Cyber Attacks: What Are the Most Common Ones?
DOS(Denial of service):
Sarah runs an online store, ShopNow. One day, customers can't access her website—it’s slow or down. Unbeknownst to her, a group of hackers, Team Shadow, launches a DoS attack.They use thousands of infected computers, creating a botnet, to flood Sarah's website with millions of requests at once. The server gets overwhelmed and crashes, making the site go offline.The hackers don’t steal anything; they just cause disruption.
Malware Attack:
A malware attack occurs when malicious software (malware) is used to damage, disrupt, or gain unauthorized access to a system.
Here’s a story:
Tom receives an email claiming to be from his bank, asking him to update his account information. The email contains a link to a website that looks official. Tom clicks the link, unknowingly downloading a malware program.Once installed, the malware steals his personal information, tracks his online activity, and even allows hackers to control his computer remotely. Tom’s sensitive data, like bank details, is compromised.In this case, the malware could be a virus, Trojan horse, or ransomware. The attack can cause damage, steal information, or even hold data hostage for ransom.
Man in the Middle Attack:
A Man-in-the-Middle (MitM) attack occurs when an attacker secretly intercepts and possibly alters communication between two parties without their knowledge.
Here’s a story:
Alice is sending a sensitive email to Bob using a public Wi-Fi network. An attacker, Eve, is also connected to the same network. Eve intercepts the email between Alice and Bob without either of them knowing.Eve could read the message, alter it, or even steal sensitive information like passwords. This attack takes advantage of unsecured communication channels, such as public Wi-Fi, to secretly monitor or modify data exchanged between two parties.
Phishing attack
A phishing attack involves tricking someone into revealing sensitive information, like passwords or credit card details, by pretending to be a trusted entity.
Here’s a story:
John receives an email that looks like it's from his bank, saying his account has been compromised. The email urges him to click a link to "secure" his account.john clicks the link, which takes him to a fake website that looks just like his bank's. He enters his login credentials. Now, the attacker has stolen his bank account details.In this attack, the hacker impersonates a trusted source (like a bank or company) to steal personal information.
Drive-By Attack:
A drive-by attack occurs when a user unknowingly downloads malicious software while visiting a compromised website. The user doesn’t need to click anything; simply visiting the site triggers the malware download.
Example: You visit a website, and without knowing, malicious code is downloaded and installed on your device, potentially stealing data.
Cross-Site Scripting (XSS) Attack:
In an XSS attack, an attacker injects malicious scripts into a trusted website, which are then executed in users' browsers when they visit the site. This can steal cookies, session tokens, or other sensitive information.
Example: A hacker posts a comment on a forum with a hidden malicious script. When users view the comment, their session cookies are stolen.
Password Attack:
A password attack involves trying to guess or crack a user’s password through methods like brute-force, dictionary attacks, or keylogging to gain unauthorized access.
Example: An attacker uses a program to try millions of possible password combinations to break into an account.
Eavesdropping Attack:
Eavesdropping occurs when an attacker intercepts communication between two parties (such as over an unsecured Wi-Fi network) to steal data, like login credentials or private messages.
Example: A hacker listens to data sent over an open Wi-Fi network, capturing sensitive information like credit card details.
SQL Injection Attack:
In a SQL injection, an attacker inserts malicious SQL code into an input field (like a login form) to manipulate the database, steal or alter data, or bypass authentication.
Example: An attacker enters "OR 1=1" in a login form, gaining unauthorized access by exploiting a weak SQL query.
Birthday Attack:
A birthday attack is a cryptographic attack based on the birthday paradox. It exploits the probability of two inputs having the same hash value, potentially breaking encryption algorithms like hash functions.
Example: The attacker tries to find two different sets of data that produce the same hash value, weakening encryption security.