The Big Cyber Threats Breakdown: Types of Cyber Attacks
Last year, I published a series breaking down various cyber threats: how they work, infamous case studies and how to defend yourself against them. In this post, I have compiled the entire list amounting to nine types of cyber-attacks. I’ve added some high-level statistics reported from 2016 as well as more recent case studies exhibiting these attacks at play.
I hope you find this list informative and that it will help you, not only to understand the risks, but to have a better holistic understanding of cyber security and what cyber security experts are defending you against. I’ve also included relevant courses which address these specific types o attacks. Read, learn and enjoy!
Phishing Attacks are the primary vector for malware attacks and are usually comprised of a malicious e-mail attachment or an e-mail with an embedded, malicious link. Phishing e-mails, typically, falsely claim to be an established or legitimate enterprise.
Phishing e-mails are often easy to detect, if you know what you’re looking for. They often have a slew of grammatical and spelling errors and tend to ask for personal or credit information. On top of that, it’s usually from a source which doesn’t typically require this information, already has the information or typically doesn’t direct the user towards external links via email.
Recent Case: PHISHING NATO
- The APWG [Anti-Phishing Working Group] reported the number of phishing websites jumped 250% between Oct. 2015 and March 2016.
- The InfoSec Institute acknowledges 7 kinds of phishing attacks:
- Phishing Websites
- Social Media Attacks
- Fraudulent Tax Returns
- Phishy Phone Calls
- Charity Phishing
- CEO Phishing
- Per Verizon, 30% of phishing messages get opened by targeted users and 12 percent of those users click on the malicious attachment or link
How to defend:
- Awareness Training
- Remove Admin rights for those who don’t absolutely need it
- Patch the operating system and application
- Invest in solutions such as
- Web protection
- Email protection
- Managed online backup
- Mobile device management
- Password Manager
A Spear phishing attack is among the most popular entry points of cybersecurity breaches. A spear phishing attack requires advanced hacking skills and are very hard to detect because they typically rely on the end-user’s opening a file in a personal, targeted email. Spear phishing attacks typically target decision makers within a company. Often pretending to be a trusted colleague, friend or partner company- owners, managers and administrators need to be thoroughly trained and taught about “tells” in these cleverly malicious messages
Recent Case: The Yahoo breaches started with spear-phishing
- Per a report fromTrend Micro, 91% of cyber-attacks are initiated by a spear phishing email.
- SANS Institute reports, 95% of all attacks on enterprise networks are the result of successful spear phishing.
- Intel Reports, 97% of people around the world cannot identify a sophisticated phishing email.
How to defend:
- Comprehensive awareness training
- Secure manager end-points
- Remove administrative privileges whenever possible
- Cybersecurity solutions and tools (as listed above)
Network Probes are not an immediate threat. However, they do indicate that someone is casing your system for possible entry points for attack. It’s a network monitor which analyzes protocols and network traffic (in real-time).
How to defend: Once you have a comprehensive understanding and have recorded events, report the probe. You’re going to want to alert management and the security team about the probe so they can conduct forensic analysis and make executive decisions about how to proceed. Once reported, continue monitoring the activity by placing extra intrusion detection sensors on uncovered network sections and leverage your operations center. From here, you may want to contact the source- if not given further instruction- and try to determine what had attracted the attention in the first place. This will help you prevent future occurrences.
Brute-force Cracking: a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.
Brute-force cracking basically amounts to continually guessing a password until one gets it right, allowing entry to a site. It can also mean similar trial-and-error means of finding hidden pages.
Recent Case: 35% of leaked LinkedIn passwords, over 63 and a half million, were already known from previous password dictionaries; 65% could be easily cracked with brute force using standard off-the-shelf cracking hardware.
How to defend: When it comes to Windows, authentication mode and lockout privacy settings are an easy and effective way to prevent brute-force cracking attempts as they make the attack even more time consuming. It’s important to never use a domain administrator account as an SQL database connection account because it could lead from a brute-force attack to a denial of service condition.
SQL server authentication brute-force attack vulnerability lacks features which detect systems under a brute-force attack, making it a whole new, messy beast. It is a very difficult task to secure an application which requires domain level administrative privileges and lacks the ability of running on an old version of SQL server. You can look at the encryption of database connection as well as how it connects and authenticates to the application. Each database system and application are a little different and require variations of precautionary measures.
Drive-by Download Attacks are ignited simply by a victim clicking a link which, unwittingly to them, injects malicious software onto their computer- or another device. The malware most frequently used in Drive-by Download Attacks are called Trojans.
Stats: Cyber-criminals prefer using well-established, high-traffic websites to conduct their attacks. According to a 2012 study by Barracuda Labs, over 50% of all sites serving drive-by downloads were more than five years old.
