A cyber-attack refers to any malicious and deliberate attempt by one or more individuals (or organizations) to breach the information system of another organization or individual — the benefit of such an attack, or lack thereof, notwithstanding.
Cyber-attacks have been steadily on the rise over the last couple of years as people seek to benefit from vulnerable business systems. Often, most cyber-attacks lead to ransom demands with many of them ending up in thousands of dollars in damages.
In 2019, you need to look out for different types of cyber-attacks ranging from password attacks to a full-scale denial of service (DoS) or distributed denial-of-service (DDoS) attacks.
This year, cyber threats will also include those launched with the ulterior motive of obliterating systems and data either for pure fun or as a form of hacktivism. This article looks at some of the most common types of cyber-attacks to watch out for in 2019 and how to prepare or avoid them.
1. Denial-of-service (DoS) Attacks
In a nutshell, a DoS attack floods your networks, systems, or servers with traffic to exhaust your resources and bandwidth. This prevents the system from fulfilling legitimate requests. When attackers launch this attack using multiple compromised devices, it is said to be a distributed-denial-of-service (DDoS) attack.
Unlike other cyber-attacks that enable an attacker to gain access to your systems, a DoS attack has no direct benefits for attackers. These attacks are used by hacktivists or competitors who want to disrupt your operations. Sometimes the aim may be to take your system offline to launch a different type of attack.
Common DoS attacks include:
• TCP SYN Flood Attack: Here, an attack exploits buffer space during Transmission Control Protocol (TCP) sessions’ initialization handshake. The attacking device floods your systems with connection requests but fails to respond to system replies causing a time out. This causes your system to become unusable or to crash. Possible countermeasures include using configured firewalls to protect your servers and increasing the size of your connection queue while decreasing the timeout period on open connections.
• Botnets: These are hacker-controlled systems (in the millions) that are infected with malware and used to attack, and overwhelm, your system’s bandwidth and processing capabilities. Botnets can be mitigated by black hole filtering or RFC3704 filtering.
2. Man-in-the-Middle (MitM) Attacks
Man-in-the-Middle (MitM) attacks occur when attackers insert themselves in between a two-party transaction. Once your traffic is interrupted, the attackers can filter and steal your data. One common MitM points of entry attacks are unsecured public Wi-Fi. Once malware has breached your system, the attacker can install software to process all your information.
Some common MitM attacks include:
• Session Hijacking: Here, an attacker hijacks a session between you and a trusted network server.
• IP Spoofing: IP spoofing is used to convince your computer systems that they are communicating with a trusted, known entity hence providing your attacker with system access.
• Replay: An attacker intercepts old messages and saves them with the intention to send them later to impersonate one of your trusted participants. This attack can be countered with nonce or session timestamps.
3. SQL Injection Attack
A Structured Query Language (SQL) injection attack occurs when your attacker inserts malicious code into your SQL servers and forces them to reveal sensitive information.
Successful SQL injection attacks can reveal sensitive data from your database, modify your data (insert, delete, or update), execute administration operations on your database, recover file contents, or even issue commands to your operating system.
To protect against SQL injection attacks:
• Apply least privilege permission models in your databases.
• Stick to stored procedures (that don’t include dynamic SQL) and prepared statements (parameter queries).
• Validate all input data at the application level against a white list.
4. Malware Attack
Malware (malicious software) is any unwanted software installed in your system(s) without your consent. It can attach itself to other software programs and propagate, replicate itself across your systems, or lurk in useful applications.
Some common malware includes:
• Macro Virus: Infects applications like Microsoft Word where it executes instructions once opened before transferring back control to the app.
• Trojans: These programs hide in a useful program to infect your systems. Unlike viruses, Trojans don’t self-replicate but can be used to establish back doors that are exploited by attackers.
• File Infector: It attaches itself to executable code, for example, .exe files, and is installed once the code is opened.
• Worms: Unlike viruses, worms don’t attach to a host file, but these self-contained programs can propagate across computers and networks.
• Boot-Record Infector: It attaches itself to the master boot record on your hard disk where it’s loaded into memory when the system is started and can propagate to other drives or computers.
• Spyware: This program-type is installed in your computer systems to collect information about you, your computer, or your browsing habits. The data collected is then relayed back to a remote user.
• Stealth viruses: They take over systems functions to conceal malware and prevent detection.
• Droppers: These programs are used to install viruses on computer systems. Most droppers are not infected with malware and may not be detectable using virus-scanning software. They can also connect and download virus software updates over the Internet.
• Adware: Adware is any unwanted software application used by businesses for marketing purposes. They automatically appear as a bar or a pop-up window on your screen.
5. Phishing Attack
Phishing refers to the practice of sending fraudulent email communications that appear to originate from a trusted source with the aim of gaining personal information or influencing the target to do something. Phishing combines technical trickery with social engineering to gain access to sensitive data such as login information and credit card data.
Phishing could be used to install malware on your systems using an attachment sent via an email to you or one of your employees. It could also be in the form of an illegitimate website that tricks you into handing over sensitive information or downloading malware.
Spear phishing is a form of targeted phishing activity whereby an attacker can specifically target you or an employee. To protect against phishing:
• Read and analyze all your emails carefully to determine their credibility.
• Do not open any links directly in your email. Instead, hover over them to see the URL and open them in a new tab.
• Analyze email headers. The “Return-Path” and “Reply-to” parameters should lead you to the same domain stated in the email.
• Sandbox any suspicious emails to analyze their eligibility.
To mount an excellent cyber defense requires you to understand different potential attacks. As you can see, attackers have several options to disrupt and compromise your information systems in 2019, such as DDoS Attacks, man-in-the-middle interception, malware infection, phishing, and SQL injection attacks.
While measures to mitigate these threats vary, the security basics are the same: update your systems and anti-virus databases, configure your firewall appropriately, make regular backups, train your employees, and continuously audit your IT systems for any suspicious activity.
Guest Contributor: Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT. Learn more at ReciprocityLabs.com.