What type of attacks is a company liable to suffer?
1. Malware Attack
One of the most common cyber-attacks, “Malware” attack refers to a malicious software viruses like worms, spyware, trojans, etc. Malware breaches a network through a vulnerability, for example, when an employee clicks on an unsafe link and it downloads an email attachment or when an infected pen drive is used.
2. Phishing Attack
On this type of attack the attacker pretends to be a trusted contact and sends fake emails to the victims. If the victim is not careful, opens the email and clicks on the malicious link or on the attachment, the attacker can get access to all data and account credentials. A malware can also be installed through a phishing attack.
3. Password Attack
As passwords are commonly used to authenticate users to an information system, cracking passwords is a very effective attack. Through multiple password cracking programs, like Aircrack, Cain, Abel, etc. the hackers will try to crack the companies’ passwords, and if they success they will have access to systems and sensible data.
4. Man-in-the-Middle Attack – Eaves dropping
Also known as an eavesdropping attack, in this attack an attacker comes in between a two-party communication in order to steal and manipulate data.
5. SQL Injection Attack
This type of attack takes place on a data-driven website, when the hacker manipulates a standard SQL query. The hacker injects a malicious code into a vulnerable website search box, forcing the server to reveal vital information.
6. Denial-of Service (DoS) and Distributed Denial-of-Service Attacks (DDoS)
Through a Denial-of-Service attack, the hacker targets the system’s resources, like servers and networks, and flood them with traffic to exhaust their resources and bandwidth, leaving legitimate service requests unattended. A DDoS is also an attack on system’s resources, but it is launched from a multiple number of other host machines that are infected with malicious software controlled by the attacker.
Although there is no apparent benefit to the hacker apart from the satisfaction of the service denial, if the attack was launched by a competitor, then the benefit is real and quite serious. Another purpose of these type of attacks is to take a system offline so a different type of attack can be executed.