Locked What are the most common types of cyber attacks?

[dEEpEst]

What are the most common types of cyber attacks?

Cyber attacks most commonly involve the following:

- Malware in which malicious software is used to attack information systems. Ransomware, spyware and Trojans are examples of malware. Depending on the type of malicious code, malware could be used by hackers to steal or secretly copy sensitive data, block access to files, disrupt system operations or make systems inoperable.

- Phishing in which hackers socially engineer email messages to entice recipients to open them. The recipients are tricked into downloading the malware contained within the email by either opening an attached file or embedded link.

- Man-in-the-middle or MitM, where attackers secretly insert themselves between two parties, such as individual computer users and their financial institution. Depending on the details of the actual attack, this type of attack may be more specifically classified as a man-in-the-browser attack, monster-in-the-middle attack or machine-in-the-middle attack. It is also sometimes called an eavesdropping attack.

- DDoS in which hackers bombard an organization's servers with large volumes of simultaneous data requests, thereby making the servers unable to handle any legitimate requests.

- SQL injection where hackers insert malicious code into servers using the Structured Query Language programming language to get the server to reveal sensitive data.

- Zero-day exploit which happens when a newly identified vulnerability in IT infrastructure is first exploited by hackers.

- Domain name system (DNS) tunneling a sophisticated attack in which attackers establish and then use persistently available access -- or a tunnel -- into their targets' systems.

- Drive-by or drive-by download, occurs when an individual visits a website that, in turn, infects the unsuspecting individual's computer with malware.

- Credential-based attacks happen when hackers steal the credentials that IT workers use to access and manage systems and then use that information to illegally access computers to steal sensitive data or otherwise disrupt an organization and its operations.