Cyber attacks, in the last decade, have recorded a significant increase globally, both in terms of frequency and impact and size. To the point that it is extremely complex to be able to identify who is behind these actions and immediately distinguish the sources of a cyber attack.
In order to think about the measures to adopt, with the aim of managing the risks relating to IT security and defining the counter actions, it becomes essential to know how to distinguish the different types of threats and the relative methods of action.
What are Cyber Attacks?
Cyber attacks are malicious actions and maneuvers – i.e. carried out by people or criminal organizations with the aim of causing damage – which affect and violate IT systems, which can be infrastructures, applications, networks and/or electronic devices , apps and online digital services, etc. and which usually have as their objective the theft of data or digital identities, the blocking of activities, the malfunctioning of a service, the theft of user credentials, access to information and so on.
The cyber attack is defined by the National Initiative For Cybersecurity Careers And Studies (NICCS) as “the attempt to gain unauthorized access to services, resources or system information and/or to compromise their integrity and, in general, consists in ‘intentional act of attempting to circumvent one or more security services or the controls of a digital information system to alter the confidentiality, integrity and availability of data’.
Punctual definition, which refers to malicious acts – by individuals or real organizations – aimed at the theft, damage or complete destruction of specific objectives.
With regard to the authors – alone or in groups – there is, however, a distinction to be made between the terms “hacker” and ” cracker” and the figures to whom they refer. The first, in reality, refers to computer science and programming experts, who espouse a culture and ethics linked to the idea of ”free software”.
Among these we find, for example, activists and computer scientists who work in the field of security and who ethically use hacking techniques to identify the weaknesses of a system and who are defined as White Hat Hackers .
The “cracker” – also called Black Hat Hacker – is, on the other hand, a computer pirate capable of penetrating computer networks without authorization, with the specific aim of damaging the system, stealing personal data and financial information (including , for example, credit card numbers and bank details) or to hack personal or business accounts to carry out money transfers.
Why are they being conducted
The classification of cyber attacks depends on what are the motivations behind them. Motivations which, in turn, determine the very modalities of the malicious action and its characteristics.
For example, if the attack is motivated by political factors, there is often a strong interest on the part of the authors to hide the real reason, directing public attention elsewhere.
On the other hand, a different thing happens when the reason for the cyber attack is financial and is carried out by computer pirates, less interested in hiding the reasons for the crime but, at the same time, determined to hide its traces.
Cyber attacks directed at organizations – governmental or private – and at individual citizens generally take the form of cyber warfare , the criminal activities of computer pirates – as mentioned above and – activism.
The first group includes those attacks aimed at spreading alarm and discontent. In particular, cyber activism includes all those protest events against actions carried out by governments, companies or other organizations and all actions that spur new social changes .
Most of these attacks are carried out using what is called Distributed Denial of Service (DDoS) , a malicious action that involves the use of a set of previously hijacked computers/devices to direct traffic to a single target website: the aim is to saturate the network or block the computational capabilities of the target, making the site unreachable.
In other cases, computer activism is implemented by resorting to so-called ” defacement” attacks , consisting in modifying the content of a page or website through the illicit introduction of critical or sarcastic texts.
What are the main types of cyber attacks?
There is a great variety of attacks against computer systems, characterized by different techniques and ways of implementation. In a nutshell, they are divided into two macro-categories, with reference to “syntactic attacks” and “semantic attacks”, where the former are “direct” and are based on the diffusion and use, by the user, of malicious software and the second – indirect – include, however, the modification of correct information and the dissemination of false information. Below is a brief overview of the most frequent cyber attacks, belonging to the first group.
Malware
Deriving from the contraction of “malicious” and “software”, the term literally means “evil program” and indicates any computer program capable of damaging the functioning and security of the operating system. It is transmitted over the Internet, often via e-mail or by simple web surfing, and the most common varieties include viruses, trojan horses, key loggers, worms and backdoors. Going into more detail, there are “polymorphic” malware, which continuously changes shape, and “metamorphic” malware, which completely alters their code: both particularly difficult to detect, in reality they do not damage the physical hardware of a system, nor the network, but are capable of stealing, encrypting or deleting data,
Phishing
In this case, the term is a variant of the English word “fishing” (literally “to fish”), alluding to the use of techniques to “fish” a user’s financial data and password. This is a type of scam carried out on the Internet, through which the victim is attempted to be deceived by being persuaded to provide personal and confidential information, financial data or credit card access codes, posing as a financial institution or other reliable entity. Usually, in the message sent to the user, a link is indicated which only apparently refers to the website of the credit institute or the service to which one has registered. If the user enters his confidential data, it will fall into the hands of the criminals.
