Cyber Attack Examples
Discover exploit methods used by hackers
Last updated Friday, August 10, 2018
Cyber Attacks can take many forms, and arrive via many different methods. Malicious web pages, email messages, phone calls, text messages and physical presence expolits are all possibilities. Smaller organizations often struggle to defend against attacks due to their limited resources. Here are some of the more common forms of attacks.
What it is: A social engineering phone call, email, letter or fax from someone who appears to be a “known figure” but in fact is an imposter. Malware installed on the computer of the impersonated individual can copy signatures and other elements the imposter can use to fool you when contacting you.
How to defend: Verify requests for information or fund transfers by telephone, especially if the request appears to deviate from normal patterns.
What it is: Someone drops or places a USB drive in the parking lot or lobby of a business, hoping an employee will pick it up and, out of curiosity, insert the USB drive into their computer. Once inserted, worms, viruses, key loggers or ransomware can be installed discreetly onto the user’s computer.
How to defend: Programmatically lock USB ports and DVD drives on network machines to prevent an employee from using external storage devices. Keep AV software up to date and set GPO policies.
What it is: An attacker, sometimes posing as a vendor or delivery worker, follows an employee into the building when the employee uses their ID card or key to access the premises. This form of attack can result in unauthorized access to networks via unattended workstations, and theft of unsecured hardware including servers.
How to defend: Building security policies should be spelled out and consistently enforced. If possible, a gatekeeper/receptionist should be placed at points of entry to prevent unauthorized entry to facilities.
What it is: Phishing by phone. Caller ID is about as easy to spoof as an email address these days. Catch a busy employee at the right time and they may not question the identity of the caller before releasing funds, data or passwords. This form of attack has also been used to place long distance and 900 number calls.
How to defend: Nobody should surrender their username, password or company information without first verifying the contact, whether by email or phone. Train employees to question everything, every time.
WiFi / MiM Attack
What it is: An employee connects to what they believe to be a hotel’s WiFi network when in fact it’s a network created by someone in another room. Once connected, the attacker can intercept usernames, passwords and data passed between the victim and the service(s) they are using. This technique is also known as a “Man In the Middle” (MiM) attack.
How to defend: Public WiFi hotspots should always be regarded as insecure. Using cellular data is always preferable, and when combined with a VPN client, can offer a reasonable level of security. Lock down email servers and other services with Multi Factor Authentication (MFA) and restrict to VPN access only where possible.
Password Brute Force Attack
What it is: An attacker hammers a login page or connected system with a known username and a series of random or dictionary-based passwords until the right password is guessed.
How to defend: All systems requiring usernames and passwords should be protected with MFA and a “lockout” feature that blocks the requesting system after 5 failed attempts. The lockout should also freeze the account being attacked since sometimes attempts can be made from multiple remote systems concurrently.
What it is: An attacker overwhelms a connected device or system with a flood of traffic resulting in a loss of service, usually as a form of protest or revenge.
How to defend: Maintain security updates on connected devices, seek assistance from 3rd party mitigation services if an attack persists for a long period of time.
What it is: An attacker injects code into a website that fools the visitor or browser into downloading and executing code. The malware can then encrypt data (Ransomware), steal password (Keyloggers), enslave other networked computers (Botnet) or send company data to the attacker.
How to defend: Keep AV current, deploy an Edge Defense solution, invest in products that detect unusual activity and train end users.
Advanced Persistent Threat Attack
What it is: A covert attack that continues over time undetected, harvesting user credentials and confidential information on an ongoing basis (Sony Entertainment was the victim of a APT attack).
How to defend: This sort of attack is very sophisticated and hard to detect. Wherever possible, data should be encrypted when at rest on the network to make it useless if stolen, and tight controls should be maintained over which users have permission to access sensitive information. Threat Intelligence tools can also help.
Filed Under: Security