What is cyber attack | Types, examples and prevention | Imperva (2023)

What is a cyber attack?

A cyber attack is a series of actions carried out by threat groups that attempt to gain unauthorized access, steal data, or cause damage to computers, computer networks, or other computer systems. A cyber attack can be launched from anywhere. An attack can be initiated by an individual or a group using one or more tactics, techniques and procedures (TTP).

Cyber ​​attackers are commonly referred to as cybercriminals, threat actors, bad actors or hackers. They can act alone, in conjunction with other attackers or as part of an organized crime group. They try to identify vulnerabilities - problems or weaknesses in computer systems - and exploit them to achieve their goals.

Cybercriminals may have different motivations when carrying out cyberattacks. Some carry out attacks for personal or financial gain. Others are "hacktivists"acting in the name of social or political objectives". Some attacks are part of nation-state cyberwarfare operations against their adversaries or operate within known terrorist groups.

This is part of a comprehensive series of guides forapplication security.

Cyber ​​attack statistics

What is the cost and impact of cyber attacks on businesses?

The global cost of cyber attacks is expected to rise again15% annuallyand is expected to reach 10 trillion dollars. Ransomware attacks, which currently cost US businesses $20 billion annually, account for a growing share of that cost.

The average cost of a data breach in the US is $3.8 million. Another worrying statistic is that listed companies lose an average of 8% of their share value after a successful breach.

How well prepared are organizations for cyber attacks?

In a recent study78%of respondents say their company's cybersecurity measures need to be improved. 43% of small businesses lack cyber security. At the same time, organizations of all sizes are facing a global cyber skills shortage, with nearly 3.5 million job vacancies worldwide, with 500,000 in the US alone.

Examples of cyber attacks

Here are some recent examples of global cyber attacks.

Kaseya-ransomware-aanval

Kaseya, a US-based remote management software provider, was the victim of a supply chain attack that was disclosed on July 2, 2021. The company announced that attackers were able to use its VSA product to infect customer computers with ransomware.

The attack was reported to be highly sophisticated and included several new vulnerabilities in the Kaseya product: CVE-2021-30116 (credential leak and business logic failure), CVE-2021-30119 (XSS), and CVE-2021-30120 (two-factor authentication error). Malware exploiting these vulnerabilities was distributed to customers via a fake software update called "Kaseya VSA Agent Hot Fix."

The attack was carried out by the Russian cyber crime group REvil. Kaseya says less than 0.1% of its customers were affected by the breach. However, some of them were managed service providers (MSPs) using Kaseya software and their customers were affected by the attack. Shortly after the attack, press reports reported that between 800 and 1,500 small and medium-sized businesses were infected by the REvil ransomware attack.

SolarWinds Supply Chain Analysis

It was a massive, highly innovative supply chain attack discovered in December 2020 and named after the victim, Austin-based IT management company SolarWinds. It was carried out by APT 29, an organized cyber crime group linked to the Russian government.

The attack compromised an update intended for the SolarWinds software platform, Orion. During the attack, cybercriminals injected malware into the Orion update, which became known as the Sunburst or Solorigate malware. The updates were then distributed to SolarWinds customers.

The SolarWinds attack is considered one of the most serious cyber espionage attacks against the United States, as it compromised the US military, several US federal agencies, including those responsible for nuclear weapons, critical infrastructure agencies, and most Fortune 500 companies. 500.

DDoS attack on Amazon

In February 2020, Amazon Web Services (AWS) was the target of a large-scale Distributed Denial of Service (DDoS) attack. The company experienced a DDoS attack of 2.3 Tbps (terabits per second), with a packet forwarding rate of 293.1 Mpps and a request rate per second (rps) of 694,201. It is considered one of the largest DDoS attacks in history.

Microsoft Exchange Remote Code Execution Attack

In March 2021, a large-scale cyber attack took place against Microsoft Exchange, a popular corporate email server. It exploited four separate zero-day vulnerabilities discovered in Microsoft Exchange servers.

