Protect your Organization by Learning Common Cyber Attack Classifications

The goal of cyber-attacks is to disable computers, disrupt computer systems, steal data, obtain illegal access to computer systems, or delete data. It steals data by exploiting flaws or misconfigurations in computer code, which leads to cybercrime. Attacks can be launched remotely from anywhere in the world. A cyber attack is designed in such way that it causes significant damage to an organization.

Five types of attack classifications

Passive attack

Passive attacks compromise the confidentiality of messages. In this attack, the malicious actor monitors and scans systems in order to obtain knowledge about the target by passively looking at it; because the attacker is not actively involved, no data or information is affected. These kind of attacks are incredibly difficult to detect. Passive attacks can be prevented by encrypting data during transmission with secure encryption algorithms, rendering data unreadable to the attacker.

Person-in-the-Middle Attack:

The hacker analyses the network traffic as it moves from the target machine, then observes patterns of information exchanged over a network.

Checkout this blog on PITM to learn more about it.

Active Attacks

This is a technique in which data is modified and interrupted in order to compromise the targets network. The goal is to benefit from information gathered through passive attacks. To exploit the target system, the attacker makes unauthenticated changes to the data stream or creates fake data streams. Active attacks continue to pose a risk to data integrity and availability because, unlike passive attacks, they are easily detectable.

Following are the types of active attacks.

Masquerade attack:

A masquerade attack occurs when an intruder impersonates a genuine user in order to change data or achieve a higher privilege level than they are allocated.

Replay Attack:

A replay attack happens when an attacker captures network traffic and subsequently delivers it to its original destination while posing as legitimate personnel.

Message Modification:

In message modification, some portion of the message is modified or the packet destination address is changed to direct the message to a different destination.

Denial of Service:

In a denial of service attack, attackers flood the target with more traffic than it can manage, resulting in a breakdown of service or full failure, prohibiting authorized users from accessing the system.

Close-In Attacks

A close-in attack occurs when a malicious actor physically gains access to an organization’s network systems or facilities in order to obtain, deny, or manipulate data. Shoulder surfing is one method of conducting a close-in attack in which sensitive information such as usernames and passwords can be obtained simply by peering over the target’s shoulders. Close-In attacks can be prevented by enforcing strict physical security and limiting physical server or system access to only authorized personnel.

Insider attack / Insider threats

Insider threats are defined as an attack performed by a user or malicious code from within an organization. It may come from current or former employees or business contractors that have or had access to organization data or computer systems. The majority of data breaches are caused by insider threat actors.

Distribution / Supply Chain Attacks

A supply chain attack is one where intentional rootkits or hardware backdoors are installed during the manufacturing process. This type of attack can take place in either software or hardware-based products. Once the product’s installation is completed, attackers can use backdoors to attack the network. The latest solar winds strike is an excellent illustration of a supply chain attack. This type of attack can be avoided by double-checking the product’s integrity and only buying hardware or software from trustworthy vendors.

See also

Do you want to get practical skills to work in cybersecurity or advance your career? Enrol in MCSI Bootcamps