It’s Friday the 13th! If you’re feeling superstitious, you might not want to know that there are at least 13 types of cyberattacks to worry about!
Below are 13 types of cyberattacks, courtesy of TechTarget.
You may be aware of the first few, but do you know them all? See how many you do know!
- Malware attack: Malware, or malicious software, is an umbrella term used to refer to a hostile or intrusive program or file that is designed to exploit devices at the expense of the user and to the benefit of the attacker.
- Password attack: Despite their many known weaknesses, passwords are still the most common authentication method used for computer-based services, so obtaining a target’s password is an easy way to bypass security controls and gain access to critical data and systems.
- Ransomware: Ransomware is usually installed when a user visits a malicious website or opens a doctored email attachment. It exploits vulnerabilities on the device to encrypt important files, making them unusable. The attacker then demands a ransom in exchange for the decryption key needed to restore the locked files.
- DDoS: A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.
- Phishing: A phishing attack is a form of fraud in which an attacker masquerades as a reputable entity, such as a bank, tax department, or person in email or in other forms of communication, to distribute malicious links or attachments to trick an unsuspecting victim into handing over valuable information.
- SQL injection attack: An SQL query is a request for some action to be performed on a database, and a carefully constructed malicious request can create, modify or delete the data stored in the database, as well as read and extract data such as intellectual property, personal information of customers, administrative credentials or private business details.
- Cross-site scripting: Cross-site scripting (XSS) attacks can occur when an untrusted source is allowed to inject its own code into a web application and that malicious code is included with dynamic content delivered to a victim’s browser.
- Man-in-the-middle attack: A man-in-the-middle (MiTM) attack is where attackers secretly intercept and relay messages between two parties who believe they are communicating directly with each other, but in fact, the attackers have inserted themselves in the middle of the online conversation.
- URL interpretation/URL poisoning: It is easy for hackers to modify a URL to try and access information or resources to which they shouldn’t have access and if the web server doesn’t check if each user has the correct authorization to access the requested resource, particularly if it includes user-supplied input, then the hacker is able to view the account settings.
- DNS spoofing: Hackers have long exploited the insecure nature of a Domain Name System (DNS) to overwrite stored IP addresses on DNS servers and resolvers with fake entries so victims are directed to a hacker-controlled website instead of the legitimate one.
- Botnet: A botnet comprises a collection of internet-connected computers and devices that are infected and controlled remotely by cybercriminals. Vulnerable IoT devices are also being used to increase the size and power of botnets.
- Watering hole attack: In a drive-by attack, an attacker embeds malicious code into a legitimate but insecure website so, when anyone visits the site, the code automatically executes and infects their device without any interaction from the visitor. This is called a watering hole attack. As the site is trusted by the victim, the malware may even be hidden in a file that they intentionally download from the site.
- Insider threat: Employees and contractors have legitimate access to an organization’s systems, and some have an in-depth understanding of its cybersecurity defenses. This can be used to gain access to restricted resources, make system configuration changes or install malware.
There’s more on each of these in the TechTarget article here.
What are you afraid of this Friday the 13th? A guy running around in a hockey mask that never dies who kills people? Or 13 types of cyberattacks? One of them is real.
So, what do you think? Do you have a plan for addressing all 13 types of cyberattacks? Please share any comments you might have or if you’d like to know more about a particular topic.
Image Copyright © New Line Cinema
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.