Man-in-the-middle attack
Literally “man in the middle”, this type of attack occurs when someone secretly retransmits or alters communication between two parties who believe they are communicating directly with each other, without third-party interference. In the most common example, the attacker uses a Wi-Fi network to intercept user communications, either by affecting the router’s connection apparently flawlessly or by exploiting a weakness in the router’s setup, with the aim of intercepting user sessions. users. A recent variant is the “man-in-the-browser” attack, in which the cyber criminal, managing to install malware on the victims’ computers, is able to record the data exchanged between the browser and the target sites where he entered the malware code. This type of attack allows you to hit several people at the same time and also has
DoS attack – Denial-of-Service
The expression denial-of-service (in Italian “denial of service”, abbreviated to DoS) refers to a malfunction caused by an attack in which the resources of a computer system that provides a service to customers are deliberately exhausted , until it is no longer able to function. The attacker basically causes a “denial of service” by overcharging, with a myriad of requests, the network connections of a system responsible for exchanging external data: if the amount of requests exceeds the capacity limit, the system slows down or crashes. Typical targets of DoS attacks are online shopping sites, online casinos, and any business and organization that provides online services. Finally, the perpetrator can also request a payment to stop the attack.
SQL injection
In the attack technique called “SQL injection”, the attacker targets the typical vulnerabilities of those databases that use the SQL language for data entry. What does it mean? In particular, those user inputs that are not filtered correctly and characterized by the presence of some metacharacters are exploited, including, for example, double hyphens, quotation marks and semicolons. Metacharacters – these – which, for the SQL interpreter, allow the external modification of the commands . In many cases, an attack of this type is distinguished by correlations with those programs that have old interfaces and in which theinputs are not filtered properly, making them the ideal target for a cyber-attack. In this way, through precise use of function characters, any unauthorized user can inject other SQL commands and end up tampering with the database.
Zero-day cyber attacks
Zero-day attacks are the latest generation of cyber threats. It is very difficult to understand where they come from – the analysts explain – even if generally it is a question of a cybercriminal (or group) that has discovered certain vulnerabilities and has started to exploit them, including those within browser services and applications by email, one of the tools most used by users. The very name “zero-day” – or “zero days” – means that, since these are newly discovered security flaws, “zero” is the time available to developers to be able to fix them before they can be exploited. For the moment, a distinction is made between “zero day vulnerabilities”, which refer to holes in the protection of a software present in a browser or an application, and “zero day exploits”, an attack which exploits these vulnerabilities to install malicious software on a device.
DNS Tunneling
While DNS tunneling is an older type of cyberattack, it still remains the most viable for organizations today. What does it consist of? Attackers hide data within DNS queries (the Domain Name System is the protocol that keeps the network running, mapping domain names and matching them to their IP addresses) and, by sending them, they manage to transfer or activate malware to the inside a compromised server. This kind of attack is used in different ways, but the most common approach involves command and control servers: once an internal device has been compromised – for example, through phishingor with the release of a piece of malware – the attacker will maintain contact with that device to execute commands.
How to defend yourself against cyber attacks
Every company and organization must be able to implement punctual protection from cyber attacks, to secure their activities and business.
Prevention can be done, first of all, by reducing the attack surface available to the cyber criminal and by managing the installation of software in a centralized and planned way to deal with the vulnerabilities detected.
Regarding the reduction of the attack surface, this will not be able to reset the risk of being attacked. This is why organizations should think about adequate defensive strategies, to manage the phases of reaction to the incident and subsequent investigation to identify the causes of the attack and the systems and data involved.
Fundamental are, then, the implementation of anti-malware solutions – capable of identifying attempts to attack – and the implementation of effective anti-spam solutions. With regard to this second point, we recall that many threats are transmitted via e-mail, even if certified.
Furthermore, user training is an integral part of the protection plan. Whoever, within the company, does not follow the security procedures and does not respect the defined policy, for example, runs the risk of accidentally introducing viruses into the system and – by not deleting suspicious email attachments or inserting unidentified USB drives – to cause serious damage to company assets.
Statistics tell us that the most common – and harmful – IT security problems are due precisely to unintentional errors by employees, often in the incident reaction phase, when a defense plan has not yet been defined and sometimes there it only restores the attacked services.
Finally, each protection system adopted must be subjected to regular acceptance tests to detect its reliability and effectiveness. Together with the security audit – or alternatively – it is also possible to implement the “ penetration test ”, i.e. the evaluation, from the outside, of the degree of security of the IT system, simulating a real attack .
