46 lines
2.3 KiB
Markdown
46 lines
2.3 KiB
Markdown
---
|
|
title: Cyberattacks
|
|
---
|
|
A cyberattack refers to the exploitation or "hacking" of computer systems, infrastructures, computer networks, and/or personal computer devices using malicious code.
|
|
The aim of a cyberattack more often than not is to steal, modify or destroy information.
|
|
|
|
The motive for launching a cyberattack can range from financial to political and ideological.
|
|
There are also hackers who infiltrate into systems as a form of entertainment.
|
|
|
|
Cyberattacks can be targeted and untargeted, and the mechanisms employed by hackers differ.
|
|
In a targeted attack, cybercriminals may use spear-phishing, in which email containing malicious code hidden in a file attachment is sent out to target individuals.
|
|
The malicious code could, for example, install itself in the target device and send information back to its creator.
|
|
When that happens, we call the victim's device a botnet or a zombie computer.
|
|
|
|
A cyberattack can also be untargeted. The classical example of such attacks is phishing,
|
|
in which cybercriminals send out emails to a large group of people disguising as a legit organization to encourage users to share sensitive information or visit a phony website.
|
|
Alternatively, the hacker could compromise a legit website and plant a malware (malicious software) by which visitors would get infected.
|
|
In 2017, a Ukrainian government website was infected with malware that erases visitors' hard drives.
|
|
|
|
One of the biggest cyberattacks to date is the Yahoo hack, this affected all 3 billion user accounts. The hack was dangerous, as it exposed users names,
|
|
email addresses, telephone numbers, DOB, encrypted passwords and unencrypted security questions. This attack proves that no matter how big a company is,
|
|
no one can be 100% that their data is secure.
|
|
|
|
## Common Types of Cyberattacks
|
|
* Malware
|
|
* Phishing
|
|
* SQL Injection Attack
|
|
* Vulnerability Exploitation
|
|
* Cross-Site Scripting (XSS)
|
|
* Password Attacks
|
|
* Denial of Service Attacks (DoS)
|
|
* Man in the Middle (MITM)
|
|
* Credential Reuse
|
|
* Rogue Software
|
|
* ARP Poisoning (Network Pentest)
|
|
* Password Bruteforce
|
|
* Local/Remote file inclusion (Web App Pentest)
|
|
* Indirect Object Reference (IDOR)
|
|
* Distributed Denial ofService (DDoS)
|
|
* Trojan Attack
|
|
* Wifi-Phishing
|
|
* DNS Poisoning
|
|
* E-mail Spoofing
|
|
* KRACK (Key Reinstallation Attack)
|
|
|