Glossary
See the definitions of key threats
Types of online attacks
Using the world wide web every day, each of us is exposed to numerous threats lurking in its resources. Due to the high activity and ingenuity of cybercriminals, new and increasingly sophisticated tools, mechanisms, and methodologies are being developed. Therefore, it’s safe to say that cybercriminals are chopping and changing their modus operandi, which is why, so as not to give anyone a headache from using the Internet (literally and figuratively :)) we give you a short overview of old and well-known threats, as well as the newer ones. Of course, it’s subjective and far from exhaustive, but it takes the form of an accessible (we hope) list and a glossary of key terms, which we have published as a separate article.
Types of attacks – classification of types of attacks carried out by cybercriminals
The classification should be prepared based on different criteria, which may lead to interesting conclusions as to what mechanisms govern a given modus operandi, as well as in which situations a given threat can be expected.
Types of attacks based on technical means at the attacker's disposal:
- use of so-called malicious software, i.e. malware, which is well known to all (this includes viruses, rootkits, trojans, keyloggers, exploits, spyware, adware, scareware, PUPs – Potentially Unwanted Programs, or ransomware),
- cryptographic attacks,
- doxing,
- spamming,
- spoofing,
- sniffing,
- session hijacking,
- man-in-the-middle attacks,
- exploitation of vulnerabilities (e.g. in the library used) and errors (e.g. as a result of the programmer's mistake) in applications (e.g. SQL Injection, XSS, CSRF, XXE, buffer overflow attacks),
- cracking passwords (through the use of rainbow tables, for example),
- e-mail bombs,
- bluehacking (includes bluejacking, bluesnarfing, and bluebugging).
To make the above typology a little clearer, it’s worth citing the definitions of the key terms used to formulate it.
As mentioned in the introduction to this article, we have prepared them as a glossary available here.
Due to the degree of interaction between the perpetrator and the system under attack, attacks can be divided into the following two categories:
- active – as a result of the attacker's actions, the system loses its integrity (e.g. the perpetrator modifies the data stream, creates false data, and thus actively participates in the flow of information between users; in this context, a man-in-the-middle attack type immediately springs to mind),
- passive – the attacker enters the system, but doesn’t make any changes to it (e.g. copies important data, but doesn’t affect the operation of the system’s software; such actions include eavesdropping or monitoring data flowing between users).
Taking the source of the attack as a criterion, the following distinction is made between attacks:
- remote – carried out from a system outside the network being attacked; the perpetrator doesn’t have any privileges on the attacked system,
- local (internal) – the intruder has access to the network being attacked (they are a user of the network, e.g. an employee of the compromised company, or they have managed to physically connect to it) and tries to increase their authority level to be able to modify or access data not intended for them.
According to the number of computers involved, attacks can be identified as:
- direct – the perpetrator uses a single computer to carry out the attack,
- distributed – the attacker uses an interconnected network of "zombie" computers, over which they have gained control, i.e. a so-called botnet; the perpetrator usually uses for this purpose one or more hosts, through which, using the Command and Control – C&C/C2 infrastructure, they send commands to subordinate machines; among examples of such attacks are DDoS (Distributed Denial of Service), sending spam, or trading information acquired from intercepted machines.
According to the perpetrator’s intent, the following attack types are distinguished:
- intentional – the attacker was fully aware of their actions from start to finish and wanted to achieve a specific goal,
- unintentional – spreading a virus or causing a breach of data integrity, etc. as a result of an accident or lack of caution on the part of an unaware user of the network constituting the centre of an attack; for instance, an employee brings an "infected" device to work and then connects it to the company network, which results (in the absence of proper segmentation or other security measures) in the spreading of malicious code, or a situation where an unauthorised employee gains access to a closed part of a database as a result of an error in the program responsible for granting rights to network users.
Having read the above section, one cannot fail to find the diversity of the attack vectors to be striking. They occur in virtually every possible interaction between the user and the website used by them, as well as in the corporate environment. This is particularly important when allowing a BYOD (Bring Your Own Device) model in the workplace, in which case proper education focused on employee security awareness is crucial. After all, we need to remember about security both at home and at work.
Then it’s advisable to go into a deeper analysis of the risks described in this article and included in the mentioned glossary of relevant terms. This, with a particular focus on attacks based on social engineering, will be the subject of our deliberations in future publications on the CERT – Allegro website. Don’t hesitate to take a look here every now and then as we hope to share more interesting material with you over time!
