In the last decade or so, broadband has become ubiquitous, and nowadays even our household appliances have become highly integrated with the Internet. We have become overly dependent on connected devices we use to maintain our regular life. And given the ever-increasing number of cybercriminals, this is a huge risk we’re taking. In today’s day and age, there are more opportunities than ever before for cybercriminals to wreak devastation on individuals and businesses alike.
It seems very plausible that one day a catastrophic failure of the Internet may occur, and it may be one that we cannot recover from quickly. Cyber attacks are not just happening more frequently, they are also becoming more sophisticated. And if we want to be adequately prepared, we need to understand the different ways a cybercriminal might try to cause harm. In this article, we break down the most common types of cyber attacks seen today.
Botnets
In the broadest sense, the term ‘botnets’ refers to a network of Internet-connected devices used to commit cybercrime. These malware-infected systems act under the control of a hacker (also known as the bot-herder), and can be used to carry out DDoS attacks, send spam, steal data, often overwhelming the target system’s processing capabilities and bandwidth. What makes this cyber threat so dangerous is the infected units keep functioning normally, making the attack virtually undetectable.
These so-called ‘zombie army’ are a growing threat and a global problem. In 2018, security researchers have detected a rise in botnet activity. Namely, it was reported that the share from Windows botnets grew from 29% up to 34% in the first quarter of 2018. Fighting off the attacks is only going to become more challenging as the number of connected devices with high mobility capabilities and the volume of data increases exponentially with the advent of 5G networks and IoT.
Denial-of-Service (DoS) and Distributed Denial-of-Service Attack (DDoS)
Imagine you’re stuck in traffic on a one-lane country road, with vehicles backed up as far as your eyes can see. Usually, there are no more than one or two cars on this road, but a major sporting event and a country fair have ended at the same time, and this road is the only way for visitors to leave the town. The road can’t handle that much traffic, and as a result, it gets so crowded that pretty much no one can leave.
That’s pretty much what happens to a website during a DoS attack. DoS attacks overwhelm a system’s resources, making it impossible to respond to service requests. When the target’s servers are overflowed with more traffic than it was built to handle, the website becomes overloaded, and it can no longer serve up its content to the visitors who are trying to access it.
Denial-of-service can happen for a multitude of reasons of course. For example, when a massive news story breaks out, and curious people who want to find out more about it overload the website with traffic. Unfortunately, more often than not, this kind of traffic overload occurs as a result of a cybercrime activity, with the attacker flooding the website with an overwhelming amount of traffic to shut it down for all users.
In some instances, these attacks are performed by various computers at the same time. This form of attack is known as a Distributed Denial-of-Service Attack (DDoS). DDoS can be even more challenging to overcome due to the attacker appearing from various IP addresses around the globe at the same time, making identifying the source of the attack even more difficult for security administrators.
Phishing
A phishing attack is a cybercrime in which the targets are contacted via email, text message or telephone by someone who appears to be a trusted source. The attacker poses as a legitimate source to gain personal information like banking and credit card details, or influence the users to do something. This practice combines technical trickery and social engineering.
In a phishing attack, the target may receive an email by someone posing as a trusted person, like your boss or a company you work with. Attackers usually conduct in-depth research into targets and send messages that are relevant and personal. At first sight, it may seem legitimate, and it will probably have some urgency to it. In the email, there will be a link to click or an attachment to open. By opening the malicious attachment, you’ll install malware to your computer. It can also be a link to a legitimate-looking website that can trick you into handing over your personal information.