Types of Hackers Attacks Or Cyber Attacks and 12 Most used Cyber Attacks.

What Is Hackers Attacks Or Cyber Attacks

A Cyber attacks is the way of unauthorized access of the computer system of network for the purpose of destroy, steal or gain information. According to the context the cyber attacks can be the part of Cyber wars and Cyber terrorism. Cyber criminals, individuals, groups, organizations and other anonymous source can be responsible for the cyber attacks. The tools and things that they use for cyber attacks are called cyber weapons and cyber tools.

In last decade the cyber attacks are increasing continuously. The main reason of increasing cyber attacks are the internet. Cyber criminals unauthorized access our network and mobile devices due to internet and steal our information and useful data. Before 2010 many of countries have lack of internet and lack of internet means lack of cyber attacks.

Reason Behind The Cyber Attacks

Every business have it’s own privacy and data that they protect from the others. The attackers or other competitives are always search the opportunity to defeat their opponent.

Here are some common reasons behind the cyber attacks :-
  • For the details of business finance
  • Details for companies customers
  • Sensitive data
  • Access the database of any organization
  • List of clients and employers
  • For fun
  • Need of money

Types Of Cyber Attacks

1. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks target the victim’s system’s resources to prevent them from responding to service requests. They are launched from a large number of host machines controlled by the attacker.

What makes these attacks different from others is they usually don’t provide direct benefits for attackers. Some may already be satisfied that the victim suffers from service denial. However, they can be beneficial if the attacker targets their business competitor. In addition, these attacks can be used to take a system offline. There are many types of Dos and DDos attacks like TCP SYN flood attack, teardrop attack, smurf attack, ping-of-death attack and botnets.

2. TCP SYN flood attack

In TCP SYN flood attack an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker’s device floods the target system’s small in-process queue with connection requests. But it does not respond when the target system replies to those requests.

When a client and server establish a normal TCP “three-way handshake,” the exchange looks like this:

  • Client requests connection by sending SYN (synchronize) message to the server.
  • Server acknowledges by sending SYN-ACK (synchronize-acknowledge) message back to the client.
  • Client responds with an ACK (acknowledge) message, and the connection is established.

3. Teardrop attack

A teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented packets to a target machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP fragmentation reassembly.
The packets overlap one another, crashing the target network device. If users don’t have patches to protect against this DoS attack, disable SMBv2 and block ports 139 and 445.

4. Smurf attack

Smurf is a network layer distributed denial of service (DDoS) attack, named after the DDoS.Smurf malware that enables it execution. In a standard scenario, first host sends an ICMP Echo (ping) request to second host, triggering an automatic response. 

In an IP broadcast network, an ping request is sent to every host, prompting a response from each of the recipients. With Smurf attacks, perpetrators take advantage of this function to amplify their attack traffic.

5. Ping of death attack

The ping of death attack is used to test the availability of a network resource. It works by sending small data packets to the network resource. The ping of death takes advantage of this and sends data packets above the maximum limit (65,536 bytes) that TCP/IP allows.

TCP/IP fragmentation breaks the packets into small chunks that are sent to the server. Since the sent data packages are larger than what the server can handle, the server can freeze, reboot or crash.

6. Man-in-the-middle (MitM) attack

Man-in-the-middle (MitM) attack is the oldest cyber attack. MitM attacks consist of sitting between the connection of two parties and either observing or manipulating traffic. This could be through interfering with legitimate networks or creating fake networks that the attacker controls. Compromised traffic is then stripped of any encryption in order to steal, change or reroute that traffic to the attacker’s destination of choice.

“In this attack they can also change the DNS settings for a particular domain [known as DNS spoofing]. If you’re going to particular website, you’re actually connecting to the wrong IP address that the attacker provided, and again, the attacker can launch a man-in-the-middle attack.

7. Phishing attacks

Phishing attacks are the common social engineer cyber attacks. It is used to steal user data, including login credentials and credit card numbers. In this attack the recipient is tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of ransomware attack or the revealing of sensitive information.

The link that the attacker send to the victim there are many types of phishing page that attract the victim. It could also be a link to an illegitimate website that can trick you into downloading malware or handing over your personal information.

8. Drive-by attack

Drive-by download attacks are a common method of spreading malware. A drive-by download attack refers to the unintentional download of malicious code to your computer or mobile device that leaves you open to a cyber attack. A drive-by download can take advantage of an app, operating system, or web browser that contains security flaws due to unsuccessful updates or lack of updates.

In this attack might install malware directly onto the computer of someone who visits the site, or it might re-direct the victim to a site controlled by the hackers. A drive-by download can take advantage of an app, operating system or web browser that contains security flaws due to unsuccessful updates or lack of updates.

9. Password attack

Password attack is the way of recovering password. This type of attack does not usually require any type of malicious code or software to run on the system. There is software that attackers use to try and crack your password, but this software is typically run on their own system. Programs use many methods to access accounts, including brute force attacks made to guess passwords, as well as comparing various word comparing against a dictionary file.

10. SQL injection attack

SQL injection has become a common issue with database-driven websites. It occurs when a malefactor executes a SQL query to the database via the input data from the client to server. SQL commands are inserted into data-plane input (for example, instead of the login or password) in order to run predefined SQL commands.

A successful SQL injection exploit can read sensitive data from the database, modify (insert, update or delete) database data, execute administration operations (such as shutdown) on the database, recover the content of a given file, and, in some cases, issue commands to the operating system.

11. Cross-site scripting (XSS) attack

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. XSS attacks use third-party web resources to run scripts in the victim’s web browser or scriptable application.

Specifically, the attacker injects a payload with malicious JavaScript into a website’s database. When the victim requests a page from the website, the website transmits the page, with the attacker’s payload as part of the HTML body, to the victim’s browser, which executes the malicious script.

12. Malware Attack

A malware attack is a common cyberattack where malware (normally malicious software) executes unauthorized actions on the victim’s system. The malicious software (a.k.a. virus) encompasses many specific types of attacks such as ransomware, spyware, command and control, and more.

An example of a famous malware attack is the WannaCry ransomeware attack. Here are some types of malware attacks :-
  • Macro viruses
  • File infectors
  • Droppers
  • Ransomware
  • System or boot-record infectors
  • Polymorphic viruses
  • Stealth viruses
  • Trojans
  • Logic bombs
  • Worms

1 Comment

Leave a Reply

Your email address will not be published.