Incident Response for 15 Common Attack Types

Incident Response for 15 Common Attack Types

 By Charles Joseph | Cybersecurity Advocate
 Last update: November 25, 2023

Cyber attacks are a growing concern in today’s increasingly interconnected world.

These malicious activities involve unauthorized access, disruption, or theft of sensitive information, systems, or services.

Stay One Step Ahead of Cyber Threats

Want to Be the Smartest Guy in the Room? Get the Latest Cybersecurity News and Insights.
We respect your privacy and you can unsubscribe anytime.

Cybercriminals, nation-states, hacktivists, and even insiders may perpetrate these attacks for various reasons, such as financial gain, espionage, activism, or to cause chaos.

The frequency and sophistication of cyber attacks have risen dramatically over the past few years, posing a significant threat to individuals, businesses, and governments alike.

The following table will help provide a clear understanding of various cyber attack types, their threat indicators, where to investigate, and the possible actions to mitigate or respond to these threats.

Incident Response Table for 15 Attack Types

Attack Type #1Phishing
What It IsFraudulent attempt to obtain sensitive data
Threat IndicatorsSuspicious emails, URL redirects, fake websites
Where to InvestigateEmail headers, web logs, network logs
Possible ActionsUser training, email filtering, 2FA, website blacklisting, reporting phishing websites
Attack Type #2DDoS Attack
What It IsOverwhelming a network or server with traffic
Threat IndicatorsUnusual traffic volumes, high latency, service outages
Where to InvestigateNetwork logs, server logs, ISP reports
Possible ActionsTraffic filtering, rate limiting, CDN, DDoS mitigation services, network architecture improvements
Attack Type #3Malware
What It IsMalicious software designed to exploit systems
Threat IndicatorsUnexpected system behavior, unusual network activity, AV alerts
Where to InvestigateSystem logs, AV reports, network logs
Possible ActionsUpdate AV software, user training, patch management, system isolation, malware removal, incident response plan
Attack Type #4Ransomware
What It IsEncrypting files and demanding payment
Threat IndicatorsEncrypted files, ransom notes, unusual file extensions
Where to InvestigateSystem logs, AV reports, email logs
Possible ActionsRegular backups, AV updates, patch management, user training, network segmentation, ransom negotiation
Attack Type #5SQL Injection
What It IsExploiting vulnerabilities in SQL databases
Threat IndicatorsUnusual SQL queries, data breaches, application errors
Where to InvestigateApplication logs, database logs, web logs
Possible ActionsInput validation, parameterized queries, secure coding practices, web application firewalls, incident response plan
Attack Type #6Insider Threat
What It IsMalicious activity by an employee or partner
Threat IndicatorsUnusual access patterns, data exfiltration, policy violations
Where to InvestigateAccess logs, network logs, user behavior analytics, security audits
Possible ActionsEmployee training, access control, data loss prevention, anomaly detection, user monitoring, incident response plan
Attack Type #7Cross-Site Scripting (XSS)
What It IsInjecting malicious scripts into websites
Threat IndicatorsSuspicious scripts, defaced webpages, user account compromises
Where to InvestigateWeb server logs, application logs, user input data
Possible ActionsInput validation, content security policies, secure coding practices, web application firewalls, user education
Attack Type #8Man-in-the-Middle (MitM)
What It IsIntercepting and altering network traffic
Threat IndicatorsSuspicious network activity, certificate errors, altered data
Where to InvestigateNetwork logs, traffic analysis, SSL/TLS logs, system logs
Possible ActionsUse HTTPS, SSL/TLS certificates, network encryption, VPNs, network segmentation, security audits
Attack Type #9Credential Stuffing
What It IsAutomated login attempts using stolen credentials
Threat IndicatorsMultiple failed login attempts, account takeovers, data breaches
Where to InvestigateAuthentication logs, user account data, web server logs
Possible ActionsMulti-factor authentication, password policies, account lockouts, IP blacklisting, user education
Attack Type #10Zero-Day Exploits
What It IsExploiting unknown vulnerabilities in software
Threat IndicatorsUnexpected system behavior, security breaches, new attack patterns
Where to InvestigateSystem logs, network logs, application logs, vendor alerts
Possible ActionsRegular software updates, patch management, proactive threat hunting, network segmentation, incident response plan
Attack Type #11Drive-By Downloads
What It IsUnintentional download of malicious software
Threat IndicatorsSuspicious website visits, malware infections, unexpected downloads
Where to InvestigateWeb server logs, system logs, network logs, AV reports
Possible ActionsUser education, content filtering, web application firewalls, system hardening, regular software updates
Attack Type #12Privilege Escalation
What It IsGaining unauthorized access to higher-level privileges
Threat IndicatorsUnusual account activity, access violations, system misconfigurations
Where to InvestigateSystem logs, access logs, network logs, security audits
Possible ActionsLeast privilege principle, access control, regular audits, user monitoring, system hardening
Attack Type #13Social Engineering
What It IsManipulating individuals to divulge sensitive information
Threat IndicatorsSuspicious interactions, information leaks, unauthorized access
Where to InvestigateEmployee reports, email logs, phone logs, social media activity
Possible ActionsEmployee training, security awareness, access control, incident response plan, information classification
Attack Type #14Watering Hole Attack
What It IsCompromising trusted websites to target specific groups
Threat IndicatorsMalware infections, unusual web traffic, compromised websites
Where to InvestigateWeb server logs, network logs, system logs, AV reports
Possible ActionsRegular website monitoring, secure coding practices, user education, network segmentation, incident response plan
Attack Type #15Cryptojacking
What It IsUnauthorized use of computing resources for cryptocurrency mining
Threat IndicatorsUnusual system resource usage, slow performance, mining-related network activity
Where to InvestigateSystem logs, network logs, CPU/GPU usage, process monitoring
Possible ActionsEndpoint monitoring, application whitelisting, network filtering, user education, incident response plan
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional