First of all, let’s define what a cyber attack is : it is an offensive action aimed at infrastructures, devices or computer networks, with the aim of stealing, modifying or destroying data or computer systems. Several entities such as the ANSSI are in charge of reinforcing the cybersecurity of administrations and companies.
Here are the top 10 most common types of cyber attacks :
1- Denial of Service (DoS) attack and Distributed Denial of Service (DDoS) attack
These attacks aim to make a server, a service or an infrastructure unavailable. These attacks can take different forms :
- Bandwidth saturation
- These attacks aim to make a server, a service or an infrastructure unavailable.
More concretely, this type of cyber attack aims at overloading the targeted resource with requests, so as to exhaust the bandwidth and cause a clear slowdown or a total stop of operation. Hackers can also use several compromised devices to launch this type of attack, which are DDoS.
2- Malware
It is unwanted software that is installed on your system without your consent. It can be hidden in legitimate code, in applications or it can be replicated on the internet. Malware attacks through a vulnerability that subsequently downloads malicious software. There are several sub-categories of malware :
Ransomeware
As the name suggests, this is malicious software that holds your data hostage until a ransom is paid. It blocks access to your data and then threatens to delete or disclose it. Your content is then encrypted, either totally or partially, so that it cannot be used without the decryption key. The hacker usually asks to be paid in cryptocurrency, such as Bitcoin.
Spyware
These are programs installed to collect information about users, their browsing habits or their computer. These programs monitor your every move without your knowledge and send this data to the cyber-attacker(s). They are usually installed when you download a free application.
Polymorphic virus
This is a computer virus that changes its own representation during replication. This manoeuvre prevents them from being detected by anti-virus software.
Stealth virus
These types of viruses take control of certain system features to hide themselves. They do this by compromising detection software. These viruses can spread in the same way as any other virus, through malware, attachments or installations created via various websites.
Trojan horse
A seemingly legitimate program, but with a malicious intent. Cybercriminals use so-called social engineering techniques to trick you into loading and running this Trojan Horse. For several purposes :
- To steal, delete, block, modify or copy personal or sensitive content,
- Spying,
- Stealing passwords…
Logic bomb
Malicious software added to an application. These are programmed devices that are triggered at a specific time. This type of virus is capable of being triggered at a precise moment, more or less close, and on a large number of machines.
We remember the Chernobyl virus, launched in 1998 by a Taiwanese student… This virus was programmed to be triggered on the 13th anniversary of the nuclear disaster, i.e. 26 April 1999. The virus left Taiwan and remained inactive for more than a year, at which time it disabled thousands of computers around the world.
Flame
This is malware that replicates itself on multiple computers using a computer network. Worms have the ability to duplicate themselves once they have been executed. The most common form of propagation is through email attachments.
Injectors
It is a program created to inject malware into a target system. Also known as a “syringe program” or “dropper virus”. Once the malware is activated, the injector may self-destruct.
3- Phishing
These types of attacks combine social engineering and technical skills. It involves sending emails that appear to come from trusted sources in order to collect personal data or to trick victims into taking an action. These attacks can be hidden in an email attachment, or use a link to an illegitimate website to trick you into downloading malware or transmitting some personal data.
4- Dive by Download
This is a common method of spreading malware. Cyber-attackers hack into unsecured websites by inserting a script into the http or PHP code of one of the web pages. Their goal? To install malware directly onto a website visitor’s computer via a stealth download. This can be done without your knowledge or consent, but without your understanding of the consequences: downloading malware or simply unwanted software.
5- Password cracking
This is the most common means of authentication for accessing a system. It is therefore not surprising that this type of attack is widespread.
6- Structures Query Language
A recurring problem affecting websites that use databases. These attacks occur when a cybercriminal executes a piece of SQL (standard computer language) code to manipulate a database and access potentially sensitive content. This data is then searchable, editable and deletable.
7- Man in the Middle (MitM)
It is a hacking technique that consists of intercepting encrypted exchanges between two people or two computers in order to decode their content. The hacker must therefore receive messages from both parties and respond to each pretending to be the other. There are several types, including :
- Session hijacking between a trusted client and a server, by stealing the client’s IP address
- IP spoofing
- Replay: occurs when an attacker intercepts and then records old messages, and later attempts to send them, posing as one of the participants in the conversation.
In general, encryption and the use of digital certificates provide effective protection against such attacks.
8- Cross-site scripting
The cyber-attacker inserts a malicious JavaScript into the database of a website. When the Internet user visits a page of this website, the latter transmits this page to his browser with the malicious script integrated into the HTML code. The user’s browser then executes this script, sending for example the victim’s cookie to the attacker’s server, which extracts it and can use it to hijack the session. These vulnerabilities can lead to more serious consequences than cookie theft, such as recording keystrokes, screen captures, collecting sensitive content and remote access and control of the victim’s computer.
9- Eavesdropping
Eavesdropping is the result of intercepting network traffic. The cyber-attacker can then obtain passwords, bank card numbers and other sensitive content that the Internet user sends over the network concerned. There are two types :
- Passive eavesdropping : a hacker intercepts data by listening to the transmission of messages on the network
- Active eavesdropping: a hacker actively steals information by pretending to be a friendly unit and sending requests to transmitters.
Data encryption remains the best protection against eavesdropping.
10- Birthday attack
These cyber attacks are launched against hash algorithms that verify the integrity of a message, a digital signature or software. This type of attack exploits mathematical notions equivalent to those used by the birthday paradox* in probability theory. This attack is usually perpetrated to alter communications between two or more people.
(* a probabilistic estimate of the number of people who would need to be together to have at least a one in two chance that two people in the same group would have their birthday on the same day…!)
To limit the risk of failure, find out what a secure digital workplace is, a trusted space for reducing IT risks in business collaboration.
Here are the most recurrent types of cyber attacks. There is no doubt that with the rapid and numerous digital innovations, cybercrime has not finished poisoning us. The figures speak for themselves : computer malware accounted for 1% of the world’s GDP in 2019… or $600 billion. Computer attacks have increased by 30,000% since January 2020. 18 million daily phishing emails containing malware linked to COVID 19 were detected by Google in one week… But the players in the digital sector as well as the States and particularly Europe, are taking the full measure of these 4.0 threats, as indicated for example by the announcement of the French plan to fight cybercrime of 1 billion euros.
