What is a cyber attack?
Before starting this article on cyber attack, I want to show you something which will blow your mind.
Reported Cyber incident increased from 82,000 in 2016 to 159,700 in 2017, driven by ransomware and other new attack methods. — Online Trust Alliance, 2018
OTA revealed the data in its yearly report of cyber attack incidents and breach readiness. And more surprising it these methods was not too advance. Here is the data-
93% of all breaches in 2017 could have been avoided with simple cyber hygiene practices, such as regularly updating software, blocking fake email messages, and training employees to recognize phishing attacks. — Online Trust Alliance, 2018 (Quoted “Techrepublic“)
77% of attacks that successfully compromised organizations in 2017 utilized fileless techniques. — Ponemon Institute
So, I think these figures are enough to give you an idea of how dangerous these cyber attacks are.
93% of cyber attacks were avoidable but people didn’t avoid because of lack of awareness.
According to Hackmageddon, the intention behind the attack was to commit cybercrime in about 81% of cases.
Ah! Now you know about cyber attacks happening around across the globe but one thing that may come to your mind is what the hell this cyber attack is? Let’s find the answer.
What is a cyber attack?
We can define a cyber attack as – if someone tries to get access to our computer or any device in order to steal, extract, delete or damage its data. If someone tries to disrupt the availability or integrity of our business.
It’s pretty complicated, isn’t it!
Ok. Let me simplify it. You can simply understand it as if anyone tries to use your phone, computer or any device without your permission or without your information. And also steals some data from it like your private photos, messages etc, to blackmail you for money.
Let’s understand it in more depth. According to Technopedia website, a cyber attack may include these consequences:
Identity theft, fraud, extortion
Malware, pharming, phishing, spamming, phishing, spoofing, spyware, Trojans and viruses
Stolen hardware, such as laptops or mobile devices
Denial-of-service (DOS) and distributed denial-of-service (DDOS) attacks
Breach of access
Private and public Web browser exploits
Instant messaging abuse
Intellectual property (IP) theft or unauthorized access
Did you get it? Oh Great! Now let’s move on our next and main point what are the techniques that they use to commit these attacks? Also, how can you protect yourself from these attacks?
Today I’ll tell you about all the common cyber attack techniques. And also how you can protect yourself from any cyber attack step by step.
So these are the most popular or you can say common techniques that attackers used and use in cybercrime activities.
Let’s start with the first technique:
1. Malware/PoS Malware Attack.
Malware is basically a short term used for Malicious Software. It is an umbrella term which includes all evil or intrusive software. For example virus, worm, trojan horse, ransomware, spyware, adware, scareware etc.
So In simple words, I would define it as all the programs that have been designed with intentions to harm someone either to specifically target someone or to target mass. So now, Let’s know a little about malware types-
Wait for what.. Virus? Is it that virus that we have learned in our biology books?
Ah! don’t be confused, it’s not the biological virus but acts exactly like an original virus and that’s why its name is virus or computer virus. It is a malicious software program written to enter to your computer and damage/alter your files/data.
It might delete or corrupt data on your computer. Viruses can also replicate/(multiplies its numbers) themselves. It makes it’s own copies and infects other files.
It can enter into your computer in many ways. For example, it can be burned with images, audio files, It may come with different types of freeware and other downloads from insecure websites.
The worm is a malicious program that makes copies of itself again and again on the local drive, network shares, etc. The only purpose of the worm is to reproduce itself again and again. It can also use a computer network to spread itself if any security vulnerability found on the target computer to access it
It doesn’t harm any data/file on the computer. Unlike a virus, it does not need to attach itself to an existing program. It can enter into your computer by itself without any attachment. Worms spread by exploiting vulnerabilities in the operating system
Trojan Horse is basically that kind of enemy who tells you “Hey! I’m your friend and I found a this-this problem at your house. If you wish I can fix it for free.” And you say- Wow! so nice of you please come. What would you like to have tea or coffee?
That’s it. once entered into your computer it starts doing its job. It gives malicious users/programs access to your system, allowing confidential and personal information to be theft.
Ransomware is a cyber kidnaper. I’m saying this because it works exactly the same as a kidnapper does. It mainly comes with emails with scam offers. Once you clicked, it starts executing itself.
At first, It encrypts all data on your computer and prevents you to access your system or any file on your computer. then it asks for ransom money to decrypt those files. It can cost $1000-$10 million.
Here is Ransomware cyber attack data of last 4 year from Statista
Some popular Ransomware are Locky Ransomware, Wanna cry Ransomeware, scareware etc.
Spyware is a James Bond type of cyber attack. I mean, Spyware is a type of program that is installed with or without your permission on your personal computers.
It collects information about users, their computer or browsing habits track each and everything that you do without your knowledge and send it to the remote user.
A rootkit is a type of malicious software program that is almost impossible to identify. An attacker can install it on your with root or Administrator access. It may be due to any vulnerability in your system or network.
