Common types of cyberattacks. Part II.
If, in the first part of this article, we explained the means used by cybercriminals to carry out the attack, in this one, we will see the various ways they have to execute it.
As we explained in the previous post, a cyberattack is any type of offensive maneuver employed by individuals or entire organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices. These attacks attempt by various means of malicious acts, usually from an anonymous source, to hack into a system to steal, alter, or destroy a specific target.
Cybercriminals are individuals or teams who use technology to commit malicious activities on digital systems or networks to steal sensitive company information or personal data and generate profits.
Botnet:
Botnets are networks of hijacked computer devices that carry out various scams and cyberattacks. Its name combines two words, “robot” and “network”. Bots are a tool for automating massive attacks, such as data theft, server crashing, and malware distribution. Botnets are designed to grow, automate, and accelerate a hacker’s ability to carry out larger attacks. Attackers trick users into installing malware on their devices, allowing them to control these systems to perform actions such as distributed denial-of-service (DDoS) attacks.
Botnets can be used to carry out a variety of malicious activities, including:
- Spamming: Botnets can be used to send large amounts of spam.
- Conducting DDoS attacks: Botnets can flood a website or service with traffic, causing it to become inaccessible
- Data theft: Botnets can be used to steal personal or financial information.
- Malware spread: Botnets can distribute malware to other devices, increasing the size of the network.
Botnets are run by a “botmaster” or “bot herder,” distributing tasks to infected devices. These tasks can include sending spam, stealing user data, visiting and analyzing web pages, and spreading the botnet itself.
Spyware:
Spyware is any malicious software that secretly collects information about a person or organization and sends it to another entity in a way that harms the user. It is designed to partially or fully control the operation of a computer without the user’s knowledge. For example, by violating your privacy or jeopardizing the security of your device. Websites can engage in spyware behaviors such as web tracking. Spyware is often associated with advertising and involves many of the same edits.
Spyware can have several negative consequences on a device:
- Theft of personal information: Spyware can collect personal data, such as passwords, credit card numbers, and bank account details. It can also record browsing habits and web activity.
- Identity theft: By collecting enough personal data, cybercriminals can steal the victim’s identity.
- Unwanted advertising: Some types of spyware track browsing habits to deliver personalized ads.
- Device performance: Spyware uses the device’s resources, which can slow its operation, cause crashes, and, in some cases, even damage the hardware.
- Invasion of privacy: Some spyware can activate cameras and microphones, record instant messages and Skype calls, and even take photos and videos without the victim’s knowledge.
It is important to note that these consequences can vary depending on the type of spyware and how it is used. Therefore, keeping devices protected with up-to-date security software and following good online security practices is essential.
Phishing:
Phishing is a cybercrime in which a target or targets are contacted via email, phone, or text message by someone posing as a legitimate institution to lure people into providing sensitive data, such as personally identifiable information, bank and credit card details, and passwords.
Phishing attacks have become increasingly sophisticated and often transparently reflect the site they are targeting, allowing the attacker to observe everything as the victim navigates the site and bypass any additional security.
To further explain phishing, we have dedicated a post to this common type of cyberattack that you can read here.