To prevail in the battle against cybercrime, companies must understand how they are being attacked. Here are the six most damaging types of cyberattacks and how to prevent them.

Cybercrime is a clear and present risk to governments, businesses and individuals.

Cybercrime is built around the efficient exploitation of vulnerabilities. And an attacker only needs to find and exploit one weakness or vulnerability. This highly favours any attacker. This means that even large enterprises struggle to prevent cybercriminals.

So, which are the most damaging cyberattacks, and how do they work? Here are the six most damaging types of cyberattacks.

Malware

Malware, or malicious software, is an umbrella term used to refer to a hostile program that is designed to exploit devices at the expense of the user and to the benefit of the attacker. There are various types of malware, but they are all techniques designed to not only fool users but also evade security controls so they can install themselves on a system or device surreptitiously without permission. Here are some of the most common types of malware:

• Ransomware: Currently, the most feared form of malware is ransomware. A program designed to encrypt a victim’s files and then demand a ransom to receive the decryption key. If the ransom is not paid, the hackers usually post stolen data online.
• Trojans: A Trojan horse is a program downloaded on a computer that appears harmless but is, in fact, malicious. Typically, this malware is hidden in an innocent-looking email attachment or free download. When the user clicks on the email attachment or downloads the free program, the hidden malware is transferred to the user’s computing device. Once inside, the malicious code executes whatever task the attacker designed it to perform. Often, this is to launch an immediate attack, but they can also create a backdoor for the hacker to use in future attacks.
• Spyware: Once installed, the spyware monitors the victim’s internet activity, tracks login credentials and spies on sensitive information. All without the user’s consent or knowledge. The primary goal is usually to obtain credit card numbers, banking information and passwords, which are sent back to the attacker.

DDoS

A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or another network resource, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems.

Phishing

A phishing attack is a form of fraud in which an attacker masquerades as a reputable entity, such as a bank, tax department, or person in email or in other forms of communication, to distribute malicious links or attachments to trick an unsuspecting victim into handing over valuable information, such as passwords, credit card details, intellectual property and so on. It is easy to launch a phishing campaign, and they are surprisingly effective.

Spear phishing attacks are directed at specific individuals or companies, while whaling attacks are a type of spear-phishing attack that specifically targets senior executives within an organization. One type of whaling attack is the business email compromise (BEC), where the attacker targets specific employees who can authorize financial transactions to trick them into transferring money into an account controlled by the attacker.

SQL Injection Attacks

Any database-driven website and that is the majority of websites is susceptible to SQL injection attacks. An SQL query is a request for some action to be performed on a database, and a carefully constructed malicious request can create, modify or delete the data stored in the database, as well as read and extract data such as intellectual property, personal information of customers, administrative credentials or private business details. A SQL injection attack this year was used to steal the emails and password hashes of 8.3 million Freepik and Flaticon users.

XSS

This is another type of injection attack in which an attacker injects data, such as a malicious script, into content from otherwise trusted websites. Cross-site scripting (XSS) attacks can occur when an untrusted source is allowed to inject its own code into a web application and that malicious code is included with dynamic content delivered to a victim’s browser. This allows an attacker to execute malicious scripts written in various languages, like JavaScript, Java, Ajax, Flash and HTML, in another user’s browser.

XSS enables an attacker to steal session cookies, allowing the attacker to pretend to be the user, but it can also be used to spread malware, deface websites, create havoc on social networks, phish for credentials and in conjunction with social engineering techniques perpetrate more damaging attacks.

Botnets

A botnet comprises a collection of internet-connected computers and devices that are infected and controlled remotely by cybercriminals. They are often used to send email spam, engage in click fraud campaigns, and generate malicious traffic for DDoS attacks. The objective of creating a botnet is to infect as many connected devices as possible and to use the computing power and resources of those devices to automate and magnify malicious activities.

While these cyberattacks continue to plague and damage organizations of all sizes, there are plenty of others that security teams need to defend against, such as man-in-the-middle and eavesdropping attacks, where an attacker intercepts the communication between two parties in an attempt to steal or alter it.

As most email and chat systems now use end-to-end encryption and employees use a VPN to access company networks, these attacks are becoming less effective. However, security teams need to ensure DNS traffic is monitored for malicious activity to prevent DNS tunnelling attacks, where hackers “tunnel” malware into DNS queries to create a persistent communication channel that most firewalls are unable to detect.

How to prevent common types of cyber attacks

The more people and devices a network connects, the greater the value of the network, which makes it harder to raise the cost of an attack to the point where hackers will give up. Metcalfe’s Law asserts that the value of a network is proportional to the square of its connected users. So, security teams have to accept that their networks will be under constant attack, but by understanding how different types of cyberattacks work, mitigating controls and strategies can be put in place to minimize the damage they can do. Here are the main points to keep in mind:

• Hackers, of course, first need to gain a foothold in a network before they can achieve whatever objectives they have, so they need to find and exploit one or more vulnerabilities or weaknesses in their victim’s IT infrastructure.
• Vulnerabilities are either human- or technology-based and according to data from the U.K. Information Commissioner’s Office, human error was the cause of approximately 90% of data breaches in 2019, with phishing as the primary cause.
• Errors can be either unintentional actions or lack of action, from downloading a malware-infected attachment to failing to use a strong password. This makes security awareness training a top priority in the fight against cyberattacks, and as attack techniques are constantly evolving, training needs to be constantly updated as well to ensure users are alerted to the latest types of attack. A cyber attack simulation campaign can assess the level of cyber awareness among employees with additional training where there are obvious shortcomings.
• While security-conscious users can reduce the success rate of most cyberattacks, a defence-in-depth strategy is also essential. These should be tested regularly via vulnerability assessments and penetration tests to check for exploitable security vulnerabilities.
• Finally, to deal with zero-day exploits, where cybercriminals discover and exploit a previously unknown vulnerability before a fix becomes available, enterprises need to consider adding content disarm and reconstruction to their threat prevention controls as it assumes all content is malicious so it doesn’t need to try to detect constantly evolving malware functionality.

Security strategies and budgets need to build in the ability to adapt and deploy new security controls if the connected world is going to survive the never-ending battle against cyberattacks.