Thus, it has administrator access, you cannot identify it easily. It can also manipulate the malware detection tools.
Now I know what a malware is but what is this POS Malware Attack?
Well, PoS malware stands for Point of Sale Malware. As its name is, PoS Malware especially targets those points where a lot of transactions happen. These points may be a retail shop, a supermarket payment counter, a shopping mall or even online transaction points.
The goal of these attack is to steal payment credentials like credit/debit card details. And then they clone the card using that information and use.
It’s not easy to steal any data from a POS computer. This is because most of the POS systems use encryption to store these credentials. And it decrypts only during a transaction in the RAM of the system. That’s why attackers design the POS Malware to target the RAM of the system.
Since it targets and scans the memory of the system, hence it is also known as memory-scraping malware or RAM-scraping malware.
Different Types of POS Malware
The BlackPOS is specially designed for Windows-running computers that are part of a POS system. Once this malware enters into the computer system, it looks for the pos.exe file in the system and parses the content of the track 1 and track 2 financial card data.
A particular hacker’s group had built TreasureHunt to sell stolen credit card data. This malware exploits stolen or weak credentials in order to install itself onto the device and targets retailers still using the older swipe systems.
NitlovePOS gathers track-one and -two payment card data by scanning the running processes of a compromised machine.
According to FireEye’s report, it comes with an email with subject lines like Any Jobs?, Any openings?, Internship, Internship questions, Internships?, Job Posting, Job questions, My Resume, Openings?
When you open the email, it says like “This is a protected document you need to enable it manually.” After that, it installs its payload into the system and starts doing its job. Here is the example-
It installs a keylogger on the compromised device and scans the memory of the device for credit card numbers. And then uploads it to its server.
Malum POS is configurable and masks itself as a display driver on the infected device. It then monitors running processes and scrapes the memory of the infected device for payment information.
2. Targeted Attack.
Malware attack is something like a terrorist or a viral/Bacterial disease attack. As a terrorist kills everyone who comes before its gun and as a virus or bacteria infects everyone. Malware also acts in the same way. But In a targeted attack, the target is predefined. And an attacker needs to make strategies according to the target security level. We can define a targeted attack as follows:
A targeted attack is any malicious attack that is targeted to a specific individual, company, system or software. It may be used to extract information, disturb operations, infect machines or destroy a specific data type on a target machine.
A targeted attack uses a type of crimeware or malware program designed to attack the targeted entity. First, perpetrators of target attacks typically analyze the target company/system/user, their underlying security mechanisms, and potential post-attack ramifications.
For example, launching a targeted attack on a bank requires an understanding of its security architecture and possible loopholes. Once an attack is successful, the attacker/hacker/cracker can stop routine banking operations, illegally transfer funds and extract customer financial information.
It works in many phases:
• Information gathering.
In the first phase of the attack, the attacker identifies and gathers all possible information about the target to customize their attacks. This may include the target’s IT environment and also its organizational structure.
The information gathered can range from the business applications and software an enterprise utilizes to the roles and relationships that exist within it. This phase also utilizes social engineering techniques that leverage recent events, work-related issues or concerns, and other areas of interest for the intended target.
This is the second phase in which an attacker uses various methods to infiltrate a target’s infrastructure.
Common methods include customized spearphishing email, zero-day or software exploits, and watering hole techniques. Attackers also utilize instant-messaging and social networking platforms to entice targets to click a link or download malware. Eventually, establishing a connection with the target is acquired.
• C&C communication.
In this phase, threat actors constantly communicate to the malware to either execute malicious routines or gather information within the company network. Threat actors use techniques to hide this communication and keep their movements under the radar.
Hmm… Nice but what is this C&C?
Oh! I forgot to mention that. C& means Command-and-Control. Because in this phase the attacker uses commands to control the payload or malware. Got it! Good. Let’s move on to the next phase.
• Lateral movement.
Once inside the network, threat actors move laterally throughout the network to seek key information or infect other systems.
• Data Discovery.
Notable assets or data are determined and isolated for future data exfiltration. Threat actors have access to “territories” that contain valuable information and noteworthy assets. These data are then identified and transferred through tools like remote access Trojans (RATs) and customized and legitimate tools. A possible technique used in this stage may be sending back the file lists in different directories so attackers can identify what are valuable.
• Data Exfiltration.
This is the final phase of a targeted attack. In this phase, the attacker gives the command to its payload to fetch, copy and upload valuable data to the attacker’s location. Attacker conducts quickly and gradually.
These valuable data include intellectual property, trade secrets, and customer information. In addition, threat actors may also seek other sensitive data such as top-secret documents from government or military institutions.
3. Account Hijacking.
Almost all your accounts like Facebook, Twitter, LinkedIn, Instagram and other financial accounts are liked to your email right? Now, just imagine if a cybercriminal got access to your email account, what can he do?
Your e-mail ID is the key to all your sensitive data. If a hacker successfully hijacked your email account then he can also compromise your other account linked to that email ID. And that’s why account hijacking has become one of the most common cyber attacks.
