Types of Attacks in Cyber Security

What is Cyber Security?

Cyber Security is the protection of Internet-connected systems including hardware, software, and data from cyber-attacks. 

It is made up of two words one is cyber and the other is security. Cyber is related to the technology which contains systems, networks,s, and programs, or data. 

Security-related to the protection includes systems security, network security and application, and information security.

Why do we need Cyber Security?

It can be rightfully said that today’s generation lives on the internet. So, For a hacker, it’s a golden age with so many access points, public IPs, constant traffic, and tons of data to exploit. 

It poses a threat to individual security and an even bigger threat to large international companies, banks, and governments. Black hat hackers are having one hell of a time exploiting vulnerabilities and creating malicious software for the same. Above that, cyber-attacks are evolving by the day. 

Hackers are becoming smarter and more creative with their malware and they bypass virus scans and firewalls smartly

Therefore there has to be some sort of protocol that protects us against all these cyberattacks and makes sure our data doesn’t fall into the wrong hands. This is exactly why we need cybersecurity.

Types of Cyber Attacks

Cyber-attacks can be classified into the following categories 

• Web-Based Attacks 
• System Based Attacks

Web-Based Attacks

Attacks that occur on a website or web application are simply called Web-Based Attacks. Some of the important web-based attacks can be listed as follows,

1. Injection Attacks - When performing an Injection Attack Some data will be injected into a web application to manipulate the application and fetch the required information.                                                    Examples - SQL Injection, Code Injection, XML Injection, etc...                                                                                                                                                                         
2. File Inclusion Attacks - It is a type of attack that allows an attacker to access unauthorized or essential files which is available on the webserver or to execute malicious files on the webserver by making use of the included functionality.                                                                                                                                              
3. Session Hijacking - Session Hijacking is a security attack on a user session over a protected network. Web applications create cookies to store the state and user sessions. By stealing these cookies an attacker can have access to all of the user data.                                                                                                                                                                                                                                                                                                      
4. Phishing - Phishing is a type of attack which attempts to steal personal and confidential information like user login credentials and credit card numbers. It occurs when an attacker cheats on a person by showing a custom website as a trustworthy entity in electronic communication.                  Examples -  Facebook Phishing,  Bank Account Phishing, etc...                                                                                                                         
5. Brute Force Attack - Brute Force is an attack that generates a large number of guesses and validates them to obtain actual data like user passwords and personal identification numbers. It is a type of attack which uses a trial and error method. This attack may be used by criminals to crack encrypted data, or by security, analysts to test an organization's network security.                                                                                                                                                    
6. Man in the Middle Attacks - Man in the Middle is a type of attack that allows an attacker to intercept the connection between client and server and acts as a coordinator between them. So the attacker will be able to read, insert and modify the data flow between the client and server So some confidential information will befall into the wrong hands.                                                                                                                                                                                                                                                                                          
7. Dictionary Attacks - A dictionary attack is an attack done by the use of a stored list of commonly used passwords and validated to get the original password from an Account. The password files can be downloaded from all over the internet. some password text files contact millions of passwords                                                                                                                                                       
8. URL Interpretation - It is a type of attack where we can change certain parts of a URL, and one can make a web server deliver web pages for which he is not authorized to browse.                                                                                                                                                                                      
9. DNS Spoofing - DNS Spoofing is a type of computer security hacking. A data is introduced into a DNS resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the attacker's computer or any other computer. The DNS spoofing attacks can go on for a long period of time without being detected and can cause serious security issues                                                                                                                                                                                                                                                                                                       
10. Denial of Service Attack - Denial of Service is an attack meant to make a server or network resource unavailable to the users. It accomplishes this by flooding the target with traffic or sending it information that causes a crash. It uses a single system and a single internet connection to attack a server.                                                           

System Based Attacks

System Based Attacks are attacks that are intended to compromise a computer or a computer network. Some of the important system based attacks can be listed as follows,

1. Virus - A virus is a type of malicious software program that is spread by a hacker throughout the computer files without the knowledge of users. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when they are executed. Those executed instructions cause harm to the system.                                                                                                                              
2. Worm - It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It works the same as a computer virus. But It does not require a person to send it all over the network when a hacker sends a worm through email the worm passes to the linked accounts or the friends of that user also. Worms often originate from email attachments that appear to be from trusted senders.                                                                                                                                
3. Trojan Horse - It is a malicious program that occurs unexpected changes to computer settings and unusual activity. It misleads the user of its true intent. It appears to be a normal application but when opened & executed some malicious code will run in the background.                                                                                                                                              
4. Back Doors - A backdoor Attack is a method that bypasses the normal authentication process. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes.                                                                                                                                                                                        

 

Meet you soon with another section related to Cyber Security till then have a good day...