DEV Community

loading...
Cover image for 13 Common Types of Attacks in Cybersecurity

13 Common Types of Attacks in Cybersecurity

luthfisauqi17
・4 min read

The first and most relational step in responding to an attack incident is to check and find out what type of attack is happening. This is very vital because if we guess wrong in making decisions, the consequences can be fatal.


Before we get into the list of common computer attacks, it is important to know about the type of cybersecurity attacks. Basically, there are 2 types of cybersecurity attacks:

  • Passive attacks, passive attacks are the type of attack in which the attackers will only doing some recon and data gathering (or even stealing some data) on the target device.
  • Active attacks, active attacks are the type of attacks in which the attackers will do some data modification (create, edit, delete) on the target device.

Without further ado, let’s get started on the list of common attacks in cybersecurity!
In a nutshell, here is the list of attacks that will be explained next:

  1. Trojan Horse
  2. Virus
  3. Worm
  4. Logic Bomb
  5. Eavesdropping
  6. Data Modification
  7. Spoofing
  8. Password-Based Attacks
  9. Denial-of-Service Attack
  10. Man-in-the-Middle Attack
  11. Compromised-Key Attack
  12. Sniffer
  13. Application Layer Attack

1. Trojan Horse

Trojan horse is also abbreviated as a trojan. Is a form of the program (malware) that looks like it’s running normally to perform the functions we want, when in fact it is dangerous. Trojans usually come sneaking up on other software that we install. Worms and computer viruses can be Trojan horses.

2. Virus

A virus is a form of trojan, which is a program that can copy and paste itself into another program, to infect data on a computer without the owner’s knowledge. Computer viruses come in many forms and functions and have cost millions of dollars to computer users around the world. Viruses are constantly evolving from time to time, created by people for various purposes: malicious intent/destruction, profit, hobby, or show off.

3. Worm

At its core, a worm is a program that can duplicate itself. It usually uses a network connection to send a copy of itself to other nodes (computers on the network). All these activities are carried out without human involvement.
Unlike viruses, worms do not attach themselves to other programs. Worms almost always interfere with the network, mainly consuming bandwidth. The virus always corrupts the files on the victim’s computer. Worms are usually spread through the address book of e-mail addresses.

4. Logic Bomb

A logic bomb is nothing but a piece of code that is inserted intentionally into a system software so that it can perform erroneous, harmful, or even dangerous functions. For example, a programmer inserts a hidden piece of code that can delete files or data (such as payroll databases or tax reports), which the company is not aware of.

5. Eavesdropping

In general, network communications are in an insecure position and format. There are so many opportunities where someone can secretly “peek” or read data packets that go back and forth in a network.

6. Data Modification

Once the attacker has successfully read the data, the next logical step is to change it. Attackers can modify data without the knowledge of the sender or recipient. Again, the tools often used by attackers for this purpose are trojan programs

7. Spoofing

A spoofing attack is a situation where a person or a program successfully disguises itself as another person or program by falsifying data to gain access to a system to perform activities that are not their authority.

8. Password-Based Attacks

The most common methods of most security attacks are sabotage and access control. That is, our access rights to a computer or network are determined by our identity, in this case, our username and password.

9. Denial-of-Service Attack

DoS attacks in principle are attempts to make computer or network resources unavailable to serve users. Unlike password-based attacks, denial-of-service attacks try to prevent users from enjoying computer or network services.

10. Man-in-the-Middle Attack

Man-in-the-middle is where someone actively assists, captures, and controls communication between a user and other users who communicate transparently.

11. Compromised-Key Attack

As we know, in the context of computer and network security, a key is a secret code or number needed to translate secure/secure information. While trying to obtain the key is a difficult and resource-consuming process, it still has the potential to happen. After the attacker obtains the key, the key is referred to as a compromised key.

12. Sniffer

A sniffer is a type of application/device that can read, monitor, and capture data exchange in a network. If the data packet is not encrypted, the sniffer can easily read and reveal all the data it gets.

13. Application Layer Attack

Application layer attacks are usually targeted at application servers. Attacks intentionally cause errors to the operating system or application server. This causes the attacker to gain the ability to bypass normal access control. From this situation, the attacker takes many advantages: gaining control over applications, systems, or networks.


Sometimes administrators get the wrong idea of what’s going on. A small activity, he thought was normal. Though it could be a great attack action. Therefore, knowing the types and indications of attacks is important for every administrator to master.


REFERENCES:
https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html
https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/
https://www.kaspersky.com/resource-center/threats/trojans
https://en.wikipedia.org/wiki/Trojan_horse_%28computing%29
https://en.wikipedia.org/wiki/Computer_virus
https://us.norton.com/internetsecurity-malware-what-is-a-computer-worm.html
https://www.avast.com/c-what-is-a-logic-bomb
https://www.investopedia.com/terms/e/eavesdropping-attack.asp
https://threatpost.com/what-is-a-data-manipulation-attack-and-how-to-mitigate-against-them/141563/
https://www.investopedia.com/terms/s/spoofing.asp
https://cybersecurityassociation.co.uk/common-attacks/password-attack-advice/
https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos
https://www.imperva.com/learn/application-security/man-in-the-middle-attack-mitm/
http://www.aries.net/demos/Security/chapter2/2_3_5.html
https://www.avg.com/en/signal/what-is-sniffer
https://docs.aws.amazon.com/whitepapers/latest/aws-best-practices-ddos-resiliency/application-layer-attacks.html

Discussion (0)