By Charles Joseph | Cybersecurity Advocate
Cyber attacks are a growing concern in today’s increasingly interconnected world.
These malicious activities involve unauthorized access, disruption, or theft of sensitive information, systems, or services.
Cybercriminals, nation-states, hacktivists, and even insiders may perpetrate these attacks for a variety of reasons, such as financial gain, espionage, activism, or simply to cause chaos.
The frequency and sophistication of cyber attacks have risen dramatically over the past few years, posing a significant threat to individuals, businesses, and governments alike.
The following table will help provide a clear understanding of various cyber attack types, their threat indicators, where to investigate, and the possible actions to mitigate or respond to these threats.
Incident Response Table for 15 Attack Types
Attack Type #1 Phishing What It Is Fraudulent attempt to obtain sensitive data Threat Indicators Suspicious emails, URL redirects, fake websites Where to Investigate Email headers, web logs, network logs Possible Actions User training, email filtering, 2FA, website blacklisting, reporting phishing websites
Attack Type #2 DDoS Attack What It Is Overwhelming a network or server with traffic Threat Indicators Unusual traffic volumes, high latency, service outages Where to Investigate Network logs, server logs, ISP reports Possible Actions Traffic filtering, rate limiting, CDN, DDoS mitigation services, network architecture improvements
Attack Type #3 Malware What It Is Malicious software designed to exploit systems Threat Indicators Unexpected system behavior, unusual network activity, AV alerts Where to Investigate System logs, AV reports, network logs Possible Actions Update AV software, user training, patch management, system isolation, malware removal, incident response plan
Attack Type #4 Ransomware What It Is Encrypting files and demanding payment Threat Indicators Encrypted files, ransom notes, unusual file extensions Where to Investigate System logs, AV reports, email logs Possible Actions Regular backups, AV updates, patch management, user training, network segmentation, ransom negotiation
Attack Type #5 SQL Injection What It Is Exploiting vulnerabilities in SQL databases Threat Indicators Unusual SQL queries, data breaches, application errors Where to Investigate Application logs, database logs, web logs Possible Actions Input validation, parameterized queries, secure coding practices, web application firewalls, incident response plan
Attack Type #6 Insider Threat What It Is Malicious activity by an employee or partner Threat Indicators Unusual access patterns, data exfiltration, policy violations Where to Investigate Access logs, network logs, user behavior analytics, security audits Possible Actions Employee training, access control, data loss prevention, anomaly detection, user monitoring, incident response plan
Attack Type #7 Cross-Site Scripting (XSS) What It Is Injecting malicious scripts into websites Threat Indicators Suspicious scripts, defaced webpages, user account compromises Where to Investigate Web server logs, application logs, user input data Possible Actions Input validation, content security policies, secure coding practices, web application firewalls, user education
Attack Type #8 Man-in-the-Middle (MitM) What It Is Intercepting and altering network traffic Threat Indicators Suspicious network activity, certificate errors, altered data Where to Investigate Network logs, traffic analysis, SSL/TLS logs, system logs Possible Actions Use HTTPS, SSL/TLS certificates, network encryption, VPNs, network segmentation, security audits
Attack Type #9 Credential Stuffing What It Is Automated login attempts using stolen credentials Threat Indicators Multiple failed login attempts, account takeovers, data breaches Where to Investigate Authentication logs, user account data, web server logs Possible Actions Multi-factor authentication, password policies, account lockouts, IP blacklisting, user education
Attack Type #10 Zero-Day Exploits What It Is Exploiting unknown vulnerabilities in software Threat Indicators Unexpected system behavior, security breaches, new attack patterns Where to Investigate System logs, network logs, application logs, vendor alerts Possible Actions Regular software updates, patch management, proactive threat hunting, network segmentation, incident response plan
Attack Type #11 Drive-By Downloads What It Is Unintentional download of malicious software Threat Indicators Suspicious website visits, malware infections, unexpected downloads Where to Investigate Web server logs, system logs, network logs, AV reports Possible Actions User education, content filtering, web application firewalls, system hardening, regular software updates
Attack Type #12 Privilege Escalation What It Is Gaining unauthorized access to higher-level privileges Threat Indicators Unusual account activity, access violations, system misconfigurations Where to Investigate System logs, access logs, network logs, security audits Possible Actions Least privilege principle, access control, regular audits, user monitoring, system hardening
Attack Type #13 Social Engineering What It Is Manipulating individuals to divulge sensitive information Threat Indicators Suspicious interactions, information leaks, unauthorized access Where to Investigate Employee reports, email logs, phone logs, social media activity Possible Actions Employee training, security awareness, access control, incident response plan, information classification
Attack Type #14 Watering Hole Attack What It Is Compromising trusted websites to target specific groups Threat Indicators Malware infections, unusual web traffic, compromised websites Where to Investigate Web server logs, network logs, system logs, AV reports Possible Actions Regular website monitoring, secure coding practices, user education, network segmentation, incident response plan
Attack Type #15 Cryptojacking What It Is Unauthorized use of computing resources for cryptocurrency mining Threat Indicators Unusual system resource usage, slow performance, mining-related network activity Where to Investigate System logs, network logs, CPU/GPU usage, process monitoring Possible Actions Endpoint monitoring, application whitelisting, network filtering, user education, incident response plan
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional