Think before you click. Secure your cyberspace, secure your digital life
Hey there !! In this article, you will get to know about some cyberattacks in simple terms. So, let's start ....
Man in the Middle attack
Suppose a person sends a request to an application. But hacker as middle person manipulates the conversation and retrieves confidential information. It is known as Man-in-the-middle attack or MiTM. So, in very simple terms, MitM attack occurs when a communication between two systems or people is intercepted by an unauthorized party.
Image from Comodo Antivirus
Phishing attack
Phishing attack is done via emails to steal sensitive information like login credentials or credit card information. And it seems like emails are coming from legitimate source but they are not.
Image from Simplilearn
Spoofing attack
Spoofing attacks copy and exploit the identity of your contacts, the look of well-known brands, or the addresses of trusted websites. Some attackers disguise their communications, such as emails or phone calls — so that they appear to be coming from a trusted person or organization. With these types of spoofing attacks, hackers try to trick you into exposing sensitive personal information.
The difference between spoofing and phishing is that while spoofing uses someone else’s identity, phishing attacks try to access sensitive information.
DOS attack
Denial of Service or DOS attack is an attack made to shut down a system, so that the system will no more accessible to the user. It is done by flooding the target with traffic.
DNS Amplification attack
Attackers are attacking the DNS server directly and requesting a large amount of data back from the DNS server, which can bring the DNS server down and cripple anyone that is using that DNS server for name resolution services.
Image from Varonis
Smurf attack
It is a kind of DDOS attack in which an attacker attempts to flood a targeted server with ICMP packets by making requests with spoofed IP address.
Image from Imperva
SQL Injection attack
Hackers perform an SQL injection attack through an entry field — such as a login portal, or a search bar — in a web API. By altering the entry data with a malicious snippet of code known as an exploit, a cybercriminal can trick an unsecured database into interpreting the data as a command.
Image from AVG
Brute-Force attack
It is an trial and error attack to guess login credentials. Brute force attacks run every single combination of numbers and characters available, so irrespective of how secure user credentials are, given the time and processing power, they will get cracked.
Cross site scripting (XSS)
In this attack, code is executed in the victims browser either from injecting JavaScript into a web application and having a victim visit the vulnerable URL.
Image from Secure Flag Knowledge Base
Zero Day attack
The typical zero-day attack, by definition, exploits software flaws before they are publicly disclosed. Stuxnet is a computer worm that affected the computers in Iran’s nuclear plant Natanz back in 2010. This malware exploited a zero day vulnerability in Windows at that time.
Ping of Death
A Ping of death (PoD) attack is a denial-of-service (DoS) attack, in which the attacker aims to disrupt a targeted machine by sending a packet larger than the maximum allowable size, causing the target machine to freeze or crash.
Image from Cloudflare
Social Engineering attack
It includes urgent voice mails convince victims they need to act quickly to protect themselves from arrest or other risk.
EXAMPLE - You receive an email from customer support at an online shopping website that you frequently buy from telling you that they need to confirm your credit card information to protect your account. The email language urges you to respond quickly to ensure that your credit card information isn’t stolen by criminals. Without thinking twice and because you trust the online store, you send not only your credit card information but also your mailing address and phone number. A few days later, you receive a call from your credit card company telling you that your credit card has been stolen and used for thousands of dollars of fraudulent purchases.
Whaling attack
It is a type of Phishing attack that targets high level executives or we can say senior management in an organization such as CEO, CFO, to steal sensitive information from the company.
Eavesdropping
Hackers are eavesdropping on your communications seeking to steal login credentials, and other sensitive information on a user’s devices. Eavesdropping also allows hackers to listen into VoIP communications as well. Eavesdropping is similar to a sniffing attack, where software applications allow a hacker to steal usernames and passwords simply by observing network traffic. This often happens on Public Wi-Fi networks.
Image from Wallarm
Click-jacking attack
Clickjacking is an interface-based attack in which a user is tricked into clicking on actionable content on a hidden website by clicking on some other content in a decoy website. Consider the following example:
A web user accesses a decoy website (perhaps this is a link provided by an email) and clicks on a button to win a prize. Unknowingly, they have been deceived by an attacker into pressing an alternative hidden button and this results in the payment of an account on another site. This is an example of a clickjacking attack.
Image from PortSwigger
Wrap Up
Keep your personal information safe—choose disk encryption, strong passwords, and 2-step verification🔒. Putting your best foot forward and taking a proactive stance against cybersecurity threats is the best defense.