How can we define Account Hijacking?
4. Vulnerabilities in devices.
Suppose you have any broken window in your house or anything that you have not repaired like doors. It will so easy for a thief or a criminal to enter your house right?
Similarly, vulnerability is something like the weak point in your computer system or network that allows attackers to enter into your computer. It may be an open port, weak Wi-Fi password, Outdated OS, Outdated antivirus etc.
These vulnerabilities can increase the risk of cyber attack specially targeted attacks.
You might have heard like hackers hacked into a website and wrote some slogans. This all is known as website defacement in which hackers hack into a website and change its web page view. We can define it as:
A website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own.
The most common method of defacement is using SQL Injections to log on to administrator accounts. Defacements usually consist of an entire page. This page usually includes the defacer’s pseudonym or “Hacking Codename.” Sometimes, the Website Defacer makes fun of the system administrator for failing to maintain server security. Most times, the defacement is harmless, however, it can sometimes be used as a distraction to cover up more sinister actions such as uploading malware or deleting essential files from the server.
Have you seen any ad like you are in danger, your device contains a virus, your memory is full, Click here get awesome deals. Those ads mostly appear in pop-ups.
When you click on an ad then it redirects on any malicious link or sometimes starts downloading something. Those ads contain Malware and can harm your device and I have already discussed it.
You can guess it my personal experience- Once when I was a kid, I had a feature phone with an internet connection. I saw an ad with my phone’s model number that it contains a virus, click here to scan it. And when I clicked on a similar ad. I lost all my balance on my phone and nothing happened. I think I was lucky because it could be more dangerous than that.
7. DDoS attack.
When you buy any web hosting plan they show you many things and one of them is the maximum capacity of traffic that your server can handle.
Suppose you have a website and your server can handle only 1000 visitors at a time. Now think about a situation when more than 1000 visitors came together at a time.
What will happen then?
Your server will deny severing all those requests and your website will go down. And this is known as Denial OF Service (DOS).
Now attackers use this weakness in their interest. They build networks of infected computers, known as ‘botnets‘, by spreading malicious software through emails, websites and social media. Once infected, they can control those machines remotely, without their owners’ knowledge. And then use those infected computers like an army to launch an attack against any target. Some botnets are millions of machines strong. This is called Distributed Denial of Service (DDoS) attack.
8. Brute-Force attack.
A brute-force attack is a kind of try and error method of gaining access to any account or device.
You can better understand it with my daily experience. I have a lot of account on different sites and have different passwords for all accounts. I often forget the exact password for the exact account. Then I try 2-3 passwords that I use and sign into my account.
Brute-Force Attack works exactly in the same way. Attackers keep a list of password combinations into a single file. You can imagine the number of passwords in a file as I have seen the file of more than 10 GB space. Then they automate the process using any hacking tool easily available for OS like Kali Linux. or any distribution of Linux.
Hackers mostly use this technique to hack into Wi-Fi. Because if Wi-Fi is hacked they can easily exploit your computer network and steal valuable data from your computer.
9. DNS Hijacking.
DNS hijacking is a type of malicious attack in which an individual redirect queries to a domain name server (DNS), by overriding a computer’s TCP/IP settings. This can be achieved through the use of malicious software or by modifying a server’s settings
Security Tips to avoid these cyber attacks:
Now you know about these attacks also know how they work. Now I am going, to sum up, all these cyber attacks and shall tell you simple tips through which you can avoid these attacks.
1. Keep your Operating system updated.
Doesn’t matter which OS you use Windows or Mac, every OS has it’s own vulnerability. Companies know it and continually work on those problems and that’s why they provide regular updates and security patches. Hence, cybersecurity experts recommend to Keep your Operating system updated.
2. Choose a good and paid antivirus.
While choosing anti-virus for our PC we often get confused. I would not recommend using a free anti-virus. You should go with any paid anti-virus for better protection against cyber attacks. For this, you can compare anti-viruses to check their performances. Here is some data that can be helpful to you. If you are in Indian subcontinent then, I would recommend Quick heal total security. Because it is one of the most trusted brands in India.
3. Keep your anti-virus up-to-date
Anti-virus companies update their database to add protection against new malware types and other cyber attack types. So, you should also update your antivirus for better protection. I would recommend you to automate your anti-virus update process.
4. Don’t click on any unknown link.
As I have already told you that almost attacks are performed through malware and all malware comes through emails and other social engineering techniques. so, it becomes most important for us for we don’t click any suspicious link anywhere.
5. Use a CDN on your website.
If you have a website then you should be careful because according to a report, approx 3000 DDoS attacks happen every day. And it’s just one attack there are many types of attacks, hackers use to target websites. To avoid these types of cyber attack threats, you should use a CDN service. CDN stands for Content Delivery Network.
I would recommend using Cloudflare for this. It makes your website fast through optimization and caching and also protects from various cyber attack activities on your website or blog.