DDOS attack, SQL injection or brute force attack – the methods of hackers are becoming more and more targeted and cunning, because there is a lucrative shadow economy behind them. We present common attack methods from the cyber world and show you how you can stay one step ahead of attackers in the future:
Cyber attack: what is it?
IT security experts speak of a cyberattack when hackers or hacker gangs gain unauthorized access to one or more IT systems for criminal purposes such as data theft, industrial espionage or ransomware. Cyber criminals use Trojans, viruses, worms, and many other tricky methods that push antivirus scanners and firewalls to their limits.
In general, any networked computer can become a target, since cyberattacks – as the term suggests – happen in cyberspace. The perpetrators have long been able to operate from almost anywhere in the world, which makes it particularly easy for them to cover their own tracks on the network. Sometimes, criminal activities are also extended to the real world – for example, when hackers deliberately infiltrate companies’ systems with contaminated storage media.
Who is behind cyberattacks on companies?
“Cybercrime runs in two parallel worlds,” says Matthias Nehls, managing partner and founder of the German Association for Cyber Security (DGC). “First, there are those attackers who want to infect as many computers as possible with malware via mass processing in order to grab confidential data and sell it on the darknet.” Depending on the quality, they will pay up to $20 per data set – a lucrative business given the large amounts of data involved. “Ransomware is even available as a rentable service these days, with hacker groups behind it letting themselves share in the criminal successes of their customers,” says Matthias Nehls. With the help of these malware programs – also called encryption Trojans, extortion Trojans or crypto Trojans – entire companies are paralyzed in order to demand a ransom for the release of the IT systems.
In contrast, professional hackers pose an even greater potential for damage to companies: “These attackers are highly strategic and choose their targets carefully. When they attack, they usually remain undetected for a long time because they leave a small digital footprint in the systems,” says Matthias Nehls. On average, it takes 207 days for a cyberattack to gain attention – plenty of time to pursue criminal goals. These range from spying on trade secrets and manipulating financial flows to operating in financial markets on the basis of confidential board information.
Hackers: common tools and tactics
It pays for companies to be informed about current methods used by cybercriminals and to arm themselves accordingly: In addition to social engineering attacks, which are tailored to manipulatively obtain information from employees and include methods such as phishing, CEO fraud or baiting, there are numerous other sophisticated tactics. We present six common ones:
Man in the Middle (MitM)
In a man-in-the-middle attack, a hacker inserts himself into the data traffic of two or more communication partners. In most cases, this involves the victim’s system and a resource used on the Internet. Unnoticed, the data flow is diverted: in order to view or manipulate the entire communication, the attacker pretends to be the respective counterpart. In this way, encrypted passwords, user names or bank data are disclosed without the victim knowing.
SQL injection attack
SQL injection is one of the top security risks for web applications such as online store software: Attackers exploit a security hole, often caused by programming errors, which is connected to an SQL database and allows them to inject their own commands. This enables them to copy and manipulate confidential data records or gain control over the entire SQL database.
Although the attack method was discovered as early as the late 1990s, it is still considered a serious threat today. For hackers, it requires comparatively little effort, which is why SQL injections are the cause of repeated data leaks. There are effective countermeasures that can be strategically combined to contain the risk.
Brute force attack
Cybercriminals use this attack method to illegally authenticate passwords to gain access to user data. With the help of automated software and powerful hardware, countless sequences of letters and characters are tried until the correct one is determined. This is why IT security experts refer to brute force attacks as “exhaustive searches”. In general, any password can be decrypted, but more time is needed as the complexity increases.
Due to the fact that many people use short passwords in the work environment as well as in private life, the method is successfully used by the hacker scene. Therefore, it proves to be an important step for companies to make access more difficult for potential attackers by increasing password security.
Denial of Service (DoS) can be translated as “denial of service”. This is more a case of unavailability: to cause disruptions, hackers attack a selected target system with greatly increased data traffic. The large number of artificially generated requests is intended to cause entire systems or servers to collapse. Such attacks can restrict or even bring down the business operations of companies.
If the deliberate overload is caused by a large number of decentralized sources, security experts refer to it as a distributed denial of service (DDoS) attack. This is usually more difficult to banish because hackers distribute their attack programs to several hundred or thousand unprotected computers, creating a worldwide attack network.
This relatively new hacking tactic emerged with the rise of cryptocurrencies and is based on the way the blockchain works. In a nutshell, the technology is based on so-called “miners” who add more blocks to the endless data chain and are rewarded with digital money. Since this process, known as “mining” or “prospecting,” is resource-intensive, cyberjackers tap into powerful computers or corporate networks to do this. This commonly remains hidden, as cybercriminals have a vested interest in keeping the clandestinely used systems operational. Often, the illegal use is only revealed via downstream consequences such as reduced system performance.
Security experts distinguish between two types of cryptojacking – browser-based attacks or access after a malware infection. Attacks in which malware is downloaded in the course of a phishing attempt prove to be particularly consequential: once a computer or network is infected, cryptocurrency is often mined day and night by the intruders.
An internal attack takes place from within the company’s own systems – where most companies believe they are safe. According to a Bitkom study, the greatest source of danger comes from former employees: One-third of affected companies were harmed by this group of perpetrators in 2020. In a kind of act of revenge, first backups and then sensitive data such as customer information are deleted – often with far-reaching financial consequences and image damage.
Measures against hacker attacks – How to protect yourself and your company
“A cyberattack challenges even seasoned managers and IT experts,” Matthias Nehls knows from working with companies from a wide range of industries. It is not uncommon to act hastily and without thinking when a security incident occurs – or, conversely, to downplay the extent of an attack. The expert advises, “Every company should have an emergency plan in place to ensure that cyber crisis management focuses on problem solving.” Here, for example, it is important to define alarm sequence, decision-making competencies and tasks. At least as important are regular backups of business-critical data that is stored far away from the systems and inaccessible to criminal hacker gangs.
To ensure that the worst does not happen, companies should rethink their security standards along the entire value chain and, for example, also include possible interfaces with business partners. “With the right measures, the risk of being damaged by cyber attacks can be reduced in the long term,” says Matthias Nehls. “At the same time, the interaction between people and technology must always be considered, as untrained employees still pose a major security risk.”
Service providers such as the DGC provide expertise and experience to support the implementation of tailored all-round protection. This includes security awareness training, ongoing vulnerability analysis and system monitoring, as well as rapid support in the event of a security incident. Depending on the severity of the attack, IT security experts at the Cyber Defense Operation Center (CDOC) can find out within minutes or hours what information has been encrypted or stolen, which areas of the infrastructure are affected – and above all: how the danger can be averted. This expertise is crucial for companies – the earlier an attack is detected, the smaller the impact.