These vulnerabilities allow attackers to impersonate untrusted URLs, use them to access Exchange Server, and provide a direct storage path for server-side malware. This is a remote code execution (RCE) attack that allows attackers to completely compromise a server and gain access to all of its data. On the affected servers, the attackers stole sensitive information, injected ransomware and deployed backdoors in a way that was virtually undetectable.

In the United States alone, nine government agencies and more than 60,000 private companies were affected.

Twitter star attack

In July 2020, Twitter was hacked by a group of three hackers who took over popular Twitter accounts. They used social engineering attacks to steal employee credentials and gain access to the company's internal management systems, which Twitter later identified as vishing (phone phishing).

Dozens of famous accounts have been hacked, including those of Barack Obama, Jeff Bezos and Elon Musk. The attackers used the stolen accounts to post bitcoin scams and made over $100,000. Two weeks after the events, the US Department of Justice filed charges against three suspects, one of whom was 17 at the time.

Other notable attacks

2018

• Starwood Marriott hotels announced a breach that leaked the personal information of more than 500 million guests.
• UnderArmor's MyFitnessPal brand exposed the email addresses and credentials of 150 million user accounts.

2017

• The WannaCry ransomware attack affected more than 300,000 computers in 150 countries and caused billions of dollars in damage.
• Equifax discovered an open-source vulnerability in an unpatched software component that leaked the personal information of 145 million people.

2016

• The NotPetya attack hit targets around the world, with several waves lasting more than a year and causing more than $10 billion in damage.
• The attack on adult dating site FriendFinder compromised the data of 412 million users.
• Yahoo's data breach compromised the accounts of 1 billion users shortly after an earlier attack exposed personal information contained in 500 million user accounts.

6 types of cyber attacks

While there are thousands of known variants of cyber attacks, below are some of the most common attacks that organizations face on a daily basis.

Ransomware

Ransomwareis malware that uses encryption to deny access to resources (such as user files), usually to force the victim to pay a ransom. Once the system is infected, the files are irreversibly encrypted and the victim must either pay a ransom to unlock the encrypted resources or use backups to restore them.

Ransomware is one of the most common types of attacks, with some attacks using extortion techniques such as threats to reveal sensitive data if the victim does not pay a ransom. In many cases, ransom payment is unsuccessful and user data is not recovered.

Malware

There are many speciesmalware, of which ransomware is just one variant. Malware can be used for a variety of purposes, from stealing information todestroying or altering content on the Internetto permanently damage your computer system.

The malware landscape is evolving rapidly, but the most common types of malware are:

• Botnet - Malware—adds infected systems to the botnet, allowing attackers to use them for criminal activities
• Cryptocurrency Miners— mines cryptocurrency using the target's computer
• Information thieves—collects sensitive information on the target's computer
• Bank eaters- steals financial information and login information for banking websites
• Mobile malware— targets devices via app or SMS
• Rootkity— gives the attacker full control over the device's operating system

DoS and DDoS attacks

Denial of serviceDoS attacks overwhelm the target system, preventing it from responding to legitimate requests.Distributed denial of serviceDDoS attacks are similar, but involve multiple hosts. The target site is flooded with illegal service requests and is forced to deny service to legitimate users. This is because servers are using all available resources to respond to an overload of requests.

These attacks do not give the attacker access to the target system or any direct advantage. They are used solely for sabotage purposes or as a diversionary tactic to distract security teams while attackers carry out other attacks.

Firewalls and network security solutions can help protect against small-scale DoS attacks. To protect against large-scale DDoS attacks, organizations use cloud-based DDoS protection that scales on demand to respond to large numbers of malicious requests.

Phishing and social engineering attacks

Social engineeringis an attack vehicle that relies heavily on human interaction and is used in over 90% of cyberattacks. This includes impersonating a trusted person or entity and tricking people into giving confidential information to an attacker, transferring money, or allowing access to systems or networks.

Phishing attacksThis happens when a malicious attacker receives sensitive information from the target and sends a message that appears to come from a trusted and legitimate source. Phishing refers to the fact that attackers fish for access or sensitive information by luring the unsuspecting user with an emotional hook and a trusted identity.

