IT staffs everywhere are struggling to protect ever-increasing attack surfaces from a growing number of attack types—making cybersecurity feel complicated and overwhelming.
While the number of specific bugs, viruses, bots, and exploits is seemingly beyond measure, they often fall within the same handful of attack types. By learning these types, you can begin to create a security detection and response plan to keeps your organization protected, regardless of the specific type of attack.
Ten cyberattack types to know:
A phishing attack takes place when a hacker impersonates a person or organization through email or text messaging in hopes of getting the recipient to provide personal or secure information such as passwords, credit card information, or login details. A phishing attack can also be used to get the recipient to install malware onto the device. According to research by Symantec, 1 in 2995 emails is a phishing attempt.
A phishing attack can be general—spray and pray—or specifically targeted at high-value employees like a CEO or employees in the finance department. For example, in 2017 the accounting departments at Facebook and Google were the targets of a phishing attack that involved fraudulent invoices, with the two companies losing $100 million before discovering the scam.
Defense: Because it targets people instead of technology, training is essential for employees to understand how to identify phishing attacks and how to avoid clicking on fraudulent links.
Malware is software used that's been downloaded onto your device without your consent or knowledge to disrupt, damage, or gain unauthorized use of a system. Oftentimes, it can be attached to useful applications like Word or Excel, which then executes the malware when the file is opened, such as the Dridex malware that uses macros in Microsoft Office to steal banking credentials.
According to the 2019 State of Malware Report, overall business detection of malware rose 79% from 2017 to 2018.
Adware, spyware, Trojans, macro viruses, and file infectors are just a few of the many types of malware that pose a threat.
Defense: Because malware can easily replicate and spread across the internet, a combination of anti-virus software, patching, firewalls, and user diligence are necessary to keep malware out of your network.
A subset of malware, ransomware is responsible for some of the most notable attacks of recent years.
A ransomware attack involves encrypting a device's data until the hacker is paid to release it, in effect holding the data for ransom. If the ransom isn't paid by a deadline, the hacker will often threaten to delete the data or release it to the public. The average cost of a ransomware attack is $133,000, which includes the ransom, downtime, and remediation costs.
The most infamous example of an attack was 2017's WannaCry, which infected hundreds of thousands of devices across more than 150 countries. Not only that, but it locked up computers and brought down essential services for critical functions such as hospitals, telecommunications, railway networks, and governmental offices.
Defense: In addition to the same prevention methods you use to protect against malware, it's important to perform data and system backups regularly so that you can regain access to your data without paying the ransom.
4. Distributed Denial-of-Service Attack (DDoS)
A DDoS attack is designed to overwhelm your resources so that your system or assets become inaccessible. Because your network is flooded with requests, it's unable to fulfill any legitimate request.
The result: your website or network comes to a standstill.
DDoS attacks are on the rise, with Q1 2019 showing an increase of 967% for attacks 100Gbps or higher compared to Q1 2018. One notable event was the DDoS attack on DNS provider Dyn, which affected the websites of major businesses including Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud, and the New York Times.
Defense: The attack is performed by many computers at the same time, making it difficult to defend against or identify the source of the attacker. Threat intelligence and detection capabilities in combination with an effective incident response plan can mitigate damages from these types of attacks.
5. Brute-Force Password Attack
Given the prevalence of passwords as a form of security, many attacks are focused on capturing the password information of your employees and users. One way to do this is through brute-force password guessing, which uses software to automatically go through millions of different common passwords in hopes of getting lucky. Once they get the password, the hacker can use it to steal data, empty bank accounts, install malware, or sell the password to other hackers on third-party markets.
In a troubling stat, according to Kapersky, today's tools can crack a single dictionary word password within one second.
One notable example of a brute-force password attack took place in 2016 when hackers used the technique to gain access to 20.6 million accounts on the Alibaba e-commerce site TaoBao.
Defense: To protect against brute-force password attacks, make sure you implement account lockout policies that can lock the account after a handful of invalid password attempts. In addition, two-factor authentication can prevent hackers from getting into the account even if they end up guessing the password correctly.
