A peek at recent headlines backs up what most IT professionals already know: cyberattacks against businesses, governments, and individuals are on the rise.
As a webmaster, a big part of your job is protecting clients' websites from infiltration by crackers, hackers, and malicious trackers. So, you might be wondering what the most common types of cyberattacks are and what you can do to prevent them?
4 common cyber attacks:
- Distributed Denial of Service (DDoS)
- Phishing and spear-phishing
- SQL injection
- Cross-site scripting (XSS)
Common cybersecurity issues
Even old attacks can become new again when cybercriminals find fresh ways to probe and penetrate website vulnerabilities. Its essential for everyone from seasoned IT experts to the average computer user to stay aware of where the threats come from and the take steps to prevent data breaches.
1. Distributed Denial of Service (DDoS)
DDoS attacks are easy to launch. They aren't normally used to access the system under attack, but to block access for others. Although there are several types of DDoS attacks, they mainly work by overloading a network with requests until it crashes.
There are five main varieties of DDoS attacks:
- TCP SYN Flood attack: floods the target system with connection requests, then doesn't respond when they're answered, flooding the queue with requests until it crashes.
- Teardrop attack: causes IP packets to overlap until the receiving system crashes while trying to reconstruct them.
- Smurf attack: uses IP spoofing and the ICMP to saturate target networks with traffic until they become overloaded and crash.
- Ping of Death attack: breaks down overlarge IP packets that overflow buffers when the receiving network reassembles them.
- Botnet attack: deploys millions of bots that are infected with malware to launch large-scale DDoS attacks.
|TIP: A solution to these problems? DDoS protection software.|
2. Phishing and spear-phishing
This tried-and-true email scam has seen many evolutions over the years.
The cybercriminal sends an email pretending to be from a trusted source with the purpose of gaining access to personal information or convincing the recipient to act in a way that benefits the sender, often financially.
One of the most notorious of these is the “Nigerian Prince” email scams that resurface in some form every few years, while ransomware is a relatively new player on a scene that has created plenty of havoc in its short lifespan.
Image courtesy of iStock
3. SQL injection
This causes changes in command lines, allowing data to be read or changed in some way. This kind of attack allows the hacker to issue commands to the operating system and even shut the whole system down.
4. Cross-site scripting (XSS)
The website owner may not even know that their script has been hijacked until they notice a lack of commission deposits due to lower to click-through rates; likewise, the user may never know they're been redirected from the normal browsing and shopping experience either.
With this type of attack, it's more than money from ad clicks that can be stolen. XSS attacks can also allow the hijacker to record keystrokes, obtain passwords, collect private information, or gain control of the user's computer.
How to prevent cybercrime
There are a number of tactics a webmaster can deploy to secure a website from these sort of infiltrations. It’s also not a bad idea to put time and effort into educating clients on preventative actions they can take, such as creating more secure passwords and recognizing the signs of fraudulent emails.
General protection against cyberattacks
The best defense against cyberattacks is a good offense.
One of the first steps should be data encryption through Secure Socket Layers (SSL) technology. Google has pushed for net-wide adoption of SSL to the extent that your website will display the message not secure in the URL bar if you don’t have it. The only way to remove that message is to get an SSL certificate.
Image courtesy of pixelprivacy.com
Understanding and using resources like Google's Webmaster tools provides you a single dashboard to work from and early warnings if something is amiss.
|TIP: For a full explanation of SSL protection and how it works, check out this guide.|
Here are some tips for warding off specific kinds of cybercrime:
Fend off DDoS attacks
How you handle this depends on the nature, mode, and scope of attack. For example, users can install security patches or disable SMBv2 and block ports 139 and 445 to protect against a teardrop attack.
Smurf attacks can be handled by disabling IP-directed broadcasts from the router to prevent ICMP echos, or you can simply reconfigure the system to keep it from responding to such broadcasts. Using a firewall that checks the file size of IP packets will keep you from experiencing the Ping of Death, and Black Hole or RFC3704 filters will chase away botnets.
Prevent XSS attacks
There are several measures that can be taken to guard against XSS attacks. Google handles it by removing all affected affiliate advertisers. Educating clients, advertisers, affiliates, and the general public about their existence won't protect systems, but it will make them aware of the problem.
What can a webmaster do on the admin side?
Using the filter_var() function for PHP code with the FILTER_SANITIZE_STRING will remove tags and sanitize input code. Another trick is to write script so that you keep the first line intact when you write to the file and discard it when the file is read.
Store the file with a data.php or other .php extension. When a hacker tries to gain access, it will be interpreted as an executable PHP and the server will exit the file.
You can also use functions to validate data and ensure that it's coming from a reliable source. The most common are:
- is_numeric(): tests to see if data matches 0 to 9 with an optional sign and decimal point.
- preg_match(): checks if the data matches regular expression.
- filter_var(): ensures data conforms to a built-in PHP filter.
- in_array(): checks that data is one of a range of allowed values.
Guard against SQL injection
A good start is to update from older functional interfaces used by PHP and ASP applications. Using J2EE and ASP.NET applications will increase the chances of running into the more vulnerable interfaces that can be exploited by SQL injections. Applying least privilege permission models and validating input against a whitelist at the application level will also protect your system.
Get help from your web host
In the midst of fighting off hackers from the client side, don’t overlook the server side help that should be available from your web host provider. A good one should be a partner against cyberattacks. The industry leaders offer strong security solutions for locking down client websites against exploit attempts as a core feature, and they’re not shy about telling potential customers. Read the fine print before signing up to understand exactly what they offer.
One of the best ways to harden your website against attacks is to avoid free or very cheap hosting, lest you end up one of the 13.5 million username/password combinations either leaked or hacked from 000webhost.com. During a multi-year review of Canadian web hosts, Hosting Canada reported on the leak and subsequent investigation by Forbes. Inquiries to contact 000 and other hacked hosting providers led nowhere.
Free web hosts not only can be expected to not invest in the hardware or software to properly protect customers from cybercriminals, but also have been known to actively collect and sell customer data. They’ve got to make money somehow!
The bottom line?
In 2017 alone, ransomware attacks cost businesses more than 2 billion dollars. On top of that, individuals were duped out of 9 billion dollars through scams involving compromised business emails.
Obviously there’s a problem, and it’s one without a simple solution. Investing in security software, a proactive mindset, and being aware of growing threats is the best defense against cybercrime that costs time, money, and public trust.