The computer has also become a part of our life like smartphones. It brought a revolution in technology. Now, a computer is being used in every field of life. But there are persons named hackers, try different kinds of methods to attack someone’s computer and steal your data. Today, I will talk about these 7 types of computer attacks and you must know about them.
Now, these are not necessarily things you should be worried about on a day to day basis. You know you do not come across all of these very often. And some of the advanced ones we are going to talk about in the end. You really are not going to be concerned with Those are more like server-side business side attacks. You can enhance your knowledge by knowing these types of computer attacks.
But they are still useful to know about just out of interest so you can have a better idea and just have a general better sense of security and best practices or you might find it kind of interesting. So, you have to make sure to read this full article.
Table of Contents
Types of Computer Attacks
Here, I will guide you about 7 types of computer attacks which are dangerous and can harm your computer. So, let’s get started:
One of the most well known you probably already know about and if you don’t, you definitely should pay attention to is Phishing. This is an essential one to know about. This is basically where a fake website is set up, where you are tricked into entering your real password credentials into a fake website.
So a lot of times you can get an email, for example, you might get a search result in Google that is the fake result of what you think is Amazon or amazon listing but it is like amazon something where they add in little stuff that tricks you into thinking without looking and eventually it looks like the real website because the design is like that and you input your credentials and they have it.
Then, they can either use that login credentials to log in themselves or maybe order things through your real amazon account or they might just bundle of all the credentials they collect and sell them on the dark web and a lot of times the hacker will buy that database or search through them and try that same password there might be one database on several different websites because a lot of people use the same login.
So, this is why you want to check the URL for links you are clicking. Click suspicious links because they might seem legitimate and then you type in your information. It was the first computer attack and you should aware of it to others as well.
2) Spear Phishing
There is another type of phishing known as spear phishing, where the hacker or attacker will specifically target a very small group of people or one individual person and this is a lot harder to detect because a lot of time if they are targeting a specific company or specific department within a company they may handcraft a spam email.
It has a lot of relevant information where it is difficult to detect that it is a scam email because it may be very very similar to a lot of common emails that the department may receive. For example, maybe the sales department at an audio equipment company may get a request that a sales request for big order and they say can you login to this page where we want to place the order.
You get the idea that completely wrong obviously but it’s an example where they may target a specific group of people and they may name that person by the name they will do a lot of research about the company they are sending it to. So, it may come from a competitors email address or something similar to that you get the idea it just makes it much more likely to increase the trust if they use terminology and things that the person or the victim would recognize
Now, this next type of attack you may not have heard about it before, and its name is a little bit funny called whaling. It’s basically when an attacker goes towards a high profile target like a company so they may go after executives like CEOs or CTOs (Chief Technology officer) they will go after high-level individuals within an organization.
Its a kind of like spearfishing actually but just for a specific high-value target and a simple reason for that is because if you can get login credentials or whatever for a powerful person within a company obviously you can probably do a lot more damage if you are able to impersonate that person you might be able to get a lower-ranking employee to transfer a bunch of money.
And say “Oh! we got this big sale to send the money to this person” and the lower level employee will believe it because they don’t want to against what the CEO says something like that so whaling is basically just kind of like spearfishing except it doesn’t have to be collecting fake websites credentials it could be just targeting through any number of means the phone or email stuff like that.
Now, speaking of the phone there is another type of attack called Vishing which is basically voice phishing so instead of sending emails or sending it through fake websites they may call up and impersonate other employee impersonate a certain company and say when “Oh we have a fraud alert” and pretend to be a fraud alert “Oh what are the email address and PIN number associated with this account”.
You probably have heard of this kind of attack that called voice phishing its another form of social engineering where basically its a confidence trick where they just talk the person into doing what they want and in this form it just happens to be over the phone.
5) MITM (Man in the Middle Attack)
All those that we talked about so far are some form of social engineering where you kind of trick someone into doing something but the next couple is more computer-based attack purely and the first one we gonna talk about is the man in the middle attack and this basically where a hacker will compromise a certain computer and basically trick the victim’s computer into sending all its data into compromised hacked server first before forwarding it to the final destination.
