Scribd
Upload
201 views

Types of Cyber Attacks

Cyberspace provides a platform for cybercriminals to operate. Various types of cyberattacks threaten both individuals and organizations. Common cyberattack types include malware attacks, phishing scams, password attacks, distributed denial-of-service (DDoS) attacks, malicious advertising, man-in-the-middle attacks, brute force attacks, ransomware attacks, AJAX spidering, active/passive scanning, code injection, and SQL injection. Preventing cyberattacks is important, and understanding the different attack types is a first step towards prevention.

Uploaded by

baluchebolu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
201 views

Types of Cyber Attacks

Cyberspace provides a platform for cybercriminals to operate. Various types of cyberattacks threaten both individuals and organizations. Common cyberattack types include malware attacks, phishing scams, password attacks, distributed denial-of-service (DDoS) attacks, malicious advertising, man-in-the-middle attacks, brute force attacks, ransomware attacks, AJAX spidering, active/passive scanning, code injection, and SQL injection. Preventing cyberattacks is important, and understanding the different attack types is a first step towards prevention.

Uploaded by

baluchebolu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Today, cyberspace is the base platform for cybercriminals to carry out their operations.

With the introduction


of the internet at every level of the workplace, offices have developed a vulnerability that can be easily
exploited by online miscreants. Even the common man has not been spared by such entities. Reports of
hack attacks on individuals surface every day on print as well as the digital media.

Precaution is better than cure holds in the present scenario. Preventing such attacks from happening is the
best measure one can resort to. And the first measure towards preventing such attacks from happening is
knowing about the different types of cyber-attacks. So, keep reading to find out the various kinds of
cyber-attacks.

Malware Attacks
Malware is blanket-term which includes various threats like viruses, worms, Trojans, etc. These are the
self-executing codes designed to harm the victim’s system. Malware is introduced into the victim’s computer
using different means like email attachments, downloads from malicious sites, and even through infected
flash/pen drives. Once attached, they pry on the system’s vulnerabilities to further deteriorate the system’s
condition.

Phishing Scams
One of the oldest tricks in the book for cyber-criminals. In this case, a malicious link is sent to the target’s
email. Upon clicking, it directs the target to a phishing site (aesthetically similar to your email or social
network site) where the target is required to put in his sensitive credentials. The credentials, put in, are then
accessible to the hackers, and they may use them to their benefit.

Password Attacks
These attacks are targeted towards getting access to the victim’s passwords. The hackers employ different
techniques like brute force attacks, or running malicious codes, or using dictionary attacks to retrieve the
victim’s passwords. In the case of success of any of these methods, the password comes into the hands of
cyber-criminals. Using a strong password and changing passwords at regular intervals seems to be the only
defence against such attacks.

DDoS Attacks
Another type of cyber-attack used mainly against the corporates is the Denial of Services (DoS) attack. This
method involves transmitting a huge volume of traffic onto the victim’s network thereby disrupting the
service by overloading it. An even more dangerous attack is the DDoS (Distributed-Denial-of-Services) attack
where multiple computers are used to disrupt the services on similar lines.

Malicious Advertising
Ads are rampant on the internet. Malicious codes are inserted in such ads which are downloaded to your
system upon clicking. These ads are put on prominent sections on a web page prompting the users to click
on these ads. Such ads may even be present on popular or legitimate sites where the users are completely
unaware of the dangers that they lie.

Man-in-the-Middle (MITM) Attack


As the name says, a ‘man’ is present in between the endpoints and hence, any information entered by the
victims are available to these entities. Usually, present on transactional and business sites, the “man” can
snoop all your information and use it to their advantage. They may even impersonate your banking sites and
prompt you to fill in your sensitive data.

Brute Force Attack

A brute force attack involves 'guessing' usernames and passwords to gain unauthorized access to
a system. Brute force is a simple attack method and has a high success rate. Some attackers use
applications and scripts as brute force tools.

Ransomware Attacks

Ransomware is a type of malware (malicious software) used by cybercriminals. ... Attack vectors
frequently used by extortion Trojans include the Remote Desktop Protocol, phishing emails, and
software vulnerabilities. A ransomware attack can therefore target both individuals and companies.

Ajay Spidering

A spider is a tool that is used to automatically discover new resources (URLs) on a particular Site.
The Spider then visits these URLs, identifies all the hyperlinks on the page and adds them to the list
of URLs to visit and the process continues recursively as long as new resources are found. AJAX
Spider add-on integrates into ZAP a crawler of AJAX rich sites called Crawljax. You can use it to
identify the pages of the targeted site. You can combine it with the (normal) spider for better results.
The spider is configured using the Options AJAX Spider screen

Active/Passive Scanning

ZAP by default passively scans all HTTP messages (requests and responses) sent to the web
application. ... Active Scan: Attempts to find potential vulnerabilities by using known attacks against
the selected targets. You must perform an active scan only if you have permission to test the
application.

A client can use two scanning methods: active and passive. During an active scan, the client radio
transmits a probe request and listens for a probe response from an AP. With a passive scan, the
client radio listens on each channel for beacons sent periodically by an AP.

Code injection
Code injection is the exploitation of a computer bug that is caused by processing invalid data. The injection is
used by an attacker to introduce code into a vulnerable computer program and change the course of execution.
Code injection, often referred to as remote code execution (RCE), is an attack perpetrated by an
attacker's ability to inject and execute malicious code into an application; an injection attack. This
foreign code is capable of breaching data security, compromising database integrity or private
properties.
SQL Injection
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for
backend database manipulation to access information that was not intended to be displayed. This
information may include any number of items, including sensitive company data, user lists or private
customer details.

You might also like