As part of a phishing scam, attackers typically send links to malicious websites, encourage the user to download malware, or request sensitive information directly via email, SMS systems, or social media platforms. A variant of phishing is spear phishing, where attackers send carefully crafted messages to people with special privileges, such as network administrators, executives or financial staff.

Ataki MitM

The man insideMitM attacks are breaches that allow attackers to intercept data sent between networks, computers or users. An attacker sits in the middle of both sides and can spy on their communications, often undetected. An attacker could also modify messages before they are sent to the intended recipient.

You can use a VPN or use strong access point encryption to protect against MitM attacks.

Attacks without files

Fileless attacks are a new type of malware attack that exploits applications that are already installed on the user's device. Unlike traditional malware, which must deploy itself on the target computer, fileless attacks use pre-installed applications that are considered safe and therefore cannot be detected by older antivirus programs.

Fileless malware attacks can be triggered by user actions, or they can be triggered without user action by exploiting vulnerabilities in the operating system. Fileless malware resides in the device's RAM and typically uses native operating system tools such as PowerShell and Windows Management Instrumentation (WMI) to inject malicious code.

A trusted application on a privileged system can perform system functions on multiple endpoints, making them ideal targets for fileless malware attacks.

Cyberattack Prevention: General Cybersecurity Solutions

Here are some security tools commonly used by organizations to prevent cyber attacks. Of course, tools are not enough to prevent attacks. every organization needs trained IT and security staff or external security services to manage tools and use them effectively to mitigate threats.

Web Application Firewall (WAF)

WAF protects web applications by analyzing HTTP requests and detecting suspicious malicious traffic. This could be inbound traffic, such as a malicious user trying to inject code, or outbound traffic, such as malware deployed on a local server communicating with a command and control (C&C) center.

WAFs can block malicious traffic before it reaches the web application and can prevent attackers from exploiting common vulnerabilities, even if the vulnerabilities are not patched in the underlying application. It complements traditional firewalls and intrusion detection systems (IDS) and protects against attacker attacks at the application layer (layer 7 of the OSI networking model).

DDoS protection

A DDoS security solution can protect your network or server from denial of service attacks. This is done using dedicated network hardware deployed by the organization on premises or as a cloud service. Only cloud-based services can fend off large-scale DDoS attacks involving millions of bots because they can scale based on demand.

The DDoS protection system or service monitors the traffic to detect the DDoS attack pattern and distinguish between legitimate and malicious traffic. When an attack is detected, it cleans, inspects traffic packets and removes those deemed malicious, preventing them from reaching the target server or network. At the same time, it routes the legitimate traffic to the destination system to ensure that the service is not interrupted.

Protection from bots

Bots account for a large percentage of internet traffic. Bots are very heavy on websites and take up system resources. While some bots are useful (eg search engine index bots), others can perform malicious actions. Bots can be used for DDoS attacks, removing content from websites, launching automated attacks on web applications, spreading spam and malware, and more.

The bot protection system detects and blocks bad bots while allowing legitimate bots to do things like search indexing, testing, and performance monitoring. It does this by maintaining a large database of known bot sources and identifying patterns of behavior that may indicate a bot is malicious.

Security in the cloud

Almost all organizations today manage their infrastructure, applications and data in the cloud. Cloud systems are particularly vulnerable to cyber threats because they are often exposed to public networks and are often difficult to see because they are very dynamic and operate outside the corporate network.

Cloud providers take responsibility for the security of their infrastructure and provide built-in security tools to help cloud users protect their data and workloads. However, proprietary cloud security tools are limited and there is no guarantee that they will be used correctly and that all cloud resources will be truly secure. Many organizations use dedicated cloud security solutions to ensure that all sensitive resources deployed in the cloud are adequately protected.

Database security

Databases typically contain sensitive, business-critical information and are a prime target for attackers. Securing databases includes hardening database servers, properly configuring databases to enable access control and encryption, and monitoring for malicious activity.

Database security solutions can help ensure a consistent level of database security across your organization. They can help prevent issues such as excessive privileges, unpatched database engine vulnerabilities, exposure of sensitive data, and database injection.

