When it comes to cybersecurity, the phrase "knowledge is power" couldn't be more true. The less you and your staff know about cybersecurity threats and best practices, the more vulnerable you will be.
To help your business guard against this vulnerability, we've put together a list of some of the most common types of cyber attacks and provided their most effective solutions.
How to avoid the 6 most common types of cyber attacks
The attack: Malware
First on our list is perhaps the most prevalent and dangerous: malware, or malicious software. Malware encompasses such a broad swathe of cybersecurity threats that it can be hard to pin down. There's ransomware, malware designed to leak data, and malware that simply destroys digital assets.
One of the key reasons malware remains a potent threat is that it can take several forms. It can also disguise itself for a long time, going unnoticed by your systems and IT teams until it's too late. Malware is also involved in some of the other kinds of threats we mention further on in this post.
And no matter how strong your defenses are, there's a good chance that you're more susceptible to a malware attack than you realize. In 2022 alone, there have been attacks against major tech companies like Nvidia, the Costa Rican government, and global corporations like Toyota.
The defense: Access control and endpoint protection (EPP) software are your allies
So if malware attacks are so potent and diverse, how can you keep your business secured against them?
For starters, you need to invest in strong access control. Access control is the practice of limiting who can access each of your assets and accounts. This is less convenient than a more open-access policy, but it'll go a long way towards keeping your accounts protected. Always apply the principle of least privilege - don’t give users admin rights when they don’t need them. Malware often needs to exploit administrative privileges in order to “install” itself.
Additionally, while it may sound like a stale security measure, anti-virus and anti-malware (each a capability of most EPP solutions nowadays) remain highly effective against malware. They're not invincible measures, but many of them are equipped to guard your assets and network around the clock.
The attack: Phishing
Another old-school cybersecurity threat is phishing. Phishing is a social engineering tactic wherein data is obtained from your staff by a malicious party. Fun fact: the term “phishing” comes from scammers using e-mail lures (angling metaphor), to "fish" for passwords from the "sea" of Internet users.
One of the most familiar examples is a fake website or email. This is when the bad actor creates an email or website that mirrors a legitimate email or website asking for sensitive information.
While many people can quickly spot most phishing attempts, this strategy generally involves casting a wide net. They don't need to fool your entire staff, but just one member. And while we may think of phishing as an outdated and ineffective strategy, it's never been more popular, with a record-breaking number of phishing attacks in 2022 alone.
The defense: Educating your staff
Unfortunately, there aren't many "complete" defenses against phishing attempts. While mail filters do a good job of filtering out most phishing attacks, there are always some that get through. Because they rely on social engineering, the bad actors aren't looking to break through a complex security system. Instead, they're relying on the trusting nature or absent-mindedness of your staff and stakeholders.
We have even seen senior staff, especially those who are authorized company representatives in the media targeted by spear phishing attacks. Basically, all your official representatives are targets.
To overcome this, you need to educate your staff on phishing routinely. It may even help to conduct a phishing test within your workplace to see where your weak points within your organization are.
By ensuring that each member of your staff is able to analyze and vet emails, websites, and other interactions as potentially malicious, you'll be far less likely to succumb to a phishing attack.
The attack: Password attack
Similar to phishing, password attacks are a "classic" form of cybersecurity attack. This involves obtaining a password and using it to access sensitive assets or information. And while it can be accomplished through phishing, we'll focus on other strategies since phishing has already been covered above.
There are several ways that a password attack can take place:
- Brute force: A program automatically tries thousands of common passwords and their variations to gain access to an account. One of the most frequent and often most successful password attacks which is a variant of the brute-force approach is to try commonly-used passwords and default passwords.
- Rainbow table attack: It's not uncommon (and is, in fact, a good practice) for businesses to encrypt their users' passwords. This way, even in a data leak, the passwords will be scrambled. Unfortunately, businesses often use a well-known hash to encrypt their passwords. Rainbow table attacks use well-known hashes to decrypt encrypted passwords, using a similar method to a brute force technique.
- Password spraying: As the name implies, this is when a hacker uses the brute force strategy on a multitude of accounts within an organization. In this case, it only takes one weak password for the attack to succeed.
- Keylogger attacks: A key logger records all typed strings on a computer, and is installed discreetly, just like other kinds of malware. The recorded typed strings are then sent back to the hacker, who locates the typed password(s) and lifts it.
The defense: Embrace MFA
So, with so many different ways for a password attack to take place, how can your business protect itself from them all?
Fortunately, we have developed a pretty solid defense against this in recent years. That's multi-factor authentication or MFA. It combines a password with a one-time token and/or biometric data. This means that the password alone is more or less useless, rendering all of these password attack methods toothless.
Where services don’t support MFA, requiring access using a VPN which does support MFA is a workaround.
Another simple defense against password attacks is to disable or block access at a network level to services which are not used. If services are not exposed, they cannot be attacked.
