary Attack – This is a more refined form of Brute Force Attack (see above) where the attacker uses words and known substitution patterns to gain crack a password so as to gain access to a computer system. This is in contrast to a phrase attack.

Distributed Denial of Service (DDoS) – This is an evolution of a Denial of Service attack where the source of the traffic flooding a website is coming from multiple sources. A recent DDoS attack used a lot of unprotected IOT devices across the internet to send small loads of information, that are amplified by other systems that have a vulnerability that can be exploited by the attacker. A usual term associated with this method is ‘Bot Nets’.

Dynamic Link Library (DLL) Hijacking – This is where an original DLL file is replaced with a fake DLL file containing malicious code. Since DLLs are extensions and necessary to using almost all applications on your machines, they are present on the computer in different folders. There are priorities as to where the operating system looks for DLL files. First, it looks into the same folder as the application folder and then goes searching, based on the priorities set by environment variables of the operating system. Thus if a good.dll file is in SysWOW64 folder and someone places a bad.dll in a folder that has higher priority compared to SysWOW64 folder, the operating system will use the bad.dll file, as it has the same name as the DLL requested by the application. Once in RAM, it can execute the malicious code contained in the file and may compromise your computer or networks.

Elevation of Privilege – This results from giving an attacker authorization permissions beyond those initially granted by the user being attacked (e.g. a user may have low level privileges and the elevation gives administrator privileges). This is often achieved by exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. This is always the result of some form of cyber attack.

Social Engineering – The physiological manipulation of people to trick them into divulging confidential information that can be used to hack into websites and other computing resources. There are various forms of social engineering:

  • Phishing
  • Vishing
  • Smishing
  • Spear Fishing
  • Water Holing
  • Impersonating
  • Baiting
  • Tailgating
  • Whaling.

This is a whole subject in its own right, which we cover in Combating Social Engineering.

Key Loggers – This is a form of malware that records all the keystrokes you make on your computer. Typically the attacker is looking for usernames and passwords to gain access to computer systems, but this can also be used to capture private information. Key loggers can be delivered by various means, including a social engineering attack.

Ransom Ware – This is a form of malware that typically encrypts your files on your computer and forces you to pay the hacker (normally in some form of Crypto Currency) to provide the key to decrypt your files. In many cases there is no intention by the cyber criminal to provide the unlock code, and you will be left with a totally encrypted, and therefore useless. This form of attack often uses a social engineering method to implant the initial malware, or some other vulnerability within the computer system.

We have a whole blog explaining this method of attack and how to defend against it in What is RansomWare and How to Defend Against It.

Tracking – This is the collection of data regarding an individual’s identity or activity across one or more websites using a variety of techniques including tracking cookies, specially crafted URL’s, Browser Fingerprinting, redirects and hyperlink auditing. Even if such data is not believed to be personally identifiable, it’s still tracking. There are several forms of tracking, for example:

  • Cross-site tracking (tracking across multiple first party websites)
  • Stateful tracking (tracking using storage on the user’s device)
  • Covert stateful tracking (is stateful tracking which uses mechanisms that are not intended for general-purpose storage, such as HSTS or TLS)
  • Navigational tracking (tracking through information controlled by the source of a top-level navigation or a sub-resource load, transferred to the destination)
  • Fingerprinting, or stateless tracking (tracking based on the properties of the user’s behavior and computing environment, without the need for explicit client-side storage)
  • Covert tracking (includes covert stateful tracking, fingerprinting, and any other methods that are similarly hidden from user visibility and control).

Conclusion

This is just a quick look at the various types of cyber attack variants that appear with monotonous regularity. Sometimes you will see a chain of different cyber attacks coming together to achieve the objective. For example a Social Engineering attack might make someone give up their login details, which are then used once an attacker has gained access to low level account to elevate their privileges using either malware or other vulnerabilities.

Awareness is part of the solution, and knowing how to combat and avoid these forms of vulnerability are another. Software solutions, while assist, the majority of cyber attacks start with a user clicking on a link in an email, SMS or instant message and downloading some form of malware, or allowing themselves to be compromised by a social engineering attack.

We will be writing blogs and guidance on all the above in time, for the moment here is a list of useful blogs on this site that will get you started.

Malware specific guidance:

Related posts:

Also, keep an eye on our guidance section on combating malware.


Headline image provided by Image by Gerd Altmann from Pixabay

Comments are closed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: