The Variations of Cyber Attacks
Cyber attacks have been hitting the headlines and compromising organisations’ network. Methods of such attacks can be non-disruptive and convert, aggressive and direct, or a combination of different techniques. In this post, we will bring your attention to some basic classes of attacks.
Passive Attacks – A passive attack usually involves a perpetrator monitoring a network system for the purpose of gaining information and data about the target without being detected. These attacks may include activities such as Traffic Analysis, Monitoring and Eavesdropping. They are usually data gathering operations for the purpose of financial gains (e.g. selling data to interested parties or credit card frauds).
Active Attacks – In contrast, active attacks are often aggressive and almost always malicious. The victims are usually aware when these attacks occur due to the direct and blatant nature. Viruses, Worms, Trojan horses, Malware and Denial of Service (DoS) are some examples of active cyber attacks. Apart from personal gains, the perpetrators may also launch these attacks with the objective of crippling a network as an act of sabotage or terrorism.
Combination of Passive and Active Attacks – Sometimes, passive attacks are first used to collect desired data or monitor network vulnerabilities before transiting into active attacks to achieve other goals. One of the most common examples is when a hacker acquires login credentials using passive attack methods, and then launches an active attack to cause mayhem once inside the system.
Cyber threats can come from any source – a competitor, a professional hacker who randomly target sites on the internet, or even an insider who is motivated by personal gains or looking to vent some grievances. Therefore, attacks can also be classified as un-targeted and targeted.
Un-Targeted Attacks – In un-targeted attacks, perpetrators try to target as many services and users as possible without any concern of who the victim is. Some examples are Phising (sending emails to large number of people asking for sensitive information), Ransomware (a software that threatens to publish victims’ data unless a ransom is paid) and Water Holing (infect a website with malware that targets the visitors).
Targeted Attacks – Targeted attacks are usually carried out by someone with specific interest in your business or have been paid to target you. These attacks can be potentially more damaging then un-targeted ones as they are executed to specifically target your systems. They may include Spear-Phising (similar to phising, but the emails are targeted to specific individuals who may be related to your organisation), a DDoS attack (make an online service unavailable by overwhelming it with traffic) and undermine the supply chain (attack supplies meant to deliver to the organisation).
Every organisation connected to the Internet should assume they will be a potential target of cyber attacks. Ideally, basic awareness training should be implemented within the organisation together with the necessary security measures to achieve a more holistic cyber security strategy. Should you require expert advice on this issue, feel free to contact an expert for a non-obligation consultation.