Cybersecurity: Types of attacks in 2021
On todays’ agenda let’s discuss Cybersecurity – what it means, why it became what it is, and where is it heading. It’s a warzone in its own right; you and your business must be well equipped to survive. And the best weapon is knowledge.
This is perhaps a start of a new mini-series much like our history of programming, where we’ll dive into the world of hacking and counter hacking with our own experts in the future. Merely because there is just so much ground to cover when talking about malicious software.
“War… war never changes” – That statement, while depressing – is both true and not so much. Not so long-ago humanity experienced the reality of constant fear of nuclear annihilation, the cold war could break out into a real one any moment.
But war has changed, and it has broken out, it is in fact raging on over the digital cyber space. Each day various organizations from governmental to hidden hacker groups battle it out, discovering new ways to bypass security, steal information or fix the breaches.
And if you think you are safe from these battlefields – you are wrong. Every computer -from your personal one, to your business server is at risk. And the risks are huge.
Of course, this is not news, the war has been raging on with the invention of the world web, but it’s heating up with no signs of stopping.
According to Cybersecurity Ventures, the predicted global cost of Cybercrime will amount to 6$ trillion by the end of 2021. By some estimates that number is higher than the global trade of all major illegal drugs combined.
But what can you do? Inform yourselves, and step into the fray!
What is Cybersecurity?
So, what can you do to defend yourself? In comes our topic.
The definition of Cybersecurity is as follows:
“Cybersecurity is a set of tools, processes, and techniques that protect the secrecy, integrity and availability of computer systems or data, against cyberthreats. “
First, it’s important to note that it’s not one thing, or one department. And to be perfectly honest, that definition is incredibly basic, but as concise as we could make.
Second, the realm of Cybersecurity is constantly changing and evolving. Requiring ever constant diligent training and developing of one’s expertise to stay on top of things.
Here is a “basic” roadmap of a cybersecurity domain; you do not want to see the elaborate one.
So, to explain something as difficult as “philosophy” of cybersecurity, let us lay down the necessary groundwork.
Laws of Cybersecurity
Before we go deeper into ways hackers get your data and how to prevent it, we want to examine the root problem: “human nature”.
Most of what we’ll talk about is all due to human negligence or malign nature. To understand why, we’ll outline a few core laws of Cybersecurity. Courtesy of Nick Espinosa.
Understanding these is the core principle to get a grasp of “Social Engineering” in Cyber Warfare, another potential topic for a later date.
1. If there’s a vulnerability, people will exploit it
Human nature is finicky, some people just do it for the laughs. If they see something, you can be sure they will look for ways to take advantage of it.
There are those who will try to hack absolutely everything. These hacks range from basic ones, like licence plate blur for video cameras to massive attacks on government sites or huge corporations.
2. Everything is vulnerable in one way or form
No matter how much governments or corporations spend on their infrastructure and defence to protect their data – slip-ups happen.
There is just too much to account for, too many variables to consider, clean code and proper development practices safeguard your company to a point. But as we’ve mentioned humans make mistakes which in turn leads to vulnerabilities.
3. Humans trust, even when they shouldn’t
Trust is good, we need it for a functioning society, but it also leads to one huge problem – we expect a lot from our technology without question.
Human trust makes frauds, phishing, and other practices viable; surprisingly people don’t like to question technology too much, and that leads to our current Cyber Warfare age.
4. Innovation leads to opportunity of exploitation
Progress never stops, and normally the scope of any innovation is to make life easier.
Such is the integration of IoT into our life, but with innovation comes human desire to exploit, thus IoT hacking.
In 2016 a virus known as Mirai infected millions of devices across the world, which lead to the creation of a Bot-Net network that later brought down GitHub, Twitter, Reddit, Netflix, AirBnB and a lot of other massive websites for 3 days.
5. If in doubt, go to law Nr.1
Never forget the first law, the best defence is to be constantly vigilant.
