Cybersecurity Attacks 101: Botnets, DDoS, and Web Application Attacks

Every year brings another wave of cyber attacks. In January alone, more than 1.75 billion records were compromised. The average cost of these break-ins was $7.5 million—a significant loss for any organization. One reason for the rise in cybercrime is the influx of professional criminal groups looking to buy and sell stolen data over the Dark Web. In fact, cybercrime related ecommerce has become so profitable that anyone can purchase stolen data or rent a cyber attack service over the Dark Web.

Cyber criminals use a diverse mix of technologies and tactics. Many conventional attacks, such as phishing emails designed to trick users into sharing sensitive information, are still in use. Newer tactics include file-less malware, which is capable of evading anti-virus filters, making it extremely difficult to detect.

To help IT managers and business executives understand the variety of cybersecurity threats that their organizations face, we explain the different types of cyber attacks below.

Botnets

Botnets are networks of “bots,” or computers and devices that have been infected with botnet malware. Bots and botnets are remotely controlled by the cyber attacker, who may command the bots to send a flood or spam, malware, phishing emails or denial-of-service attacks to the target organization.  One of the best-known botnets, Mirai, knocked out internet service throughout the Eastern U.S. in 2016. Mirai had an estimated 100,000 infected internet-of-things (IoT) devices, which launched a denial-of-service attack on Manchester, NH-based internet service provider Dyn (now part of Oracle).

Botnet developers can easily infect unsecured IoT devices, such as security cameras, smart thermostats, medical devices and network routers. As there are currently 26+ billion IoT devices in use worldwide, with more than 75 billion projected by 2025, there is no shortage of material for botnet makers. .

Distributed Denial of Service (DDoS) attack

A denial-of-service (DoS) attack sends excessive amounts of traffic to a targeted web site or IT network with the aim of overwhelming the system. A distributed denial of service (DDoS) attack employs botnets of distributed PCs and IoT devices to flood a victim with junk traffic. A DDoS attack can last for minutes or–if the victim has poor cybersecurity defenses–for hours. In 2018, software development site GitHub was attacked by a flood of DDoS traffic that peaked at 1.35 Tbps of traffic. However, GitHub quickly rerouted incoming traffic to Akamai Prolexic, a traffic filtering service, which blocked the DDoS attack within a few minutes.

Also read: 5 Key Types of DDoS Attacks & How to Mitigate Them

Web application attacks

Web application attacks exploit vulnerabilities in web browsers and application components. They’re among the oldest of cyber attacks and remain popular with hackers. Symantec’s Internet Security Threat Report (ISTR) 2019 found 1 in 10 URLs to be malicious, up from one in 16 in 2017. A vulnerability in a web browser or application can enable a hacker to upload malware, execute code or even gain access to back end servers.

Many web browser attacks are script- or SQL-based. Two common ones are cross-site scripting and SQL injection. Both types take advantage of unsecured input fields on a web site to execute malicious code. The goal may be to infiltrate back-end systems or to infect the browsers of visitors to the web site.

With cross-site scripting, a hacker inputs a script into a contact or message form on a web site. When the recipient opens the message, the script executes. The goal might be to bypass access controls to the system, hijack the user’s session, post messages on their behalf, capture the user’s keystrokes or conduct other malicious activities.

A SQl injection attacks the database behind a web site by typing in malicious SQL code instead of the expected database query. Depending on the query input, an attacker might be able to delete the database, change data, access all usernames and passwords or take other unauthorized actions

Most recently, a web site attack called “form-jacking” has been targeting ecommerce sites. Form-jacking inserts malicious code into the check-out page, which enables the attacker to steal credit card information.

Hackers may also exploit the vulnerabilities of browser extensions or web application components to gain a foothold into an IT system. For example, a vulnerability in the Cisco WebEx Browser Extension reportedly allows  remote attackers to execute arbitrary code on an affected system. While these vulnerabilities are typically fixed in future updates or patches, an IT department may be slow to incorporate them, leaving the system vulnerable.

Multi-vector attacks

These attacks use a combination of several exploits. Typically, none of the exploits would, by themselves, catch the notice of an IT security application. But in a multi-vector attack, they can implant back doors into servers, copy data, create fake accounts and even take control of a system. Multi-vector attacks often employ trusted system tools to do their dirty work. For example, Windows PowerShell and Windows Management Instrumentation (WMI) are often used in multi-vector attacks because they are legitimate programs and their processes are rarely suspect.  (It’s no doubt for that reason that the use of malicious PowerShell scripts increased by 1,000 percent in 2018, according to the Symantec ISTR.)

A multi-vector attack might also have multiple goals, such as to plant malware, steal data and spread ransomware to other computers on the network.  Occasionally, one attack is used as a red herring to cover up another, more serious attack. A DDoS attack might distract an organization’s IT staff, so they don’t notice a hacker downloading data or planting malware.

Insider threats

Not all cyber attacks are done by outside hackers. Employees, contractors and business partners are also frequently guilty of cybersecurity breaches.  CA Technologies 2018 Insider Threat Report found that 53% of organizations experienced one or more insider attacks during the prior 12 months. An “insider” might be a disgruntled, former employee who sabotages a database or a contractor who steals a customer list.  Some insider threats are unintentional, due to ignorance or laziness. Sharing passwords, falling victim to phishing emails, visiting compromised web sites or working remotely over public WiFi are all non-malicious, but potentially damaging, insider threats.

How we could help you

Advanced cybersecurity technologies and services, such as those provided by TierPoint, can greatly improve an organization’s chances of stopping an attempted cyber attack before it can do any damage. Training employees and IT staff in cybersecurity best practices will also greatly help to reduce your organization’s odds of being hacked.

Cybersecurity is an ongoing effort that requires continuous updating of applications and security technologies to stay one step ahead of cyber attackers. IT departments that neglect to quickly install the latest security patches or to warn employees about new types of phishing emails are providing criminals with a significant advantage. Protecting applications and data from cyber attacks requires a combination of advanced IT security services and basic due diligence in security practices.

You May Be Also Interested In

The Future of Web Application Firewalls: AI, Clouds, and IoT