Advanced Persistent Threat (APT)
An APT is a type of cyber attack where the intruder gains access to the network and remains undetected while they gather information and data. APT attacks are highly customized, with hackers targeting one specific company, often gaining access through phishing emails. They will make plans to determine how to infiltrate the network without being identified, maneuvering around security measures. Once they are in, attackers take their time planning their attack and mapping company data. These types of attacks are sophisticated in their approach and can lead to costly data breaches.
Business Email Compromise (BEC)/Email Account Compromise (EAC)
BEC and EAC attacks occur when hackers email a legitimate business account in an effort to receive wire transfers, payment, or other information. Often these attackers will have access to an executive’s email, or they will impersonate them through a spoofed email. Hackers will research potential targets and their organizations, and because the emails seem to be coming from CEOs or other executives, employees may be more willing to comply.
Cross-Site Scripting (XSS)
In an XXS attack, a third-party will target a vulnerable website, typically one lacking encryption. The goal is to inject malicious code into a web application of the site. Then, when a regular user accesses the website, the malicious script is delivered to the user’s browser or system. This script will cause unwanted behavior for the user, such as disrupting standard services or stealing their information.
Cryptojacking is a type of cyber attack that hackers use to mine for cryptocurrency. The attack works by attempting to install malware on the user’s device- whether it be a computer, tablet, or other device. Once installed, the cryptomining script works in the background of the user’s device. Hackers are essentially forcing the user to pay for the cryptomining process (which involves electricity and power for heavy computations) while making away with the payoff of cryptocurrency.
Distributed Denial of Service (DDoS)
In a DDoS attack, a hacker will attempt to overload a computer or network to block other traffic. In practice, malicious parties target servers and overload them with traffic. This large amount of traffic makes it impossible for the server to handle incoming requests from other, legitimate users. In turn, the website the server hosts slows to an unusable performance level or even shuts down.
A drive-by download attack is a dangerous type of cyber attack because it doesn’t require any action on the user end. Where typically, an individual will need to click a link, press download, or open a malicious email, a drive-by download passes on small pieces of code from a compromised website. All users have to do is visit a site and the code can be downloaded.
An eavesdropping attack occurs when a cyber criminal takes advantage of an unsecured network to access data. When someone on a computer, smartphone, or other device transmits information over a network, a hacker can intercept the data being sent and received if the network isn’t secure. This information being passed can include passwords, credit card numbers, and other confidential data.
Formjacking is a relatively new type of cyber attack, gaining attention in late 2018. This type of threat uses a complicated process to skim credit card information virtually. The attack works by injecting malicious code into a legitimate website’s payment form – typically e-commerce and banking sites. This code is meant to capture a user’s information as they submit the seemingly trustworthy form. The user’s data is then sent to the attacker’s servers.
Malware is an umbrella term that covers many of the other types of cyber attacks listed here. Viruses, worms, spyware, and more are all considered forms of malware. This cyber threat consists of installing unwanted programs or software that intentionally damages computers, servers, or networks. Ranging from denying access to programs, deleting files, stealing information, and spreading to other systems, malware has many different forms and can be particularly nasty.
A MitM attack works just like you would imagine – a third party interjects themselves in the middle of an interaction between a host and a client. This is often accomplished through a spoofed IP address, where the hijacker disconnects the client and requests information as if they were the host.
A password attack is any cyber attack that attempts to obtain a user’s password illegally. Criminals can use password sniffers, dictionary attacks, and cracking programs to decrypt and steal passwords. Passwords stored on computer systems are especially vulnerable to this type of attack, and hackers can use computer algorithms to crack passwords successfully.
Pharming is a type of cyber attack that sends users to fake websites designed to look like real websites. This is accomplished through a hacker infiltrating a computer system and installing code that redirects traffic. The result is that when a user types in a legitimate web address, they are redirected to a fake site that resembles the real thing. Then, hackers will either attempt to gain access to personal and financial information, or they will infect your computer with viruses, malware, or other malicious software.
Phishing attacks are a common type of cyber threat – one we’ve probably all seen. For this type of attack, cyber criminals will send out emails mimicking well-known and trusted sources. For example, a phishing email could be designed to replicate an email from Apple or Microsoft. This email will lead users to input their personal information, such as login credentials or financial information.
Ransomware is a type of malicious program that encrypts systems and networks. This type of cyber attack works by injecting itself into a system by way of a security flaw. Once the program is installed, it will start to encrypt the system – either in part or whole. Users will not be able to access systems or data that are encrypted until a “ransom” is paid to third parties. Ransomware can target anyone, and without a backup system in place, businesses are either left to pay or lose their data for good.
Smishing is a form of phishing that occurs over your phone, or more specifically, over text. Criminals will attempt to gain your personal information, such as your online passwords, your Social Security Number, and your credit card information. This type of cyber attack can be even more dangerous than phishing because people have learned to be suspicious of email links but may be more trusting towards text messages.
Social engineering is not a specific type of cyber attack but is used in many common types of attacks. This type of threat is essentially a method for attempting to deceive users into giving away sensitive information. This can occur on any platform, and malicious parties will often go to great lengths to accomplish their goals, such as utilizing social media info. Some types of attacks that use social engineering include phishing, BEC, MitM, and more.
Spear phishing attacks are a targeted form of phishing. Instead of sending out mass emails, this type of attack explicitly focuses on a single individual or organization. Similar to regular phishing attacks, spear phishing attacks will appear to come from trusted sources, like a coworker or boss. Because spear phishing is targeted, hackers can use personal information to gain your trust, like information gathered from social media.
Spyware holds to its name with this type of cyber attack sitting in the background, watching a user, and collecting data. It will track everything you do, collecting information and tracking your browsing habits. This is done without your knowledge, and once information is collected, that data is sent to a remote user.
An SQL attack is essentially data manipulation, implemented to access information which isn’t meant to be available. Essentially, malicious third parties manipulate SQL “queries” (the typical string of code request sent to a service or server) to retrieve sensitive info.
Supply Chain Attacks
In supply chain attacks, hackers target vulnerable applications, looking to change source codes to include malware. The overall goal is to pass this malware onto users. Because the apps are often trusted, legitimate software, they have the potential to impact a significant number of people. Anytime an individual downloads or uses a compromised application, there is the risk of malware.
Trojan malware attempts to deliver its payload by disguising itself as legitimate software. Using social engineering, users are tricked into downloading malicious software. Once activated, hackers can spy on you, steal your confidential information, or even gain backdoor access to your entire system.
Another form of phishing comes in the slightly differentiated vishing. Instead of using email, vishing uses phone calls or voice messages to trick users. The caller will pretend to be from a reputable company, such as a trusted bank, and request private data from the user. Similar to smishing, users may be more trusting towards phone calls than emails, which makes this type of attack especially dangerous.
Watering Hole Attacks
Inspired by predators who use watering holes to attack their prey in the real world, watering hole attacks are targeted attacks towards a group of specified users. In a watering hole attack, hackers will infect websites that the targeted users are known to frequent. The goal is to load a malicious payload from the infected sites onto a user’s computer, giving hackers access to the user’s network.
A zero-day exploit is a type of cyber attack that is carried out on the same day a vulnerability is discovered in a system, network, or software. Hackers usually find a point of weakness through other users online. If an individual notices a vulnerability, they often let the programmers know so they can fix it, as well as share the information online to warn other users. Criminals can take advantage of this warning to exploit the weakness before a fix has been created.
To learn more about protecting you and your business from cybersecurity threats, check out our Ultimate Guide To Cybersecurity!