Nick Espinosa Ted Talk – 5 laws of cybersecurity
With that out of the way, let’s take a look at the various types of attacks.
Types of Attacks in a Cyber War
These are an incomplete list of various predominant attacks in cybercrime. If we’d list all of them, we’d need to write a small book. But perhaps we’ll come back to a more in-depth technical analysis later.
The most obvious one, the one that you think about when you hear the word – hacker.
And that is “Malicious Software”, or Malware. But not all is as simple, for there are multiple types of malware. We’ve talked about one of the variants of these in our article about Spam Bots, but that is only the top of the iceberg.
Various sub-categories of Malware:
Adware – Most common type of “hack” and that is the relatively harmless hijack of your screen for unwanted advertisement.
Viruses – Malicious code that latches onto the code of another program and forces it to do damage/or spread itself.
Worms – A self-reproducing standalone malware that keeps spreading from one system to another.
Trojans – A masquerading malware that tricks users into thinking its useful software and activating it, most recognizable are the fake anti-virus software.
Ransomware – These programs once they have access to your data, encrypt it and hold it hostage for ransom.
Spyware – Types of malicious software dedicated to keep track of any and all activity performed on the system, these are typically used to log keystrokes and break passwords.
Hybrids – All of the aforementioned software combined into various forms for different objectives. Most of the malware you get nowadays is some sort of a hybrid.
Fileless types – Not a type rather than a method of Malware; these can be all the above, however unliketypical ones spreading via the file system, these programs get around via API’s, Sub-Processes, Registry keys or other methods.
Phishing is a type of attack reliant on social engineering that “fishes” for sensitive information like Birthdays, Social Security Nr; Credit card information and other.
Techniques or sub-categories of Phishing:
Phishing emails – The most typical and recognized type. These are emails sent in order to “update” your credentials on a site or application, from fake embassies or gov institutions.
Spear phishing – More sophisticated and hand-tailored phishing emails designed with some sort of background knowledge on the target.
Clone phishing – Intercepted emails from reliable parties, such as your work for instance, with an immediate cloned email seemingly coming from the same source. These have “adjustments” or “updates” to an attachment or other reasons for a “re-send”.
Link spoofing – Manipulating links for them to look like known/respected URLs in order to lead their victims into fake websites.
Fake websites – Almost identical copies of popular and respected websites that immediately, on access, request users to “verify” their accounts/data/passwords.
Social media messages or SMS – Similar tactics involved in either Spear or regular phishing except done via social media, these can also request you to visit your (fake) “Netflix” account to verify your data.
Robo-Calls or Vishing – Automatic or real phone calls from respected institutions or loved ones making various requests of their victims.
We’ve discussed how AI text-to-speech can be used to imitate your loved one’s voice to request financial aid in an emergency; check out our piece on Malicious-AI.
Malware – Anything related to malware from fake advertisement pop-ups to trojans/spyware is used to gather sensitive information.
Wi-Fi hijacking – Also known as Evil-twin phishing, requires setting up a fake wi-fi network with copied “handshakes” or other means to trick victim devices into connecting. Later on, used to acquire any and all data-traffic coming via them.
An attack involving setting up a go-in-between party during a “secure” communication.
If a hacker can intercept private communication messages between two parties, either via malware or evil-twin wi-fi or even poorly encrypted networks and actively relay these messages. He can essentially manipulate this conversation either actively or simply eavesdropping.
Password / Brute Force Attacks
A relatively simple or primitive type of attack, an algorithm designed to breach passwords with randomly or defined combinations of usernames or passwords, until they find a match.
Most, if not all of these attacks, involve legions of bots either built for this purpose or hijacked devices via malware, we’ve mentioned these before as Bot-Nets.
Types of brute force tactics:
Simple brute force attacks – usually applied in file systems or other “simple” environments due to a lack of limit on access attempts.
