Written by Roelof de Bruyn, HOD: Foundation for Professional Development School of IT
Cybersecurity is a key consideration for all businesses as a breach or attack causes major problems.
Cyber attacks not only cost businesses money and data; they also pose a major data privacy problem, and can result in your business’s reputation plummeting if not handled correctly.
- Sign up for a 2-hour cybersecurity short course here.
- Sign up for 8-hour cyber security training and certification here.
Leading cybersecurity training company The Cyber Academy, in partnership with FPD School of IT, has detailed some of the most common attacks that businesses and individuals should protect themselves against.
Denial of Service (DoS) and Distributed Denial of Service (DDOS) attacks
A DoS attack attempts to overwhelm a system’s resources or capacity in an attempt to render it unable to respond to service requests.
A DDoS attack is similar, but is launched from a large number of other host machines or bots which are infected with malicious software and controlled by a hacker.
These attacks are not usually executed to gain information, but it is not unheard of.
Man-in-the-middle (MitM) attack
Session hijacking, Replay, and IP Spoofing are examples of this type of cyber-attack.
All three involve the hacker inserting themself between a client and server so that they can replace the legitimate client, who the destination server still thinks it is communicating with.
Replay in this context refers to a hacker accessing one or more messages to use later to impersonate the victim.
Phishing and Spear Phishing (Whaling) attacks
Phishing attacks involve sending an email that appears to be from someone the receiver trusts.
They entice the receiver to open a document or click on a link, which then opens the backdoor on the receiver’s device.
When a specific individual is targeted, it is called spear phishing, and if they are a strategic decision maker, it is referred to as whaling.
The goal of these attacks is usually to collect sensitive information that can be used for financial gain or extortion.
A drive-by download or attack exploits an app, operating system or web browser that contains security flaws due to unsuccessful, or a lack of, updates.
It is different to other attacks as the victim only needs to visit a website or read a popup for this malicious code to be transferred to the victim’s device.
When infected with this malicious code, the hacker can take control of the victim’s device.
Because passwords offer access to websites, platforms and applications, and protect sensitive information like finances, it is safe to say this type of attack is popular.
Social engineering is often involved, as these hackers manipulate themselves into favourable situations in an attempt to get their hands on a password.
The more indirect approach is where the hacker uses algorithms and code to “guess” the password they want. These are known as dictionary attacks.
Eavesdropping (probing) attack
Eavesdropping attacks occur through the “interception” of network traffic.
By eavesdropping, an attacker can obtain passwords, credit card numbers, pin codes, and other confidential information that a user might be sending over the network.
Eavesdropping can be passive or active:
- Passive – Hackers obtain their data through monitoring transmissions over the network.
- Active – Hackers actively intercept the information by disguising themselves as friendly units and sending queries to transmitters. This is called probing, scanning or tampering.