Even if you’re not working with digital security directly, it’s important to understand some of the finer points about the threats that lurk in the Internet these days. There is a lot to gain from even some fundamental knowledge in this area, and it’s the first step towards a secure foundation for your business and personal life.
This type of attack is quite common as it is relatively easy to be performed. Normally, the victim is sent an email or a text message, containing a malicious link or software that usually looks presentable enough to be opened. If the receiver follows the link or clicks on the software to be installed the results can be devastating, as there is a high chance that sensitive information is revealed in the process or the system might be infected with a virus, Trojan horse or other type of malware.
However, there are some easy steps that can be taken in order to stay safe from phishing attacks. One should always avoid revealing personal information when answering to emails with a suspicious origin. A good idea would be not to follow links in emails that are from unknown senders or using tools that identify if the website in question is legitimate or not. When receiving an e-mail about a problem with an account, it’s better to go to the website manually rather than following any links from the message.
SQL Injection Attack (SQLi)
The SQL Injection Attack is based on vulnerabilities found in the SQL language, or rather, its improper use. The Structured Query Language is famously used for database creation and manipulation in many commercial and open source projects worldwide. It operates with the help of statements that are used for modification of the databases. Unfortunately, if an application that works with a database does not sanitize its user input properly, this can lead to the database executing malicious commands masked as ordinary user requests.
This type of approach can result in the attacker obtaining the content of the database, performing modification or deletion of the entries at different places or shutting down the whole database if the attacker gains access to administrator privileges.
Man-In-the-Middle (MITM) Attack
As the name suggests, this cyber attack involves interception of the communication that occurs between two parties. Man-In-the-Middle can target any type of online communication, for example email exchanges, activity on social media or logging into sites that require authorization. The idea is that when the victim sends a message containing sensitive data to somebody else, i.e. the bank account or sharing personal information in an email, the attacker can take hold of the message, modify it in some way or use the obtained information for malicious intentions.
Besides email interception, a MITM-based attack can be performed while the targeted device is connecting to a new wireless network. The attacker can set up a fake Wi-Fi connection and then just wait until the victim has tried to connect. Doing so, the attacker can easily gain access to the connected device.
In general, the term ‘malware’ is used to denote any piece of software that is created with harmful and hostile intentions. This includes all forms of worms, viruses, ransomware, spyware, adware and Trojan horses. Each of those types of malware has their own characteristics and unique traits.
A worm is a piece of software that replicates itself without stopping, until there is no more free space left on the infected hard drive. Trojan horses are malware that are masqueraded as legitimate software in order to trick the victim into downloading and installing them. Once installed on the device, the Trojan horse starts to perform its malicious function, which can vary from creating a backdoor so the attacker can collect valuable information to wiping out the whole content of the hard drive.
Spyware is used to collect information about the victim’s online activity, usually without the user’s knowledge. Spyware can be implemented in combination with Adware, which presents unwanted advertisements in the form of pop-up windows and tabs.
Ransomware is maybe the most dangerous malware there is. The attack works by locking the victim’s device with malicious code and then demanding a ransom in exchange for restoring the system’s normal functionality. Whatever the type of malware you’re dealing with, it should not be underestimated. One should always be careful when dealing with cyber security, so regular scanning of the system is advised.
Denial-of-Service (DoS) occurs when the attacker makes the access of some resources or services impossible for legitimate users. This attack is most commonly performed when the evildoer overloads a network with too many requests. The point is that a server can take care of a limited number of requests at a time and when that number is reached, no new requests can be processed, including ones made by the victim, and as a result the site cannot be accessed.
The same strategy can be applied when an email account is the target. Each email account has a limited amount of data that it can hold, so flooding one with oversized messages can stop the victim from receiving legitimate messages.