These are as crude as inputting a 4-digit password from 0000 to 9999. For a computer it’s a matter of fraction of a second.
A typical case of a simple brute force attack
Dictionary Brute Force Attacks – These involve previously gathered password databases of passwords or most common passwords used. These are applied either to specific targets over a long span of time or carpet-bombing multiple websites with common combinations of usernames and passwords to find a match.
Hybrid Brute Force Attacks – Combination of the earlier two, by using common passwords or gathered databases and making small logical adjustments of 1 digit.
Did you know that the most common password of 2020 was “123456” with a whooping 2.5 million accounts; according to a NordPass analysis.
Recycling Attacks – People generally (and sadly) keep reusing several passwords throughout their whole internet presence. Even after confirmed data-breaches and stolen passwords, some credentials are either unchanged or have been changed to old ones from a few years ago. These attacks revolve around checking old databases for matches.
Rainbow Tables – A variant of Brute force attack targeting cryptographic hash functions, much like a dictionary attack, it uses existing data bases of passwords, but instead of attempting the passwords themselves, it compares these hash functions for matches. If you have the hash, you have the password.
Distributed Denial of Service (DDoS) attacks typically require an overflow of internet-packets sent to the victim to overwhelm the target servers or its surrounding infrastructure.
Its main goal is to deny users from accessing an online server.
Common types of DDoS attacks:
UDP Flood – User Datagram Protocol (UDP) Packet spam. Attacks random ports on a remote host. Essentially overwhelming the resources of the server with requests and responses ICMP responses.
Ping of Death (POD) – these attacks send an enormous number of deformed IP packets which on reassembly exceed the maximum packet length (65,535 bytes), overwhelming memory buffers and causing denial of service for legitimate requests.
ICMP Flood – Much like UDP, these attacks overwhelm the server with ICMP Echo requests without waiting for a reply from the victims ICMPs, bombarding it as fast as possible and slowing down overall system performance.
Slowloris – In essence this form of attack relies on opening and maintaining as many connections with the victim’s server as possible, for as long as possible. Pretty much traffic jamming the server and denying any new connections.
SYN Flood – Exploiting the TCP “three-way-handshake” the protocols this attack overflows the host with SYN requests without providing the final “third handshake” of a SYN acknowledgment. Once the host opens the maximum number of active connections, it refuses any new ones.
NTP Amplification – An UDP type of flood targeting primarily Network Time Protocol (NTP) servers with staggering amount of traffic.
HTTP Flood – Requiring in-depth knowledge of the target, this hand-crafted attack exploits the HTTP POST or GET requests, being able to demand complex server-side processing or computation. Ultimately bringing the server resources to their limit resulting in either massive slowdown, or complete shutdown.
Zero-Day Attacks – Anything and everything not recognized by the overall hacker community, these are new and unresearched (and thus unpatched) ways of attacking, which very few people understand.
APT – Advanced Persistent Threat
This is an encompassing term used to define big attack campaigns, with one perpetrator or massive teams of hackers, over a prolonged period. This is essentially a declaration of war or state of emergency for a victim’s company.
Targets of these are typically governments or huge corporations, they require careful preparation and research beforehand.
This topic is incredibly complex with stages of preparation, expansion and execution usually required by such a massive endeavour and we’re at our limit already, so alas… another time.
That is all that we could cram in for today, in our next topic we’ll try to address the resolution to these problems, ways to prevent them and defend yourselves!
Now at least, you know what to look out for and the general terminology involved in the Cybersecurity domain.
And, as you might have guessed the shoes of a “CyberSec expert” are incredibly hard to fill. Not only because they are the next generation warriors but also because their enemy constantly evolves and tries to outwit the system.
Thus, it’s a never-ending battle of attrition and learning for both sides.
But before you go, tell us when was the last time you updated your password and what is your current one? For comparison’s sake.
And if you do tell us, please change it.
Stay classy business and tech nerds!