Security threats to data and personal assets have been in existence from time the world started thinking digital, especially after the internet took the world by storm. Cyberattacks are now ubiquitous due to the evolution of multiple devices with which humans communicate and humongous personal and corporate data created through the constant use of these devices. According to Cisco’s “Annual Cybersecurity Report,” the total volume of security events increased fourfold in a span of 18 months from January 2016 to October 2017, with an average event costing a typical enterprise USD 5,000 as ransomware or damages to business systems.
There are some common types of cyberattacks that every business should know about and undertake robust steps to prevent their occurrence. Understanding these different attack vectors go a long way in establishing appropriate enterprise-level security frameworks. This proactive approach to internalizing application security is essential to protect consumer data and maintain business revenue with unwavering customer loyalty.
Here it is pertinent to understand what cyberattack means. According to Cisco, a cyberattack is “a malicious and deliberate attempt by an individual or organization to breach the information system of another individual or organization.” Taking this overarching definition into consideration, let us look at the 10 most common cyberattacks and how an organization can guard against them.
1. Malware
It is an application developed to disrupt the normal functioning of any device, be they mobile phones, desktops, or servers. Usually distributed as a script or executable code, the user inadvertently installs malware. This malicious application then acquires a foothold on the device and starts tracking everything depending upon its capability created by its coder – for example, capturing keystrokes, installation of harmful software, stealing valuable information from the system and encrypting it to demand a ransom, in which case it is called ransomware, and so on. The best way to protect against malware attacks is to install anti-virus software, keeping all system software up to date and downloading only legitimate software or applications from trustworthy stores. Following the golden rule – “think before you click” – often helps in protecting a device against malware attack.
2. Phishing
Attackers are intelligent enough to know that some users may not open attachments sent to them through spam emails, from which they traditionally distribute malware. In such cases, attackers usually resort to phishing attacks to steal critical personal information, like credit card details, login credentials, personal information, etc., by exploiting human impulses. In a phishing attack, the attacker impersonates as an individual or establishment and sends emails to unsuspecting targets asking for immediate help and shares a link with them. The innocent user clicks on the link, which takes them to a fake website that looks similar to a legitimate popular website. The person, unbeknownst to the trap laid for them, falls into it and ends up sharing personal details with the attacker. The attacker acts on this information quickly and robs the user even before they can realize they were subjected to a phishing attack. To combat phishing attacks, it pays well to verify email senders and download attachments only when it is essential. Emails asking for financial help should trigger alarm bells in a user’s mind. Enterprises should forbid their employees from opening emails that come from non-trusted sources.
3. SQL injection
Structured Query Language (SQL) is a programming language to communicate with databases. Servers often employ SQL to access and update data between the client and the database. Attackers often use malicious SQL statements to directly access/update customer’s personally identifiable information from/to databases. This type of attack is one of the most popular ones as it gives rich bounties to attackers. SQL injection (SQLi) works by exploiting known SQL vulnerabilities and makes the server run malicious code. Passing through usual validation measures in an application, attackers exploit user interface features, like the search box, to dump critical personal information, like username/password, directly from the database, thus bypassing all security measures. Preventing SQLi requires robust coding practices, not using any known vulnerabilities in database configuration, updating and patching database updates often, and using appropriate privileges, like never being lax with granting admin privileges to users unless it is absolutely necessary.
4. Cross-site scripting (XSS)
Under this category of attacks, the attacker embeds malicious scripts/code directly into a benign website without attacking the website itself. Whenever a user visits the website, the client’s browser runs the script. Since the web browser does not recognize the malicious script, as it comes from a trusted source, it successfully runs as a browser-side script and captures cookies, session tokens, and other sensitive information retained by the browser. This not only damages the reputation of the website but also hijacks any information that the user communicates with it, such as user credentials, credit card information, cookies, etc. What is worst is that neither the website administrator nor the user has any clue about the malicious code thus put in place. It is important to use best coding practices, such as built-in sanitization and escaping functions, to prevent XSS attacks. It is critical to manually test changes in the codebase and take the help of security testing tools to find reflected and stored XSS to handle them before making the website live.