API security

Modern applications use application programming interfaces (APIs) to communicate with other applications and to obtain data or services. APIs are used to integrate systems into the organization and are increasingly used to contact and receive data from systems managed by third parties.

All APIs, especially public APIs accessible over the Internet, are vulnerable. Because APIs are highly structured and documented, attackers can easily learn and manipulate them. Many APIs are insecure, may lack authentication, or may be vulnerable to security vulnerabilities such as cross-site scripting (XSS), SQL injection, and man-in-the-middle (MitM) attacks.

Securing APIs requires a number of measures, including strong multi-factor authentication (MFA), secure use of authentication tokens, data encryption in transit, and sanitizing user input to prevent injection attacks. API solutions can help you enforce API security controls in a centralized way.

Threat analysis

Threat Intelligence runs in the background and supports many modern security tools. It is also used directly by security teams when investigating incidents. Threat intelligence databases contain structured information collected from various sources about threat actors, attack tactics, techniques and procedures, and known vulnerabilities in computer systems.

Threat analytics solutions collect data from multiple channels and intelligence sources, enabling an organization to quickly identify indicators of compromise (IOC), use them to detect attacks, understand a threat actor's motivations and modus operandi, and provide the right solution for design. answer.

Cyber ​​Attack Prevention with Imperva

Imperva provides security solutions that protect organizations from all common cyber attacks.

Imperva App Security

Imperva offers comprehensive protection for applications, APIs and microservices:

Firewall for web applications– Prevent attacks with world-class web traffic analytics in your applications.

Runtime Application Self-Protection (RASP)– Real-time attack detection and prevention at application runtime, wherever they are. Stop external attacks and injections and reduce vulnerabilities.

API security– Automated API protection ensures that API endpoints are protected as soon as they are published, protecting applications from abuse.

Advanced bot protection– Prevent attacks on business logic from all entry points: websites, mobile apps and APIs. Get seamless visibility and control over bot traffic to stop online fraud in the form of account takeovers or competitive pricing.

DDoS protection– Block edge attack traffic to ensure business continuity with guaranteed uptime and zero performance impact. Secure your resources on-premises or in the cloud, whether hosted on AWS, Microsoft Azure, or Google Public Cloud.

Attack analysis– Provides complete visibility through machine learning and expertise across the entire application security stack to reveal noise patterns and detect application attacks, helping to isolate and prevent attack campaigns.

Client-side protection– Gain visibility and control over third-party JavaScript code to reduce the risk of supply chain fraud, data breaches and customer-side attacks.

Imperva Data Security

Imperva protects all cloud-based data stores to ensure compliance and preserve the flexibility and cost benefits you get from your cloud investment:

Data security in the cloud– Simplify your cloud database security to keep up with DevOps. The Imperva solution enables users of managed cloud services to quickly gain visibility and control over their data in the cloud.

Database security– Imperva provides analytics, protection and response for all your data assets, on-premises and in the cloud, providing threat visibility to prevent data breaches and compliance incidents. Integrate with any database for instant insights, apply universal policies and accelerate time to value.

Data risk analysis– Automate the detection of non-compliant, dangerous or malicious data access behavior across your enterprise databases to speed recovery.

See our additional guides for important application security topics

Together with our content partners, we've written detailed guides on many other topics that can also help you if you're exploring the worldapplication security.

Website security

Learn how to protect important websites and web applications from cyber threats.

• What is session hijacking?
• What is clickjacking?
• What is a site destruction attack?

Safety test

Written by Bright Security

Learn about security testing techniques and best practices for modern applications and microservices.

• Application security test: 3 types and 4 security patches
• Dynamic Application Security Testing (DAST): Complete Guide [2022]
• Top 5 Microservices Security Challenges

XSS

Written by Bright Security

Learn about cross-site scripting (XSS) attacks, which allow hackers to inject malicious code into visitors' browsers.

• XSS Attack: 3 Real Attacks and Code Examples
• How DOM-based XSS attacks work
• A Complete Beginner's Guide to XSS Vulnerabilities