What are the different types of hacking attacks?

Hacking is a term that will no doubt spark concerns for any online business owner. IBM defines hacking as “the use of unconventional or illicit means to gain unauthorised access to a digital device, computer, or computer network.” Typically involving a broad range of malicious activities and practices, understanding the different types of hacking methods is essential to protecting your business’ and customers’ sensitive data online.

In this blog, we explore some of the most common types of hacking methods so you’re armed with the basic knowledge of the different types of threats your business could potentially face. We’ll also provide you with some simple tips to better protect yourself and your business from a cyber attack.

What are the different types of hacking attacks?

There are many different types of cyber attacks and hacking methods that all businesses and online users should be aware of. Below we highlight some of the most common types and what they entail so you can quickly recognise these threats and tackle them effectively.

Brute force attack

A brute force cyber attack, also known as ‘brute’, ‘exhaustive key search,’ or ‘dictionary attack’, is a hacking method that essentially involves trying to guess the password to the backend of your website, online bank account, or any other online account you may have.

You may think that the hacker will be aimlessly trying to guess your password manually, however their process is much more sophisticated than that. Instead, they use password-cracking software like John the Ripper or Hashcat to automatically make repeated guesses using predefined algorithms.

This is why this particular cyber attack is also known as a ‘dictionary attack’ as it is the cybercrime equivalent of starting at ‘aardvark’ and working your way through to ‘zyzzyva’. Most brute force algorithms involve known trends in password-setting – such as a single word followed by a year, or the length of a password – and to save time, they will run these formats first.

Of course, this still leaves billions of possible combinations and requires a lot of processing power to find the right one. But if a hacker is determined to access your account, they’ll do whatever it takes to crack your password.

SQL injection

SQL injection, also known as ‘sequel injection’, is a type of cyber attack that bypasses a website’s security system and talks straight to the database powering it. SQL stands for ‘Structured Query Language’ and is the standard language for website databases as well as the place where all your content, settings, and passwords are stored.

Websites, along with content management systems (CMS), will be constantly talking to their corresponding SQL databases. Usually, only the information you want to make public makes it onto your web pages, but bad coding will sometimes result in SQL data being spewed into the public domain, which is something hackers take advantage of.

If there is no bad code on your site, a hacker can try and add some themselves. Using features on your website that are designed for user interaction, like contact forms for example, they can attempt to ‘inject’ bad code that breaks the barrier between them and the database.

For example, a hacker could write a line of code, or an SQL syntax, with a command as simple as ‘SELECT email, password FROM users’, in a form field designed for other user input. This line of code translates to, ‘Dear website, please get me the columns “email” and “password” from the table called “users”, much obliged.’ 

An SQL syntax like the above is designed to allow websites to retrieve any data they need from the database, so there are thousands of different commands and combinations an SQL hacker can inject. However, it’s important to note that an SQL injection cyber attack like this is only possible when the code allows it. Almost all modern websites are built to disallow anything that looks like an SQL injection in form submissions and your hosting firewall should also be on the look-out too.

Denial of Service attack

A Denial of Service, or a DoS attack, aims to deny an online service to customers and internal users by overloading it with traffic. Attackers will bombard a website with fake requests with information until the server is completely overloaded and breaks.

A common variation of DoS is ‘DDoS’, which is a Distributed Denial of Service attack. The idea behind this particular cyber attack is that it is distributed across a whole network of computers, meaning more server requests can be made from more locations. Many computers involved in such attacks will have been commandeered in previous hacks or via the distribution of malware and their owners will have no idea what is taking place.

The difficulty for victims of DoS attacks is that the attack will come from many directions at once, including from genuine users repeatedly refreshing the page trying to get the site to work, making it difficult to block the malicious connections. To prevent your server crashing, you could shut it down yourself, but that is more often than not what the attackers are trying to achieve in the first place.

Other types of hacking methods to be aware of

As well as the above cyber attacks, there are numerous other online threats businesses should be aware of including:

• Phishing – these types of cyber attacks usually involve a scammer or hacker stealing or tricking users into sharing sensitive information such as passwords, usernames, or banking details for example. They often come in the form of an email or a text message, encouraging users to click a link to share/steal information.
• Malware – this is virus-like software that is normally used to gain unauthorised access to a device like a computer or a mobile phone. It will usually track your activity in order to obtain your sensitive information like passwords.
• Waterhole attacks – these are usually targeted attacks on specific users within an industry or organisation. The aim is to infect websites they usually visit with malware to gain access to an organisation’s network.
• Remote File Inclusion (RFI) – similar to an SQL injection, this type of cyber attack uploads a whole file of malicious code from a remote server with the aim to compromise a system, website, or application.
• Social engineering – this is a psychological manipulation tactic that aims to steal sensitive information or gain control of a computer system. It can take form in many ways such as pretending to be someone else online, or an unauthorised person gaining access to an unattended computer.
• Backdoor attacks – a backdoor attack is essentially a hacker gaining access to a system that bypasses normal security procedures and authentication. 

Our tips to preventing these types of hacking methods

Now that you’re aware of the most common types of cyber attacks, you might be wondering what you can do to prevent these threats from your business. Here are some basic principles you can follow to reduce the risk of a cyber attack on your website:

• ALWAYS keep your website’s software up to date – each update to your CMS will contain fixes for zero-day vulnerabilities that are already in circulation amongst the hacker community.
• Use established and reputable software and plug-ins – poorly written code can leave you vulnerable to an attack or worse, it may contain malware. This is exactly why you should always use reputable software and plug-ins.
• Don’t cheap-out on development – building a secure website takes time and expertise. If you are using bespoke functionality, don’t cut corners, rush deadlines, or rely on inexperienced developers.
• Back your site up regularly – if you are unfortunate in that you get hacked, you’ll most likely need to revert back to a previous version of your files and database to ensure there are no nasties still lurking within. Hackers will generally litter a compromised site with malware in different locations, as well as creating their own ‘backdoor’ to re-enter the site at a later date, so it’s vital you restore a recent backup of your site.
• Monitor file changes and user log-ins – reputable website security software will do this for you, alerting you if there is suspicious activity and automatically block unapproved users who might pose a threat.
• Be password smart – always use a complicated password, preferably a randomly generated one. You can use your browser’s password manager or a service like LastPass to remember complex passwords for you. You should also avoid using common usernames like ‘admin’ or ‘root’.
• Trust no one – don’t enter your passwords anywhere without checking the link you have followed. Don’t be afraid of asking questions of anyone claiming to be technical support – a true tech specialist will appreciate your concern for security and won’t take offence. If you share an office space, lock your screen when you leave your desk.

In need of secure website support services?

No matter the business you own, or the industry you reside in, these types of hacking and cyber attacks are a real threat. But as we’ve highlighted, there are best practices you can adopt and implement to your site to ensure protection and avoid becoming a vulnerable target.

At Fifteen, we understand these types of cyber attacks and hacking methods worry many business owners, but we’re here to help. Our web development specialists are always at the forefront of the latest web security trends and best practices, so you can be confident your website is built with security in mind. 

We also offer website support and hosting services where you’ll have a dedicated point of contact on hand to fix any issues that may arise with your site. Don’t hesitate to contact us today to learn more about how we can protect your online business from these types of cyber threats.