5 Types of Cyberattacks CIOs Should be Aware of

By Enterprise Security Magazine | Wednesday, September 25, 2019

With growing online technology, cyber threats are also increasing. Cybersecurity is a vital part of every enterprise toolkit.

FREMONT, CA: A cyber attack refers to deliberate misusing of computer systems and networks in technology-dependent organizations. Cyber attackers use malicious code for altering computer code, data, or logic leading to disruptive consequences which can compromise data and result in cybercrimes like information and identity theft. Following are the types of cyber attacks enterprises and CIOs should be aware of:

1. Denial of service (DoS) attacks

A Denial of Service (DoS) attack is a type of internet pile on. The fraudsters send a huge amount of information and data all at once to the computer system from multiple computers that overwhelms the system, which it turns stops responding to service requests. DoS doesn’t benefit the attackers directly. Some of them are satisfied with the service denial, but the attacker will be benefited a lot if the attacked resource is of a business competitor. Another aim of the attack can be of taking a system offline for launching multiple kinds of attack.

2. Phishing 

Phishing aims at getting the enterprise's sensitive information or spreading malware by sending fraudulent emails that seem to come from trusted sources. 

Spear Phishing is a targeted kind of phishing activity. Attackers do in-depth research into targets and create personal and relevant messages which makes spear-phishing hard to detect and even harder to defend against. Techniques that fraudsters use can be email spoofing or website cloning.

3. Man-in-the-Middle (MITM) Attacks

Man-in-the-Middle (MITM) attacks, also called eavesdropping attacks, occur when the attacker gets access to the communication between two entities, which allows hackers to intercept the communication. They can also alter the messages that seem to be from a trusted source. Now, the MITM attack has gone one step further of disguising itself as one or both of the individual communicating.

4. SQL Injections

A Structures Query Language (SQL) injection happens when malicious code is inserted into a server using SQL by the attacker. Thus, the attackers can bypass the security by reading sensitive data, modifying database data, executing administration operations, recovering content of a given file, and much more. They need to submit a malicious code into a susceptible website search box.

5. Zero-day Exploit

A zero-day exploit hits post the announcement of a network vulnerability but before the implementation of a patch or solution. Fraudsters make the disclosed vulnerability their target during this window of time. Zero-day vulnerability threat detection needs continuous awareness.

Strategies to mitigate these threats vary, but the basics of security remain the same. It is important to keep your system and anti-virus databases updated. Also, the workers should be well-trained, low-privileged IT environment should be used, the password should be strong to protect the systems from cyber attacks. 

Weekly Brief