The 8 tried and tested security attack types listed in this article for cybercriminals, still rank amongst the very top. Most people, if they have the opportunity, would look to cut corners. No one wants to work harder than they really have to, which brings us to the black hat guys.
There are so many exploits out there, with the more and less sophisticated variety utilised on both larger and small scale businesses. Thus, it’s the responsibility of businesses to learn as much as possible about these attacks, so that they can better protect themselves. Which brings us to this article.
- SQL Injection Attacks
Over the past decade, SQL injection attacks have been able to establish itself as one of the more common and successful attack types, allowing hackers to compromise web forms, server cookies, and HTTP posts in order to extract sensitive data from a web server database.
They do this by exploiting the input fields (like that which is seen on an online form) by injecting malicious scripts into them that are designed to fool a server into providing an unauthorised user with sensitive information. In order to successfully protect a network system from such attacks, permissible functions through SQL commands must be limited.
- Sensitive Data Exposure
Any data considered secretive should be protected using some form of encryption algorithm. However, in a lot of instances, this is actually implemented, but in a wholly incomplete fashion, allow cybercriminals to steal sensitive data that they shouldn’t be able to get their hands on. Information such as, credit card details, username and passwords, sensitive business information and social security numbers.
Some of the mistakes that are made when encrypting data include, using a custom encryption scheme instead of using your standard protocols and algorithms. Using simple keys, exposing those keys, and not putting in place the correct protocols, i.e. an invalidated TLS certificate.
Using the correct cryptographic controls (such as TLS with HSTS enabled and AES encryption), with all the right parameters, should ensure all sensitive information is secure.
- Man-in-the-middle attack (MITM)
A MITM or man in the middle attack occurs when a cybercriminal intercepts the communications between two or more parties, in a deliberate attempt to spy on individuals, so that they can steal credentials or other personal affix; or in some situations, to alter the conversation itself. MITM attacks aren’t nearly as common today as they were in the past, this is because a lot of chat services use end-to-end encryption, which prevents any third-party tools from altering the information that is sent back and forth through the network. This happens regardless of whether or not the network is secure.
- Drive-by Download
A drive-by download is when an end user goes onto a specific website, and a malicious file is downloaded onto that person’s computer without their knowledge. This might happen when an end user is downloading something to their system, when opening an email attachment, through a pop-up advertisement or just by going to a certain page. Drive-by attacks work by taking advanced of the lax security vulnerabilities that exists in apps, operating systems and browsers. For this reason, it’s very important that all software on your system is kept up to date. Another thing you can do is limit the amount of plug-ins you have on your browser and the amount of apps you have installed on your system, as they all provide avenues for which hackers can exploit.
- Password-based Attacks
While these kind of attacks can be categorised as an exploit, in many instances, because of how common they are, they really need to be given their own real estate. The number of password-based attacks is very wide and varied, including brute force (which is when a app attempts to guess the correct password), credential dumping (acquiring your secrets by stealing data still present on your RAM), credential stuffing (using valid credentials to gain access to an account), and Pass the Hash (PtH) which is a technique that involves stealing hashed credentials, which are then used to authenticate a session.
Password-based attacks can be minimised by enforcing complex password requirements, implementing code signing, using multi-factor authentication, and minimising the amount of privileges allocated to any one user.
- DDoS (Distributed Denial-of-Service)
A DDoS attack works by inundated a web server with the same requests, over and over, until the server is made unavailable. This is usually done through botnets, which create large number of requests, which is then distributed to the server through infected systems.
DDoS attacks are usually used together with other attack types, in most instances it is used as a distraction, while the other attack type does whatever it was designed to do. To properly protect your site or web server from these DDoS attacks requires a multi-faceted approach. First, you will need to use a content delivery network (CDN) in order to mitigate peaked traffic, along with scalable resources and a load balancer. Secondly, you also need to implement a web based firewall, just in case the DDDoS attack is in fact a distraction – this will prevent it from concealing any other attack type, such as an injection.
- Security Misconfiguration
Applications and servers are comprised of a large number of moving parts, that all must work in sync, which means proper configuration. This is a reality that exists at all levels of application stacks, from the network devices to the operating systems, up to the application and web server itself.
Ad hoc, incomplete or default configurations are capable of leaving sensitive data unprotected. Cloud services opened, default passwords utilised, and leaking of sensitive data through HTTP headers and other error messages, as well as other insecure settings could quite possibly allow hackers to access the data on your servers.
There are so many settings one must be aware of. But the reality is no single one is capable of keeping your system wholly safe. All settings that could potentially leave your system vulnerable should be looked over. This may also include patches and system updates – which likely occur periodically.
Uchenna Ani-Okoye is a former IT Manager who now runs his own computer support website https://www.compuchenna.co.uk/