greatbody
/
freeCodeCamp
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
freeCodeCamp/guide/english/security/cyberattacks/index.md

2.3 KiB
Raw Blame History

title
Cyberattacks

A cyberattack refers to the exploitation or "hacking" of computer systems, infrastructures, computer networks, and/or personal computer devices using malicious code. The aim of a cyberattack more often than not is to steal, modify or destroy information.

The motive for launching a cyberattack can range from financial to political and ideological. There are also hackers who infiltrate into systems as a form of entertainment.

Cyberattacks can be targeted and untargeted, and the mechanisms employed by hackers differ. In a targeted attack, cybercriminals may use spear-phishing, in which email containing malicious code hidden in a file attachment is sent out to target individuals. The malicious code could, for example, install itself in the target device and send information back to its creator. When that happens, we call the victim's device a botnet or a zombie computer.

A cyberattack can also be untargeted. The classical example of such attacks is phishing, in which cybercriminals send out emails to a large group of people disguising as a legit organization to encourage users to share sensitive information or visit a phony website. Alternatively, the hacker could compromise a legit website and plant a malware (malicious software) by which visitors would get infected. In 2017, a Ukrainian government website was infected with malware that erases visitors' hard drives.

One of the biggest cyberattacks to date is the Yahoo hack, this affected all 3 billion user accounts. The hack was dangerous, as it exposed users names, email addresses, telephone numbers, DOB, encrypted passwords and unencrypted security questions. This attack proves that no matter how big a company is, no one can be 100% that their data is secure.

Common Types of Cyberattacks

  • Malware
  • Phishing
  • SQL Injection Attack
  • Vulnerability Exploitation
  • Cross-Site Scripting (XSS)
  • Password Attacks
  • Denial of Service Attacks (DoS)
  • Man in the Middle (MITM)
  • False Data Injection
  • Replay Attack
  • Credential Reuse
  • Rogue Software
  • ARP Poisoning (Network Pentest)
  • Password Bruteforce
  • Local/Remote file inclusion (Web App Pentest)
  • Indirect Object Reference (IDOR)
  • Distributed Denial ofService (DDoS)
  • Trojan Attack
  • Wifi-Phishing
  • DNS Poisoning
  • E-mail Spoofing
  • KRACK (Key Reinstallation Attack)