Here are 8 most common types of security attacks. A permanent removal of malware means understanding the type of attack that happened, how it happened and blocking that door permanently. In the security lingo this is called root cause analysis and fixing the vulnerability.
Table of Contents
Cross-site scripting
Cross-site Scripting (XSS) is a malicious technique cybercriminals use to inject malicious scripts into legitimate websites, allowing them to target unsuspecting users. These attacks occur when a website’s vulnerabilities are exploited to insert harmful code that’s executed in the context of a user’s browser.
The impact of an XSS attack ranges from stealing sensitive information, such as login credentials or personal data, to delivering malware and manipulating website content and redirecting your site to some external URL. XSS is the second most prevalent issue in the OWASP Top 10, and is found in around two thirds of all applications.
SQL injection
SQL injection is a formidable cybersecurity threat that targets databases, exploiting vulnerabilities in web applications that interact with databases. In this type of attack, cybercriminals input malicious SQL code through user inputs, tricking the application into executing unintended database commands.
Depending on the command, this could purge the database or send the entire data to an unauthorised party etc. The consequences can be severe, including unauthorized access to sensitive data, data manipulation, and even the potential for remote code execution.
Path disclosure
The path disclosure vulnerability is basically information leak about the physical path to the website on your web-hosting server. This exposes a website’s file and directory structure to malicious actors, potentially granting them insights into your system’s architecture and sensitive files. And a hacker could use this information to aggravate the attack.
These vulnerabilities often occur when error messages or debugging information reveal full or partial paths, inadvertently aiding attackers in planning their exploits.
Denial-of-Service attack
Also called DoS attack in short; Denial-of-Service (DoS) attacks are orchestrated attempts to overwhelm a target server, network, or application with an excessive volume of traffic. By saturating the resources, attackers render the system inaccessible to legitimate users, causing disruption and financial loss. Distributed Denial-of-Service (DDoS) attacks amplify this threat by utilizing multiple compromised devices.
In simple words, a DoS attacks tries to create fake traffic to overload your website, so much so that it becomes unavailable due to system hog. An extension to DoS is the DDoS attack which stands for Distributed Denial of Service and it originates from multiple IP addresses.
Arbitrary code execution
Remember the eval
function? This function evaluates and executes a given piece of code during run-time. This means if you pass it any arbitrary code during run-time, it will execute it. And if somehow the code is malicious, it can be used for nefarious purposes.
Arbitrary code execution (ACE) is caused by software or hardware errors. This kind of malware attack poses a grave danger to software applications, as it enables attackers to run unauthorized code on a system. This attack exploits vulnerabilities in an application’s input validation or code execution processes, granting hackers control over critical functions.
Cross-site request forgery
Cross-Site Request Forgery (CSRF) attacks manipulate the trust a website has in a user’s browser to execute unauthorized actions on their behalf. By tricking users into unknowingly performing actions they didn’t intend, attackers can compromise accounts, modify settings, or carry out transactions without permission.
A classic example of this kind of attack is unauthorized funds transfer. Imagine you are logged into your online banking account. You then click on a link in an email that takes you to a seemingly harmless website. This website, however, includes a hidden form that instructs your browser to send a funds transfer request to your bank. If your browser complies, the attacker could initiate a transfer of funds from your account to theirs, all without your knowledge.
Remember eCommerce sites asking you not to click on links sent via emails? An attacker can send you a clickable link which executes an action like transfer of money or any other malicious action from your own account.
Data breach (information disclosure)
A data breach, often referred to as information disclosure, occurs when unauthorized parties gain access to sensitive or confidential information. In very simple terms data breach is the leak of data that was intended to be confidential to begin with.
Data breach or leak can occur due to several reasons. For eg. a misconfigured PHP install could output bare credentials if it fails to process the PHP script and instead outputs it as text.
File inclusion
File inclusion vulnerabilities occur when attackers manipulate input to include external files within a web application’s code. This can lead to unauthorized access to critical files, exposing sensitive data or allowing the execution of malicious code. File inclusion can be arbitrary, local or remote. If a rogue file is allowed to be included in the application, it can execute malicious code.
Malware attacks are not just limited to the above. PHP backdoor, adware (like adsterra malware), spyware, cryptojacking, ransomware are a few more names in the list. However they all eventually result in malicious code being executed for nefarious purposes. All this can be avoided by securing your site, server-hardening and proactively monitoring the web-application.