The world is slowly transitioning to a completely digital age since the convenience factor kicks in and digital transactions have become more and more secure with updated data security protocols being implemented to prevent a cyber-attack. But with the evolving security measures, hackers have also evolved to implement different techniques to find exploits in the system. In case of a Cyberattack, the security system gets compromised since the identification signature of the attack is not registered in the database of the security software which in turn brings the complete system down. In a gist, cyberattack finds out exploits in the target system through the Computer Network and expose / leak business critical data, steal or gain access to the system or make unauthorised use of the data compromised. Some of the most common ways or types of Cyberattack includes:
- Denial of Service Attack: DDOS is a technique utilized by hackers to unnecessarily load the system resources so that the system won’t be capable to fulfill service requests. In comparison to other techniques, this attack doesn’t benefit the hacker in any means, it only slows the processing of the request.
- Ping of death Attack: This type of an attack targets buffer overflows in terms of the IP size. Since the IP size doesn’t exceed 65,535 bytes the hacker fragments the IP packet. On reassembling the IP Packet, buffer overflow occurs leading to crashes.
- Man in the Middle Attack: Here there are two techniques utilized:
a. Session hijack: The hacker targets transaction sessions and hijacks the session to divert the transaction amount to the hacker account.
b. IP Spoofing: IP Spoofing is a technique to make the target system realize that the Hacker’s source is a trusted source and provides access to the system.
c. Replay Attack: This type of attack is done when the attacker intercepts the old messages and tries to send the same message later to initiate a transaction.
- Drive by Attack: This sort of attack is triggers installation of a malware in the system through non user initiated scripts. These scripts can be present in the HTML / PHP scripts and the User is only required to visit the website to trigger the Malware event. The malware takes advantage of the flaws in the Operating System, Web Browser, and initiates the attack.
- Phishing Attack: Phishing attack is the technique to send a mail to the target person imitating as from a reliable source and as soon as the User clicks on the mail, the malware gets loaded into the System. The malware then attempts to steal critical information from the target system or also perform any exploit actions.
- Password Attack: There are two ways of performing a Password attack:
a. Brute Force: This is purely a guesswork for the Hacker to get the credentials of the target user. This is done through social engineering like trying the password related to names, date of birth, occupation, business etc.
b. Dictionary Attack: The dictionary attack as the name suggests provides a dictionary of common passwords used and is compared with the encrypted with the Encrypted password file to match the results.
These are just some of the techniques out of countless ones and these techniques evolve a lot too. Measures to mitigate this is often realized after an attack has occurred but smart security systems can predict patterns occurring and highlight the unusual observations occurring in the system. Frequent security auditing, configuring firewall rules, using a strong password policy are all key essentials to prevent any loopholes in the system for the attacker.