Distributed Denial of Services [DDoS]: an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
DDoS attacks are one of the most common attacks used to compromise an organization’s system. They are a type of DOS attack which uses multiple compromised systems to target a single system. These compromised systems are typically infected with a Trojan and are used to overwhelm an online service, impacting abilities to publish and access important information.
Recent Case: Mirai Botnet takes down the internet
- According to NexusGuard, there has been an 83% increase of DDoS attacks in the second quarter of 2016 compared to the first quarter.
- Between April 2015 and March 2016, Imperva Incapsula blocked an average of 445 DDoS attacks targeting its customers per week.
How to defend: While routers and firewalls are a great start, but are cannot fight against the sophistication and complexity of these larger, volumetric attacks. Properly configured server applications can minimize effects and awareness training can help avoid additional intrusion points- such as phishing e-mails. Installing an intrusion-detection system is another great precautionary measure, however, once a DDoS attack has begun, DDoS mitigation appliances are the best defense against stopping the systems breach. At CyberTraining 365, students learn the best mitigation methods and the most current technologies to handle DDoS attacks as well as the array of other cybercrimes.
Advanced Persistent Threat Attack [APT]: a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period.
The goal of an advanced persistent threat attack is to maintain covert, ongoing access to a network. This allows hackers to continuously gather valid user credentials and access to more, and more, valuable information. An advanced persistent threat attack aims to gather information rather than shut down a network, requiring continual code rewrites and sophisticated evasion techniques.
- As per the Poneman Institute, breached retailers took an average of 197 days to identify an APT intrusion, while financial services firms took 98 days to detect an attack.
- On Sony Pictures, Ars Techina reported “The entertainment company has reportedly lost control of more than 100 terabytes of data without the company, or its security measures, detecting the breach,”
· Trustwave Security Stats, as of 2015, reported 28% of organizations have experienced an advanced persistent threat attack, and three-quarters have failed to update their third-party vendor contracts to include better protection against APTs.
How to defend: The companies which fall victim to APT attacks are usually based on the enterprise level and are prone to cyber risks because of political, cultural, religious or ideological products or services, often making for high-profile cases. Due to the vast impact and complexity of APT attacks, multiple technologies are required in combating it. Specific security sets are needed, around-the-clock monitoring and incident reports are necessary, extreme use of encryption of data at rest is crucial and network segregation, intrusion detection systems and application white listing capabilities should be added to reverse the damage of an APT attack. There are also preventative measures such as having a “vulnerability management system in place, keeping security patches up to date and continually testing the security posture of the IT infrastructure”, per Ionut Ionescu- head of threat management at Betfair.
Ransomware is getting popular and hackers are increasingly recognizing the financial benefits of employing such tactics. Ransomware occurs when a hacker(s) infects a computer, either with a malicious software shutting down their system (locker-ransomware) or by custom encrypting important files in their system and demanding a ransom (typically in bitcoins) in return for their systems/files (crypto-ransomware).
Stats: The following statistics and facts are from Symantic’s Ransomware and Business 2016 report.
- The average ransom demand has more than doubled and is now $679, up from $294 at the end of 2015.
- The advent of ransomware-as-a-service (RaaS) means a larger number of cybercriminals can acquire their own ransomware, including those with relatively low levels of expertise.
- Between January 2015 and April 2016, the US was the region most affected by ransomware, with 28 percent of global infections.
- Consumers are the most likely victims of ransomware, accounting for 57 percent of all infections between January 2015 and April 2016.
How to defend: Some ways to prevent against Trojans like CryptoLocker include employing awareness and behaviors which avoid phishing emails and disabling hidden file extensions. The BEST way to defend against ransomware is to BACK UP YOUR FILES. Those deploying ransomware will have nothing to hold over you if your files are safely backed up.
Call to Action
CyberTraining 365’s Data Security and Privacy Training is a comprehensive training solution aimed at teaching employees how to identify, mitigate and report cyber threats; creating awareness of information security risks for all roles across a company, Finance, HR, Legal, IT, Marketing, etc. This training is available on https://datasecurity365.com.
The training is subscription based, which is great for optimizing your budget with rotating seats, and has white-labeling availability. This way, you can keep your academy consistent with your internal branding.
On top of this, you can create a wider library for your business with advanced cyber security training courses for your IT team, data security and privacy training for your non-technical employees and the most current, up-to-date methodologies for your cyber security team to keep up with the industry.
CyberTraining 365 is an online academy that offers nearly 1,000 hours of relevant and cutting edge cyber security training. Our training provides the most in demand industry certification prep courses including EC-Council, CompTIA, (ISC)2 and Cisco; all taught by leading cyber security experts. All of our offerings are aligned with the national initiative for cyber security education (NICE) and ensure the most up-to-date information for this constantly shifting field. With engaging content in a scenario-based format, CyberTraining 365 uses bite-sized micro-learning methodology ensures learners are not overwhelmed with information. On Demand LMS platform has white-label capabilities ideal for internal training purposes.