Most Recent Cyber Attacks

To say it simply, a cyber attack is a malicious and deliberate attempt by an individual or an organization to breach information systems of another individual or an organization. Every business may be a target of cyberattacks to seek some benefit from disrupting the victim’s network. As former Cisco CEO John Chambers says,

“There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.”

Some of the most common types of cyber-attacks are malware, phishing, man-in-the-middle, DoS, SQL injection, zero-day exploits and DNS tunnelling.

Malware is malicious software including spyware, ransomware, viruses, and worms. Malware breaches typically occur when a user in the network clicks a dangerous or risky link that installs risky software. Malware is capable of blocking access to key components of the network, installs harmful software, obtain information, and makes the systems inoperable.

Phishing attacks happen through fraudulent communications which appear to be a reputable source, usually through email. The goal of these attacks is to steal sensitive data or to install malware 

Man-in-the-middle (MitM) attacks are known as eavesdropping attacks possible through the attackers inserting themselves into a two-party communication. For example, if a user is on unsecured public Wi-Fi, attackers may be able to insert themselves between the user and the network to get access to the data passes through the network and the user.

Denial-of-service attack floods the systems with traffic to exhaust resources and bandwidth so that the system will not be able to perform actions on real requests. Attacks can use several compromised devices to launch this type of attack, which is identified as a distributed-denial-of-service (DDoS) attack.

SQL injection is done by attackers submitting malicious code into a server which uses SQL and forcing the server to reveal information which is not supposed to reveal.

"Zero-day" attacks refers to the fact that the developers have “zero days” to fix the problem that has just been exposed — and perhaps already exploited by hackers. So immediate fixed are required to address the issue.

DNS tunnelling uses DNS protocol to communicate non-DNS traffic over port 53. DNS is the protocol that translates human-friendly URLs to machine-friendly IP addresses. Normally DNS is not intended for data transfer, therefore many organizations do not monitor their DNS traffic. As a result, attackers use the DNS protocol to tunnel malware and other data through the client-server model.

Looking at the recent past we can see several significant cyber-attacks as,

Capitol One breach took place in 2019, hacking hundred thousand of credit card applications, with personal and sensitive data. The stolen data was not found on the dark web, not seem like an espionage activity. But later found out that the hacking was done by an American named Paige Thompson, who worked previously for Amazon which gave her background to identify badly misconfigured Capitol One’s servers.

Citrix breach which took place in 2019, is a company in the cybersecurity business. The hacker made attempts to gain access to a system using brute force, by rapidly attempting to log in with simple and frequently used passwords.

WannaCry ransomware spread in 2017, infecting computers and encrypting the contents of hard drives and demanding to pay in bitcoin to decrypt them. The vulnerability of the systems was not upgraded with the patch update in Windows systems.

References

• https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html

• https://www.paloaltonetworks.com/cyberpedia/what-is-dns-tunneling

• https://www.csoonline.com/article/3237324/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html