A lot of times this can be done using what is called ARP Poisoning (Adjust Resolution Protocol ) poisoning where basically the hacked computer will literally tell the victims computer that I am the server that it’s looking for so, the victim’s computer will first send all the data at once to the hacked server and then forward to the destination server which could be a website or something like that and then it will also because it is forwarding it to the destination server.
The destination server will think that the hacked server is the one making the request so it will send all the data back to the hacked server first and then the hacked server will send it to the victim’s computer so the victim’s computer doesn’t know that it’s now talking directly to the hacked server. So it can kind of collect all the information in between it could be login credentials or whatever that is not encrypted so this is a very important reason why if you are making an online purchase or you are dealing with sensitive information like going on a bank website.
It’s very important to use an encrypted website using HTTPS If you wanna make sure that the URL is the encrypted version that way even if there is a man in the middle attack the encryption happens between your computer and the server and there just technology in there that makes sure even if someone kind of collects that information and forwards it on only the initiating server which is you and the destination server can decrypt the information.
5) MITB (Man in the Browser Attack)
Now there is kind of variation in the man in the middle attack called the man in the browser attack and this kind of similar idea but just it is different in implementation so in the man in the middle attack there is completely separate server basically outside your network that is collecting information forwarding it. Whereas in the man in the browser attack some type of malware has infected your actual local computer that is making the request itself.
And it’s basically setting up a local proxy on your computer so instead of your information being sent to a hacked server its first being kind of send to a local program on your computer and then the program is sending the request than your actual browser so its kind of similar except the collection and stealing of your data it is actually occurring on your same computer and then the program sends all the collected data and the stolen stuff to the hacker’s crater on the internet.
The next kind of attack lets says, for example, a hacker breaks into a website server and downloads the databases of the username and password usually the passwords will be “hashed” they are kind of encrypted so it’s not that they are stored in plain text and the hacker will have to first be able to decrypt those passwords before it can actually use them.
To log in and try other websites and there are few different ways that the hacker might do this one thing is try to brute force the passwords so what they will do is to compare the hash of a randomly generated or sequentially generated string of characters and numbers and compare it to the hashes that it downloads.
When there is a match it knows that person hash is actually this password so with the brute force attack what they will have to do is literally try every single possible combination and they will try on all the passwords at once presumably or compare as many as possible so they will start off with “A” then B then C then D then AA AB AC etc.
You have to create a strong password so that no one can hack it. I have written a complete article on how to generate a strong password and you must read this article and make a very strong password for your social media or other accounts.
It is better to be safe than sorry
7) Denial of Service
Now, these next types of attacks you probably don’t have to worry about are more types of attacks that happen towards servers and enterprise levels, not individual people and the first couple are Denial of Service attacks and distributed denial of service attack DoS and DDoS. This is when the hacker in the case of Denial of Service attack will basically flood the server with so much data and so many requests that essentially overload the server.
It can’t respond to requests from real people and in this case, the server will presumably be offline as long as the hacker sustains this attack. Now, obviously, this is going to be limited by the hacker’s bandwidth so a lot of times will do is DDoS the distributed denial of service attack where the hacker will use what’s called a botnet which is basically a big group of zombie computers or hacked servers that have been collected ahead of time using a virus or trojan where the hacker will have control of a bunch of computers around the world.
They will all pile on to one individual server that the hacker wants to attack and this is a lot easier to sustain much larger attacks because now you are not just limited by the one hacker’s bandwidth but all the combined bandwidth of all the computers that it has. So, these are very common actually and there are ways to mitigate against it.
For example, there are companies like Cloudflare where their entire purpose will not there entire purpose one service they offer is to basically distribute the required load across many different major powerful servers around the world so there is a denial of service attack then it can use its distributed bandwidth around the world to kind of absorb it and keep the website online even if under attack.