6. Man-in-the-Middle Attack
With this attack, the hacker hijacks a session between the client and server. The hacker can use this attack to eavesdrop on communications or spoof the identity of the client completely, allowing them to gain access to sensitive data or manipulate transmitted content as desired. According to IBM, man-in-the-middle attacks were involved in 35% of exploitations targeting inadvertent weaknesses.
For example, in 2015 cybercriminals used man-in-the-middle attacks to steal six million Euros from companies across Europe. The hackers used the technique to monitor communications for payment requests, and then used their access to reroute payments to bank accounts under their control.
Defense: To protect against man-in-the-middle attacks, encryption and authentication certificates can help ensure only the intended recipients can access the data while also preventing it from being modified during transmission.
7. SQL Injection
An SQL injection exploit executes malicious SQL queries to take control of a database server that is running a web application. By using the exploit, the hacker can bypass authentication and authorization of the app to retrieve data from the entire SQL database. It can also be used to add, modify, or delete data from the database.
According to the 2019 Vulnerability Statistics Report, SQL injections represent 5.5% of all vulnerabilities. One of the most notable SQL attacks took place when hackers attacked the payments processor Heartland Payment Systems to gain access to 100 million cards and more than 650 financial services companies, causing $300 million in losses.
Defense: To prevent SQL injection attacks, eliminate SQL vulnerabilities in your application code, apply least-privilege permissions in your database, use stored procedures and prepared statements when possible, and validate input data against a white list at the application level.
8. Zero-day Attacks
A zero-day attack takes place when hackers exploit a previously undisclosed vulnerability in hardware, software, or a network that has been exposed. Because the exploit is new, there is no remedy available, leaving companies defenseless until a patch is developed and implemented.
According to the Ponemon Institute, 76% of successful attacks on organization endpoints were zero-day attacks.
An example of a zero-day attack is when hackers used a zero-day exploit in Microsoft Word to deploy a remote access Trojan that could secretly collect information such as emails and login information.
Defense: To defend against zero-day exploits, monitor your network for unusual or unprecedented activity. Once the exploit has been exposed, apply the patch as quickly as possible across your network and all applicable devices.
9. Outdated and Unpatched Software
Given the scope and size of many enterprises, it can be difficult for IT to keep up with every patch for every software on every device.
Despite patches existing for many known exploits, hackers are able to easily target businesses that use unpatched versions of a software. In addition, companies often use older software that has reached end-of-life and is no longer receiving new patches, making the software vulnerable to any new exploits that are developed.
According to one study, nearly 60% of organizations that suffered a data breach within the last two years had cited known vulnerabilities that had not yet been patched as the reason.
Many of the largest and most damaging hacks are due to such breaches, such as the Equifax hack that exposed the data of hundreds of millions of people. This hack cost the company $1.4 billion in cleanup costs and $1.38 billion to resolve consumer claims. The attack was due to a vulnerability that had a patch available for more than two months, making this attack easily preventable.
Defense: To protect against attacks on outdated or unpatched software, it's important to keep devices up-to-date with the latest software and patches. With so many patches coming in, half the battle is being aware that patches are available. You must then find the time to deploy patches, and then ensure all devices are protected. Prioritize high-impact patches and systems to make the most out of your limited resources.
10. Insider Threats
While most of your focus is on protecting your business from outside threats, insiders are also a source for damaging attacks. Because they are already inside your network and have some level of legitimate access, they have the time and capability to snoop around and steal data.
An insider threat doesn't have to be malicious—it can also involve the accidental exposure of data, as in the case of an employee losing an unsecured laptop that has sensitive company information. According to the Verizon Data Breach Investigations Report, 34% of breaches involve internal actors.
Defense: To protect against internal threats, implement a least-privilege model to ensure no user has more privileges than necessary to do their jobs. In addition, make sure hardware like laptops and mobile devices have security logins to keep those devices secure from intentional or accidental data theft.
For a detailed, downloadable infographic of all the cyberattacks listed above, check out The Top 10 Cyberattacks Threatening Your Organization.
Are You Safeguarding Your Company?
Today's enterprises have to protect against all these cyberattacks and more if they want to stay secure. However, many struggle to properly understand their risk, improve their time-to-detection, or put the proper response together in time to mitigate damage. The Arctic Wolf SOC-as-a-service can help you reduce your attack surface, bolster your security posture, and detect and respond to the real threats your organization encounters. Request a demo to learn more.