With the advent of cashless economy post demonetisation, cyber-attacks are on the rise. Social platforms make us aware of how can we protect ourselves from these attacks. But do we really know what kinds of cyber-attacks exist? Some of the attacks are meant to monitor the information, while others are meant to destroy the data or network. Just like our parents advise us not to talk to unfamiliar person, the same applies to virtual world as well. How can you be sure that the bank that you are trying to log into is not forged? If you are not wary about the following type of cyber-attacks, your network as well as your data – both are at risk.
Malware – It simply means malicious software. They can be worms, Trojan horses, and rootkits. Here are the types:
- Virus – piece of software that can spread infection from one machine to another. It can corrupt, steal or delete your data.
- Worm – A program that copies itself from one computer to another without human interaction. It can send out fake messages to your contact list.
- Trojan horse – These have the capabilities such as logging passwords by keystrokes, hijacking your webcam. These come with a software that you downloaded from untrusted sources, thinking it was a legit one.
- Rootkits – This allows a hacker to gain admin access to your machine. A hacker can install spyware to exploit a vulnerability and then install a rootkit.
- Botnet – Soon as Trojan horse is installed, it helps hacker to compromise a group of computers, which is called a botnet.
- Spam – Unwanted and junk emails that sometimes have links which install malicious software when clicked, assisting the sender to exploit the machine.
- Phishing – Fake Websites or emails, resembling original ones, designed as though they were legit, asking for confidential data, hence helping the hacker to steal data.
- Denial of Service attack – Attackers flood the servers with unwanted traffic, bringing the service down or denying the service.
- Brute Force attack – This is the trial and error method used by a hacker until the right password is found.
- Dictionary attack – Script that is used to determine correct password by the hacker. This is run in a loop until right password is found.
- Advanced Persistent Threat – Unauthorized person accesses the network and stays there for a period of time to steam the data.
- Eavesdropping – Hacker interpreting the data or traffic from a network. Without a strong encryption, huge losses can occur.
- Identity Spoofing – Hacker impersonating an IP address of a computer by a software (which created IP packets). Attacker can modify, re-route or delete your data.
- Man-in-the-Middle attack – Someone assuming your computer’s identity in order to read incoming messages. The computer at other side might believe it’s you, instead of the hacker.
- Sniffer attack – Hackers that use sniffer applications to read network packets. Without packet encryption, data inside the packet is clearly revealed.
- Social Engineering – Human interaction trick people into breaking normal security processes.
- Pharming – Pointing you to an illegitimate website by a legitimate URL. These can lead to phishing attacks.
- Ransomware – Malware that restricts access to your computer or files, and demands money in order to remove the restriction.
- Keystroke Logging – This is installed by a Trojan horse or a virus. It will record whatever you type (for instance bank password) and send it to the hacker. Now you know why banks offer virtual keyboard for entering passwords.
- Adware – Software that automatically displays advertisements. Some of them are spywares, used to sniff out information.
- SSL Attack – Hacker intercepts the encrypted link between website and browser, hence accessing the sensitive data.
- DNS attack – hacker introduces data into a domain name cache, causing the named server to return a wrong IP. This redirects the traffic to hacker’s computer.
- Backdoor attack – Hacker accessing computer remotely. This can be done by various means – port-binding, connect back etc.
- SQL Injection – Hacker inserting customized query to bypass security measure, causing the application to take malicious actions.
There are several other attacks, but the ones listed above are of prime importance. Vigilance is the key to prevention of all the above attacks. As all the transactions seems to happen online these days, threats to people and business will continue to grow. We should brace ourselves by keeping cyber security as priority and take time out to secure out systems.
Image source: Pixabay.com
Authored by Divyam Chhaya
TCS Enterprise Security and Risk Management