The latest defense against password attacks is the use of “password-less authentication”. It’s a kind of authentication which does not rely on passwords but rather uses other ways to uniquely identify users, such as biometrics.
The attack: Distributed Denial-of-Service
Distributed Denial-of-Service, or DDoS, is when a malicious party uses bots and automation to drive false traffic to your website, servers, or platforms. It’s also important to note that many kinds of DDoS attacks are propagated via malware.
By overwhelming your systems with a rapid surge in traffic, they can crash your systems, make your services unavailable to your customers, and otherwise hold your business hostage until the DDoS attack eventually lets up.
While a DDoS attack can be difficult to orchestrate, it's far from an unpopular technique. Recently, it's primarily been used against businesses, organizations, and regulating bodies that are particularly dependent on technology, such as airlines and ports.
The defense: Lean on a defensive service
DDoS is a fairly unique type of cybersecurity attack, and as such, it requires a unique and (at least for now) singular solution. The best businesses and organizations can do to guard against DDoS is to absorb the traffic.
In other words, you typically can't stop the incoming traffic to your services, site, platform, etc. Instead, you need to redirect or block that traffic so that your services aren't overwhelmed.
And for that, you'll need a security partner that specializes in DDoS. Like a surge protector for a wall outlet, these security providers monitor your traffic. As soon as a sudden surge in traffic is detected, it's redirected to the security provider's servers, where it's absorbed, leaving your services up and running.
CDNs (content delivery networks) often combined with WAFs (web application firewalls) have the capability to defend against DDoS attacks. By being highly distributed, larger CDNs have the capability to block DDoS attacks. In a way, the use of a CDN is using the same tactic as the attacker, that of being distributed, to defeat the attack. By virtue of the fact that a CDN is distributed, it can block a DDoS attack closer to source, meaning that it can be blocked at points where the volumes of traffic are smaller.
The attack: SQL injections
This type of cyber attack gets a bit technical, but it’s surprisingly easy to pull off when you understand how it works.
SQL is a programming language that is used to access and manage information that is held in relational databases. It's so ubiquitous that your business surely uses it. SQL injection attacks are mainly the result of poor coding which allows an external attacker to insert unauthorized SQL code into a (web) application.
Surprisingly, if no defenses are in place, SQL commands can often be executed through text forms on your website for example. Any form (such as a password field) that links to an SQL database can potentially be exploited as well. Most commonly, this occurs through web forms where the developer doesn’t check the user input, allowing a devious attacker to insert cleverly disguised SQL code.
The defense: Validate your inputs and use parameterized queries
Fortunately, guarding against SQL injections is extremely simple and effective. Putting some basic input validation measures in place will stop most SQLI attacks, as the SQLI inputs will be disregarded. Additionally, implementing parameterized queries will ensure that standard SQL queries aren't registered by your system.
The most important defense against SQL injection attacks is through coding discipline and checking all inputs from end users before using them in SQL statements. Patching is also an important discipline because so many widely-used platforms, like Wordpress for example, use a SQL database under the hood.
The attack: DNS tunneling
The last cybersecurity attack you should be aware of is DNS tunneling. DNS (short for Domain Name System) is used by all systems on the Internet to look up names, such as “www.security.ntt” and translate them to IP addresses which computers use to communicate over IP networks (such as the Internet). Certain kinds of malware use DNS tunneling to hide their communication with command and control servers by hiding their communication in seemingly innocuous DNS requests. For instance, DNS tunneling can be used to perform data exfiltration - sending your data, which has been stolen, back to an attacker in a way that it is disguised as legitimate requests to perform DNS lookups.
You can think of it as a Trojan horse that enters through your network. And while it might not sound like much, it can be one of the most damaging types of cybersecurity attacks. Not only is this attack method becoming more popular, but on average, it costs businesses $1 million per attack.
The defense: Employ a DNS filtering system
The good news is that there are tools in place for DNS tunneling attacks. You can invest in a DNS filtering system, also known as a DNS proxy, which will filter through incoming DNS requests to determine whether or not they're secretly carrying a malware payload. This should stop the vast majority of DNS tunneling attempts in their tracks before any damage is able to take place. Samurai XDR can also detect DNS tunneling activity.
Featured articles
The Importance of XDR for Regulatory Compliance
5 September 2024 | XDR
The SEC's 2024 cybersecurity disclosure rules mandate public companies to disclose incidents and detail their risk management strategies. Even non-public...
Samurai Threat Intelligence - what is it and how our customers get value
5 September 2024 | Threat Intelligence
Threat intelligence is a critical component of any cybersecurity approach, it assists in identifying and tackling existing and new waves...
Integrating Microsoft Sentinel with Samurai XDR for Enhanced Threat Detection
3 September 2024 | Cybersecurity 101
Microsoft Sentinel, a cloud-native SIEM platform, offers robust security analytics and integration with Azure, but its complexity can be challenging...