7 Types of Cyber Attacks that you need to know RIGHT NOW!

Today in this post I am going to explain different types of cyber attacks and how to recognize them. Technology is moving at a faster pace and we have to move with it as well. Right now, we are in a world of digitalization, who knew that we could pay to a person sitting in the United States from India. Well, the things which did not make sense twenty years ago, we are using it now. We have come very far in technology terms and we are growing even more exponentially.

Everything is digital now, from paying your bills to texting someone, everything could be done from your phone or laptop, everything is made so easy and comfortable. Along with the good things comes the bad things. We sure have become lazy, obese, no doubt but along with that, being everything online, we are at a risk of our data getting compromised. In this post, I am going to tell you the different types of cyber attacks which everyone should be aware of and take the precautions before it gets too late.

What is a Cyber Attack?

cyber attacks

Before jumping to the post, let’s first know What are Cyber Attacks, tech enthusiasts and people with little knowledge on tech will be knowing, but this question is for people who have very less (negligible) knowledge on technology.

So, Basically, Cyber Attack is a way of stealing sensitive information or damaging it. It very well relates to real-life attacks, like when someone attacks you physically, they have a reason why they are attacking you, maybe you have some information they want, or they just want to have some fun in harming you or want to seek some revenge.

Types of Cyber Attack-

types of cyber attacks

1) Malware

This is one of the most common cyber attacks. Malware is a combination of two words “Malicious” and “Software” This type of attacks include all sorts of viruses, spyware, ransomware and trojan which can get access to your personal information, or even lock your data and you need to pay some ransom in order to get back.

These viruses and trojan can get to your computers from email attachments, downloads from unauthorized websites or system vulnerabilities.

If the malware gets on your computer, your data might get erased (depending on the virus’s ability), all your keystrokes could be monitored, the attacker can even send some confidential data to himself without you even knowing about it, in short, the attacker can control your whole system.

In order to prevent malware from entering your computers, try the below steps.

  1. Keep your security patches up to date.
  2. Do not click on the links or download any attachment from an unknown sender, be it from anywhere, email, Facebook,WhatsApp, anywhere.
  3. Do not click on the forwards sent to your family WhatsApp group, We all know, it is spam and not malware, but once my friend clicked on one of such forwards and some random PDF file got downloaded which he was not aware, which secretly captured all his keystrokes. He got to know this when some random apps which he never installed were running in the background and he contacted me, so why take the risk, and we very well know it is spam, but still, we click.

2) Social Engineering

Social Engineering is now one of the most commonly used cyber attacks. This cyber attack is not a virus or a trojan which will get into your computer and erase the data. You can call this as a psychological trick to pull off a scam. How often you get calls from some banks telling you that you have a credit approved or some shit like that and they ask a lot of personal details like “What is your pin number”, the people behind sometimes are so dumb that they even ask the account number and people even give them and when the victim finally realizes it becomes too late, because he got scammed and the money, for which he worked so hard, is not showing now in his bank account because of his stupid mistake.

People use Social Engineering tactics because it is easy to trick people rather than hacking a software or stuff which requires skills

In order to avoid being a victim of social engineering, never ever give any confidential information to anyone, if it is urgent, call them in person and give them, but not virtually. You bank never calls you to inform you can use 10000 Rs for free, so avoid getting conned by these people. Do not share confidential information with anyone. Be Safe.

I get calls from these people and I have good ten-minute entertainment phone call and it refreshes my mood as well. Try to trick them, instead of getting tricked and sit back and enjoy.

I will not explain deeply about Social Engineering, because we have already written a dedicated post on it. What is Social Engineering? If you want to know the different ways on how people get scammed by this social engineering trick, read this post and all your doubts will get cleared, Common social engineering attacks

3)Phishing Attacks

What are we talking? Phishing in 2018? Kidding, right? No. People still fall for these types of cyber attacks, not many, but still a considerable amount. Most people won’t just open any random links they get in mail or any other social networking websites, and the attacker very well knows about this, so the message is delivered in such a way that you are forced to click on the link and fill the personal details asked and tadaa the attacker gets all the information, he did not hacked it,instead people gave him their data, same like Zuckerberg in his older days, if you ain’t aware what happened, then let me narrate this to you. So, Zuckerberg was chatting with a friend (name not revealed) in 2004, when he was still in Harvard and Facebook was not even a company, the exchange between them went something like this-

conversation between zuck and his friend

This is not called phishing, but yeah, okay we are deviating now. Phishing has evolved a lot in recent years and it becomes a bit hard for non-technical users to differentiate between the original link and phishing link. In order to avoid falling for these links, check the email properly, whether they are authentic or not, by checking the footer of the mail and checking the URL given in the mail, the official link (95%) would not contain hyphens or numbers. For example, if you get a mail say from Amazon, and if it has a link in it, it will redirect to amazon.com or amazon.in (depending upon your country) and not to amazon-free-gift-card.com. If you are not sure about the authenticity of the link, then check out about the company on google and their official website. One more thing, most companies will not ask any personal information via mail, so beware. One more good news is Gmail is now super intelligent and it automatically filters out the strong spam, but still be safe.

