When conducting their malicious activities, cybercriminals may pursue different objectives – steal corporate data, get financial gain, damage the company’s reputation, etc. To reach their goals, hackers choose various types of cyberattacks, which makes it more complicated for businesses to prioritize cybersecurity risks.
Having studied the related researches and basing on our experience in security testing and penetration testing aimed at helping companies increase their protection level against cybercriminal activities, we defined 6 common types of cyberattacks each business should beware of. We grouped the attacks depending on the way they are conducted, mentioned their targets and the damage each cyberattack may cause.
#1. Malware distribution
Malware (‘malicious software’) encompasses different types of software that can be downloaded from untrusted internet resources or malicious email letters and run or installed by negligent users.
Cybercriminals spreading various types of malware aim at slowing down your computer systems, stealing corporate information, encrypting corporate data, demanding a ransom for companies to get back access to the data. Another aim of spreading malware is monitoring company employees’ internet activities without their awareness (spyware). According to Positive Research 2019, malware was used in 56% of all attack cases during 2018. Designed to damage networks, computer systems, tablets, mobile devices, malware can be distributed in the forms of:
- Trojan horses
- Computer viruses
- Spyware, etc.
#2. Social engineering attacks
Composing 31% of all cyberattacks according to the Positive Research, social engineering attacks cover cybercriminals’ activities conducted through human communication. Attackers target corporate users via email services or malicious websites, persuading them into clicking malicious links or opening malicious email attachments.
Hackers perform social engineering attacks to get access to a company’s computer systems, corporate bank accounts, etc. Social engineering attacks can take various forms, e.g.:
- Spear phishing
- Whaling, etc.
#3. Man-in-the-middle (MitM) attacks
When conducting this type of attacks, hackers interfere in the communication between a user and a web application. While ‘sitting’ between the user and a web application this user trusts (e.g., an online store, a banking website), cybercriminals listen to the network traffic transmitted and try to capture confidential information like user login credentials or bank account details. Cybercriminals usually target websites and email services. The latter ones are easy to hack since a lot of email services do not use email encryption by default.
Involved in 35% of the exploitations according to IBM’s X-Force Threat Intelligence Index 2018, MitM attacks can take the forms of:
- WiFi eavesdropping
- Session hijacking
- HTTPS spoofing
- Domain name system (DNS) spoofing, etc.
#4. Web application attacks
As revealed during security testing performed for the research prepared by Positive Technologies in 2019, 32% of the tested web applications have an extremely poor security level.
Cybercriminals attempt to exploit client-side and server-side vulnerabilities in web applications to get access to corporate resources, steal the information on the company’s users and clients, etc. Cybercriminals may damage corporate servers and networks by injecting malicious client-side scripts into website login forms, sending a range of requests to targeted servers to overload and cause their denial. The most common web application attacks are:
- Crosssite scripting (XSS)
- SQL injections
- Denialof-service (DoS) and distributed denial-of-service (DDoS), etc.
#5. Password attacks
This type of cybersecurity attacks implies hacking users’ passwords by trying various character combinations, using special scanning software that listens to the network traffic and records network traffic packets with password combinations. In their attacks, cybercriminals target individuals’ passwords, e.g., a company’s employees’ passwords. When performing password attacks, hackers are motivated by the possibility to get access to confidential data like bank account details or credit card information, and further use these details for financial gain. Since 65% of companies around the world report that their employees tend not to change their passwords, these attacks often result in success.
The most common methods to conduct password attacks are:
- Bruteforce attacks
- Password sniffing
- Keylogger attacks, etc.
#6. Advanced persistent threats (APTs)
APTs imply the combination of various types of cyberattack methods like social engineering techniques, malware distribution, and others. APTs are conducted by experienced cybercriminals and may lead to corporate data leaks, intellectual property theft, financial troubles, etc.
Generally, attackers target financial, manufacturing, and other organizations processing and storing high-value information. Generally, APTs follow the next steps:
- Attempting to access a corporate network via a malicious file, an email spam, or by exploiting applications vulnerabilities (social engineering attacks).
- Spreading malware across the network to create backdoors to move within the network comfortably while regularly rewriting malware code to stay undetected (malware distribution).
- Trying to hack corporate users’ passwords to get administrative privileges (password attacks).
- With administrative rights “at hand”, moving around the network and trying to access its other more secure parts.
- Surfing inside the network until cybercriminals’ specific goals are achieved, or gathering the needed information and getting out the network while leaving a backdoor to access the network later.
How Do Businesses Protect from the Most Common Cyberthreats?
To ensure protection from the most damaging and frequently met types of cyberthreats, businesses should implement a combination of security solutions. Properly configured firewall protection and antivirus software help against social engineering attacks and malware distribution. Strong password policies reduce the necessity to cope with password attacks. To detect potential indicators of web application attacks or MitM attacks, security information and event management (SIEM) solutions can be used. To minimize the probability that a company will have to deal with the consequences of APTs, a set of all the above security measures supplemented with data loss prevention (DLP) software should be applied.
While hackers create new sophisticated ways to conduct their cybercriminal activities, businesses should make sure that their corporate security level is regularly checked and improved, and all the necessary security policies and solutions are in place.