6 Most Comman Cyber Attacks

 These are the following:-

• Phishing 
• Dns Tunneling
• SQL Injection
• Zero-day exploit
• Man-in-the-Middle attack
• Denial-of-service 

Phishing : This is comman type of Cyber attack where victim tries to steal user information such as debit/credit 💳 details or may be they want to install any malware software on your system, to do this victim sends a fraud email to the target and make it as if it's from a genuine source so it is a common type of Cyber attack that everyone should learn to get protected from it.

Phishing

How does phishing actually works?

Phishing always start with fraud email ✉️ it's tries to portray as if it is from a trusted source if the fool gives his confidential information to those on scams website the malware is automatically downloaded to the target machine and does its work.

How is phishing attacks dangerous?

Some of the times attackers were interested in getting credit card information for financial gain, while others tries to steal the login credentials to use its against advance attack to some company. Some Cyber crime attack such as advanced persistent threats (APTs) and ransomware always starts with phishing.

How to be protected against phishing?

Educate Users:

One way is to educate employees against this type of phishing attacks whether they are at higher or lower working staff of an organisation most of the times they taket higher level employees, so tech them that how they can identify the phishing emails and what to do if they get such emails so also check by sending some phishing emails to the employee by the company itself and then see their behaviour how they react to it because this is the better option for making them aware.

Security Technology:

We have not yet discovered such a Technology which can prevent phishing attacks so in this case the organisation must have to take approach to reduce attack and tech their impact to employees when the occur. Network security Technology should be implemented on all kind of ✉️ email, Web security and malware protection, monitoring the behaviour of the users and access control 🛂.

Dns Tunneling : It's work is to utilise the dns protocol to communicate with non DNS traffic 🚦 over port 53. It sends the http and other protocols traffic over DNS there are many good reason to utilise DNS tunneling but the malicious reason is that they can be used to hide outbound traffic concealing data that is shared typically through internet connection. For malicious use DNS request are manipulated to extract the data from a compromised system to attackers infrastructure. It can also be used for command and control 🎛️.

DNS tunneling

SQL Injection : SQL stands for Structured Query Language It take place when an attacker tries to insert malicious code into the server which uses SQL that force the server to reveal the information but normally it doesn't. An attacker does the SQL Injection by putting some malicious code into the search box of the website which vulnerable.

SQL Injection

Zero-day exploit : A zero-day exploit take place when the vulnerability of the Network is announced in public and before there is a patch or solutions is implemented. An attacker target the disclose vulnerability during this phase of time this is done very fast so zero day exploit is always required a constant watch on it.

Zero-day exploit

Man-in-the-Middle attack : (MitM) which stands for Man-in-the-Middle attack, It is also known as eavesdropping attack it take place or occur when attacker put him/herself into the transaction between two-parties once the attacker interrupt the traffic then he can steal the information ℹ️.

There are two comman way of getting entry in (MitM) attack are:

1. When there is an unsecure public Wi-Fi, the attacker may put himself between the visitors and the Network device. And without knowing the visitor passes through all the information to the attacker.

2. Once there is a breach in device through a malware, now an attacker can install any software to process with the victim's Information ℹ️.

Man-in-the-Middle attack

Denial-of-service : In this attack a particular system, server or a Network gets lots of traffic 🚦 which leads to exaust the resources and bandwidth. And may result in not full filling the legitimate request. And sometimes attackers may also used multiple devices to attack a particular host this is called Distributed-Denial-of-Service.

Denial-of-Service and Distributed-Denial-of-service