4) SQL Injection

SQL, known as Structured Query Language, often pronounced as “Sequel” is a database programming language. Many servers which store sensitive data use SQL to manage their databases. A SQL injections target sites like these and inject the malicious code to get all the data running behind. The main problem arises if these websites store very sensitive information like credit card details, or usernames and passwords which can be easily accessible is the website is vulnerable to SQL attack.

SQL injections work by exploiting one or more SQL vulnerabilities, and the server is made to run the malicious code resulting in SQL Injection attack. If your website is SQL vulnerable, then it is even possible for the attacker to get all the data, by just typing the code in the search box which will force the SQL server to dump all the data that the attacker needs.

In order to prevent being a victim of SQL Injection, you should use WAF (Web Application Firewall), update the security code daily or at least weekly, avoid using dynamic SQL if not needed, limit the permissions of database, change the passwords of database frequently are some of the tips you can keep in mind in order to avoid being a victim of SQL attack.

5) Cross Site Scripting (XSS)

One of the deadliest cyber attacks you could ever possibly encounter. You might wonder why Cross Site Scripting is called as XSS, The reason why X is chosen instead of C is to avoid the confusion between the CSS (Cascading Style Sheets) which is a styling language and this type of attack.  X is termed as Cross, hence it is known as XSS which translates to Cross Site Scripting.

It is similar to SQL injection, in SQL injection, the malicious code is inserted and the website is affected, but in this case, the malicious code is inserted but the website is not affected, instead the users visiting the website are affected. Confused? Let me explain! If a website is affected by XSS, each time a user visits the affected website, their browser will download the malicious code and runs it, the attacker will try to control the user’s session by stealing cookies and session tokens and spread the malware.

We won’t even know that the site is affected by XSS, since it attacks the users and not websites which makes it even harder to trace, XSS can even be deployed by injecting the malicious code in the comments section, which can automatically run when opened.

The user’s data is at risk, if it is an e-commerce website or if it has a login page because since it is affecting users, it monitors all the data sent by the user to the website.

The users could not do anything, but the website owners should take necessary measures to prevent XSS attacks on their website, I will be writing a dedicated post on how you could avoid XSS attacks on your website. So stay tuned and subscribe to our mailing list to get the email notification.

6) Denial of Service (DoS)

As the name suggests, Denial Of Service, which roughly means denying the services. Imagine you are going to some local food shop where not more than 3 people come at a time suddenly you witness thousands of people waiting in the line to get the food and you are not able to get the access of the shop instantly. This is what Denial of Service means in a simple language.

So, A DoS disrupts the service to a network and is performed by sending a large amount of traffic and data to a website to overload its server and make it shut for all the users, I will demonstrate another example (this is not a DoS one, but it will help you understand even better) Board exam results are up on so and so date and time and at that particular time people from all over the state open the website, and not many could access it, because the volume of traffic is so high, that the server couldn’t be more loaded and it shuts for most of the other students, because server is overloaded.

The best way to prevent it is to keep an eye on the traffic and block the traffic which you will find malicious. Unless your company is huge and people often visit, you don’t need to bother.

7) Man In The Middle (MITM) Attack

These attacks occur with the help of impersonation (pretending to be someone else). The session between your computer and the web server is given a unique session id which is only shared between you and the web server you are accessing to and no third parties are involved, this is what happens normally, but in MITM, a third party hijacks the session by capturing the session id and the impersonating the official web server you are trying to access.

For example if you are banking online, the third party hijacks and poses itself as your bank and communicate with you and all the details sent to the server are not going to the bank, instead, it is going to the attacker and your data is compromised.

These types of attacks usually happen in non-encrypted wireless networks, which means Wi-Fi without passwords in it and non-secure sensitive pages. When you try to open any website which will demand personal information or data, make sure it has https enabled. Never ever use Wi-Fi networks in lunges, cafe or airport. The free Wi-Fi might cost you a lifetime bill.

That’s it guys! I have covered seven different types of cyber attacks and how to recognize them as well as how to prevent those cyber attacks. I hope you understood and start securing your online business or blog from these common types of cyber attacks. If you have any doubts or any part you did not understand, feel free to comment below and I will surely reply. If you liked this post and want to help a friend or anyone close who is going to start an online business, then do share this article with him to help him prevent from common types of cyber attacks. Will meet you in next post.

PS- If you want any specific post to be written, then do comment or personally contact me from the contact mentioned below and you will see the post you wished live! Cheers!

The following two tabs change content below.
Abishiekh Jain is a 16-year-old programmer and blogger born and brought up in Chennai. He is the founder of Hackers Den 🙂
Click Here to Leave a Comment Below 0 comments