- Cyber attacks can take various forms, such as tampering with messages, forgery, denial of service, eavesdropping, and traffic analysis, targeting both active and passive attacks on computer systems and networks.
- It is crucial to understand how cyber attacks work and the various methods used by attackers in order to prevent and protect against potential security breaches and data theft.
- Implementing security measures such as improving security awareness, using firewall software, anti-virus tools, and setting up proxy servers can help enhance cybersecurity defences and mitigate the risks posed by cyber attacks.
Cyber attack is any type of offensive action against a computer information system, infrastructure, computer network, or personal computing device. For computers and computer networks, damaging, exposing, modifying, disabling software or services, and stealing or accessing data from any computer without authorisation are all considered to be attacks on computers and computer networks.
Types of cyber attack
Active attacks
Active attacks result in the tampering of certain data streams and the creation of false data streams. Such attacks can be categorised as tampering, falsification of message data and termination.
1. Tampering with messages
Tampering with a message is when some part of a legitimate message is altered, or removed, the message is delayed or the order is changed, usually to produce an unauthorised effect. For example, modifying the data in a transmission message by changing “Allow A to perform an operation” to “Allow B to perform an operation”.
2. Forgery
Forgery means that an entity (person or system) sends a data message containing the identity information of other entities, pretending to be other entities, so as to obtain the rights and privileges of some legitimate users in a deceptive way.
3. Denial of Service
Denial of Service is often referred to as DoS (denial of service), which leads to the unconditional interruption of the normal use or management of communication equipment. Usually, the entire network is disrupted to achieve the purpose of reducing performance and terminal services. This attack may also have a specific goal, such as to a particular destination (such as security audit services) where all packets are blocked.
Also read: 4 ways to prevent ransomware attacks
Passive attacks
Passive attack in which the attacker does not make any modification to the data information, interception/eavesdropping means that the attacker obtains the information or related data without the consent and approval of the user. Usually includes attacks such as eavesdropping, traffic analysis, and cracking weakly encrypted data streams.
1. Traffic analysis
Traffic analysis attacks apply to some special occasions, for example, sensitive information is confidential, although the attacker from the intercepted message can not be to the real content of the message, he can also observe the pattern of these datagrams, analyse and determine the location of the two sides of the communication, the number of communications and the length of the message, to be aware of the relevant sensitive information, this attack is known as the traffic analysis.
2. Eavesdropping
Eavesdropping is the most commonly used means. Data transmission on the most widely used local area networks (LANs) is done on a broadcast basis, which makes it possible for a single host computer to be subject to all the information transmitted on this subnet. When a computer’s network card operates in promiscuous mode, it can transmit all the information transmitted on the network to the upper layers for further analysis. If no encryption measures are taken, the entire content of the communication can be fully grasped through protocol analysis. Eavesdropping can also be used to get information by unlimited interception, receiving electromagnetic waves radiated by network sites or electromagnetic waves radiated by network-connected devices through highly sensitive receiving devices, and restoring the original data signals by analysing the electromagnetic signals so as to obtain network information. Although in some cases the data and information cannot be fully recovered by electromagnetic signals, extremely valuable intelligence may be obtained.
Also read: Must-know consequences of ransomware attacks
How to prevent cyber attacks?
Improve security awareness
(1) Don’t open emails and files from unknown sources, and don’t run programs given to you by people you don’t know very well.
(2) Avoid downloading unknown software and game programs. Even if you download software from well-known websites, you should scan your software and system with the latest virus and Trojan horse detection software.
(3) Use mixed alphanumeric passwords as much as possible. Simple English or numeric passwords are less secure. Set up different passwords for commonly used passwords to prevent people from finding one of them and then linking it to other important passwords. Important passwords best often change.
(4) Download and install system patches in time.
(5) Don’t run hacker programs casually, as many of these programs will send out personal information when they run.
(6) If you find a warning on HTML-enabled BBS, read the original code first, it may be a trap to get your password.
Use firewall software
Use anti-virus, anti-hacking and other firewall software. A firewall is a barrier that prevents hackers in a network from accessing an organisation’s network and can also be called a threshold that controls incoming/outgoing communications. The internal and external networks are isolated at the network boundaries by the corresponding network communication monitoring system established to block the intrusion of external networks.
Set up proxy server
Set up a proxy server to hide your IP address. Protecting your IP address is very important. In fact, even if a Trojan horse program is installed on your device, without your IP address, the attacker can’t do anything, and the best way to protect your IP address is to set up a proxy server. Proxy servers can play an intermediate role in the transfer of external network applications to access the internal network, its function is similar to a data forwarder, mainly to control which users can access which types of services. When an external network applies for a certain network service to the internal network, the proxy server accepts the application and then decides whether to accept the service according to its service type, service content, the object to be served, the time of the service provider’s application, the domain name range of the applicant, etc., and, if it accepts it, it will forward the request to the internal network.