5. Denial-of-service
Through a DoS attack, the perpetrator seeks to make digital assets inaccessible to intended users by disrupting the services of a host connected to the internet. This involves flooding the host server with overwhelming requests, much more than it can handle, thus eventually triggering a crash. This makes legitimate requests from users unserviceable. Distributed denial-of-service (DDoS) attack happens when the source of requests come from many computers (botnets) at the same time.
Combating DDoS is quite difficult, as it is virtually impossible to trace the attacker and know the source of the attack. Since it is best to prevent a DoS/DDoS attack than being left scrambling after its occurrence, employing security and network perimeter tools to monitor the traffic usually helps avert them. Web administrators employ ingress filtering method, in which internet packets are correctly traced to their genuine IP addresses, to stop such attacks.
6. Man in the middle (MiTM)
This attack happens when the hacker overhears the communication between the client and the server. Each interaction between the client and the server gets a session ID, which is private to them. But, in the case of session hijacking, the intruder hijacks the session (through the XSS attack, for example) by capturing the session ID and poses as a legitimate resource and continuing the session with the server on behalf of the user. The invader gains access to unauthorized sets of information on the server and can wreak havoc. This attack comes in many flavors, like IP and DNS spoofing, replay attack, and session hijacking. Preventing MiTM attacks is the best way forward rather than responding to them after they occur. Implementing strong WAP encryption on access points, implementing HTTPS connections for all network communications, and using strong authentication protocols, like RSA, are some of the suggested measures to prevent MiTM attacks.
7. Zero day
This vulnerability arises from a defect in your software, hosted application, or even hardware. It is usually a bug that escaped the attention of the testing team, and thus the development team does not know about it. This leaves open vulnerabilities for the attacker to exploit. There is a zero-day gap between the time the vulnerability is detected and the attack. Rigorous testing for the detection of bugs/vulnerable code is a must for preventing run-ins with zero-day attacks.
8. Credential reuse
To circumvent the possibility of remembering multiple usernames/passwords, users tend to re-use the same set to create accounts everywhere, which is far from being a recommended security practise. Attackers relish this opportunity and, once they lay hands on a trove of username/passwords (using SQLi or XSS attacks), use these credentials to access virtually any application, frighteningly even banking websites and your email, and retrieve a goldmine. Creating a new set of username/password for each application sign-up is an effective way to prevent credential reuse attack, even if the attacker lays hands on one of your credential sets.
9. Weak passwords
Passwords are the key to get access to your accounts. Getting access to a password is like simulating your behavior with the account. Hence, it is an age-old attack theme. Snoopers use techniques like brute-force (guessing password combinations after taking a cue from your details like name, places you visit, etc.) and dictionary attacks (taking help from a dictionary of common passwords) to get access to your personal/enterprise account. Some best practises like enforcing account lock-out after a certain number of unsuccessful attempts, storing passwords using powerful AES or SHA-256 encryption methods, and using hard-to-guess passwords are some useful ways to deter password attacks.
10. Drive-by downloads
Hackers employ this attack to spread malware on the user’s devices. They embed a malicious script into a website’s insecure pages, which installs into the user’s system whenever they visit the page. Hackers may also perpetrate this attack through emails or redirection to a site controlled by hackers. It does not involve any active input from the user themselves. The attacker just takes advantage of security flaws in a browser or an operating system(OS). Updating the OS and browsers with latest patches, avoiding visiting malicious websites, and uninstalling unnecessary programs/apps/browser plugins are some ways in which you can protect yourself from drive-by download attacks.
In a nutshell, a proactive approach towards the adoption of secure browsing practices and online communication goes a long way in preventing yourself and your business from falling prey to ever-looming cyber security attack vectors. Prevention is better than cure: This adage holds true for your online behavior too!
To secure your applications without any additional coding, click on the link below to know more about AppSealing and sign-up for a free trial.