“Cyber Attack” is an attempt through which an attacker can gain access to enterprise computer or networks to implant a payload – referred to as a computer virus which performs dangerous activities such as, data destruction and sending spam mails that produce malicious outcomes. Cyber-attacks are disrupting enterprise productivity through thefts or stealing of enterprise information, creating fear to employees, financial loss, demanding money from organisations by injecting virus to their systems, damaging their reputation or to take revenge.
Types of cyber attacks
- Bot Net: A botnet is a huge network of compromised systems used by attacker to stop computer functioning. Bot net performs tasks such as uploading viruses, sending mails with botnet attached, and stealing data.
- Phishing: Is a way of sending an illegitimate email falsely claiming to be from a legitimate site in order to acquire user’s account information. This can be done by providing an unwanted link to the mail and tempting users to click the link.
- Ransomware: Is a type of malware, which restricts access to the computer system files and folders and demand payment to clear the malware. It’s usually spread through email messages or messages with attachments.
- Web application threats: Is a further subset of SQL injection and cross-site scripting attacks. Most of these attacks are due to flawed application development and improper sanitisation of input and output of data from web application. It threatens the performance of the website and hampers web application security.
- Internet of things (IOT) Threats: Devices connected to the internet have no security at all or have means only minimal. Due to memory, battery and storage constraints, IOT Applications do not include complex security mechanisms which invite cyber-attacks. Also, the systems are more vulnerable and make it easier for
- Mobile threats: Users may download malware applications to their phones, which can damage applications and data and send sensitive information to the attackers. Attackers can then access sensitive data remotely using virtual environment.
- Eavesdropping: Is a threat to enterprise or individual by secretly listening to conversation between two parties either on phone or direct.
- Cloud computing threats: Cloud computing is an on-demand delivery of IT services and infrastructure. Enterprises can store sensitive information on the cloud. A flaw in one cloud platform will allow attackers to gain access to all the infrastructure in cloud and attack other enterprise data.
To conclude, one must understand various cyber attacks in order to take action against those attacks. Proper policies should be in place to avoid those attacks at the organisation level. Employees must be aware of the attacks at their level and support enterprises in fighting against cyber attacks.
This article is contributed by Latha Manian from the School of Technology.