6 common types of cyber attacks

The technological boom we have witnessed and are still experiencing has undoubtedly led to the emergence of great tech savvy talents and seasoned experts who are the men and women tasked with managing and maintaining the IT systems of organizations.

Nevertheless, as the saying goes, “every rose has its thorn…” And as you may have guessed, some of these technology buffs use their talent for not so noble a cause. In fact, cybercrime has now reached unprecedented levels.

It’s a jungle out there…malicious hackers are predators out hunting for their prey, looking to exploit their vulnerabilities, constantly trying to come up with new hacking techniques seeking the element of surprise to catch people off-guard when they least expect it.

So, whether you’re a business or simply a user, you definitely need to be on constant alert to effectively fend off cyberattacks. While there are myriad ways to hack into a system, we have listed what we believe are the 6 most common.

1. DoS (Denial of Service) or DDoS (Distributed Denial of Service)

This technique is not really new but is one of the most known and feared by companies. A Denial of Service (DoS) consists in flooding the bandwidth or resources of a targeted server with internet traffic rendering it unusable.

Unlike a DoS that originates from a single site, a Distributed Denial of Service (DDoS) attack originates from multiple sites targeting a single server.

The objective of this strike is to cripple the target’s services. According to ENISA‘s Threat Landscape Report, DDoS attacks surged during the coronavirus pandemic with more than 10 million attacks in 2020 alone, nearly 1.6 million more than in 2019.

2. Phishing

This technique utilizes both technology and social engineering i.e. human interaction. This type of cyberattack is widespread and does not require much expertise or any sophisticated tools.

Its modus operandi is as follows: the hacker poses as a trustworthy person or organization fishing for sensitive information by tricking their target to click on a link or open a malicious e-mail.

The hacker’s goal is to steal a person’s identity and confidential information such as their bank details.

With this technique, criminals can target an individual or a group of individuals. The latter case is called Spear Fishing, which consists of sending an e-mail to a large number of users and counting on that one person (or more) who will take the bait and click on the malicious link.

3. Ransomware

True to its name, this is a type of malicious software designed to block a company’s IT system, hold it hostage and demand a ransom for its release. The hackers block access to files and data that are vital to running the business.

The scammers demand a substantial amount of money which, once paid, allows the organization to regain control of its data…or not.

After all, no one knows if the criminals will stick to their word. The different scenarios that could play out are: getting the data back and putting an end to the nightmare (unlikely), being retargeted by a second attack (very likely) or receiving damaged data (a nightmare!). It is high time we stop financing these criminals and that is why we strongly recommend that companies not pay the ransom.

It goes without saying that these attacks are conducted for financial gain: 71% of data breaches are financially motivated.

4. Trojan

The name is derived from the ancient Greek story of the deceptive Trojan Horse, where Greek soldiers hid in the wooden statute to get into Troy, and that led to the fall of the city.

It is a type of malware that downloads onto a computer disguised as a legitimate program (file attachment in an email or free-to-download file). Once downloaded the attacker gains backdoor access to the company’s network and systems.

Beware of the Trojan Horse…you should always be wary of “gifts” from apparently reliable sources! They can be a real threat.

5. Quid pro quo

This is Latin for “something for something.” The goal is to request information, download malware or reveal confidential information. The attacker asks the victim for any of the above in exchange of money or something of value.

For instance, you seem to be encountering a technical problem on your computer. Someone pretending to be an IT expert says he can help you by taking control of your machine. But they need your login and password. At first glance this seems pretty obvious because “they are helping you” but in actual fact this is a typical example of what a quid pro quo attack is. Your privacy has just been compromised.

6. Password attacks

This boils down to stealing your password. We use passwords all the time, whether it is to access our applications, customer accounts, online services…For cybercriminals, password attacks are an effective way of getting into secured systems.

One of the most famous techniques used is called a brute force attack. Hackers work through all possible combinations of the most common letters and symbols hoping to correctly guess the password and unlock the system. They will try to guess the password using the individual’s personal information such as a birthday, job title, name…this is why it is recommended to create and use passwords that are much more complex such as long sentences that are much harder to guess.

Cyberattacks can clearly hurt businesses regardless of size or industry. Thus, poor or lack of an effective cybersecurity strategy will eventually turn your company into a target. This is especially true for small and medium-sized businesses that believe their small size will somehow keep them flying under the hackers’ radar when in fact SMEs are their favorite treat.

So, to ensure your organization is cybersafe it is essential to raise awareness and train employees on cybersecurity. The good news is that you can take preventive action by running a cyber detection solution that picks up flaws and malware in web systems and networks and a rating solution that rates the cyber risk level of your services.