Network attacks are launched every hour of every day, and they evolve at an astounding pace. Every year brings new attacks and trends.
Below are the top eight network attacks by type, recorded from April to June 2017, and published in the Sept. 2017 Quarterly Threat Report from McAfee Labs.
The report is based on data collected from millions of sensors managed by McAfee.
8 Types of Network Security Attacks
#1. Browser Attacks – 20%
Browser-based network attacks tied for the second-most common type. They attempt to breach a machine through a web browser, one of the most common ways people use the internet.
Browser attacks often start at legitimate, but vulnerable, websites. Attackers breach the site and infect it with malware.
When new visitors arrive (via web browser), the infected site attempts to force malware onto their systems by exploiting vulnerabilities in their browsers.
The web browsers with the most vulnerabilities discovered in 2016 are, in descending order, according to the Symantec Internet Security Threat Report 2017:
- Microsoft Internet Explorer / Edge
- Google Chrome
- Mozilla Firefox
- Apple Safari
#2. Brute Force Attacks – 20%
Brute force attacks are akin to kicking down the front door of a network. Rather than attempting to trick a user into downloading malware, the attacker tries to discover the password for a system or service through trial and error.
These network attacks can be time consuming, so attackers typically use software to automate the task of typing hundreds of passwords.
Brute force attacks are one reason it’s important to follow password best practices, especially on critical resources such as network routers and servers.
Passwords that are long and complex are exponentially more difficult to crack via brute force than stupid passwords like “123456”, “qwerty”, and “password”. Rest assured: these are among the first keys an attacker will try.
#3. Denial-of-Service (DDoS) Attacks – 15%
Denial-of-service attacks, also known as distributed denial-of-service attacks (DDoS), are third on the list on the list of network security attacks, and they continue to grow stronger every year.
DDoS attacks attempt to overwhelm a resource – such as websites, game servers, or DNS servers – with floods of traffic. Typically the goal is to slow or crash the system.
One in three businesses (33%) experienced a DDoS attack in 2017, according to a Kaspersky Labs survey of 5,200 people from businesses in 29 countries. Half of respondents said DDoS attacks are growing in frequency and complexity.
DDoS can also be used to distract from other network attacks that can be far more damaging.
“In the first half of 2017, over half of those respondents affected by a DDoS attack (53%) claimed that it was used as a smokescreen,” according to Kaspersky’s press release.
#4. Worm Attacks – 13%
Malware typically requires user interaction to start infection. For example, the person may have to download a malicious email attachment, visit an infected website, or plug an infected thumb drive into a machine.
Worm attacks spread on their own. They are self-propagating malware that does not require user interaction. Typically, they exploit system vulnerabilities to spread across local networks and beyond.
WannaCry ransomware, which infected more than 300,000 computers in a few days, used worm techniques to attack networks and machines.
WannaCry targeted a widespread Windows vulnerability to quickly breach a machine. Once a machine was infected, the malware scanned the connected LANs and WANs to find and infect other vulnerable hosts.
#5. Malware Attacks – 10%
Malware is, of course, malicious software – applications that have been created to harm, hijack, or spy on the infect system.
It’s not clear why “worm attacks” were not included in this category – as they are typically associated with malware. Perhaps it was to emphasize the prevalence of work attacks during Q2 2017.
Regardless, malware is widespread and well known. Three common ways it spreads include:
- Phishing emails – Attackers create messages to lure victims into a false sense of security, tricking them into downloading attachments that turn out to be malware.
- Malicious websites – Attackers can set up websites that include exploit kits designed to find vulnerabilities in the system of site visitors and use them to force malware onto their systems. The sites can also be used to disguise malware as legitimate downloads.
- Malvertising – Clever attackers have discovered ways of using advertising networks to distribute their wares. When clicked, the malicious ads can redirect users to a malware-hosting website. Some malvertising attacks do not even require user interaction to infect a system.
#6. Web Attacks – 4%
Public-facing services – such as web applications and databases – are also targeted for network security attacks.
The most common web application attacks in Q2 2017, according to Positive Research:
- Cross-Site Scripting (XSS) – 39.1% – An attacker breaches a vulnerable website or web application and injects malicious code. The code executes a malicious script on users’ browsers when the page is loaded.
- SQL Injection (SQLi) – 24.9% – Rather than submitting standard data into a text-box or other data-entry field, the attacker enters SQL statements to trick the application into revealing or manipulating its data.
- Path Traversal – 6.6% – Attackers craft HTTP requests to circumvent access controls and navigate to other directories and files in the system. For example, rather than being limited to the content of a single website, a path traversal attack can grant an attacker access to the core files of the site’s web server.
#7. Scan Attacks – 4%
Rather than outright network attacks, scans are pre-attack reconnaissance. Attackers use widely available scanning tools to probe public-facing systems to better understand the services, systems, and security in place.
- Port scanner – A simple tool used to determine a system’s open ports. Several types exist, with some intended to prevent detection by the scanned target.
- Vulnerability scanner – Collects information on a target and compares it to known security vulnerabilities. The result is a list of known vulnerabilities on the system and their severity.
#8. Other Attacks – 14%
We can only speculate on the network attack types bundled into “other”. That said, here are some of the usual suspects:
- Physical Attacks – Attempts to destroy or steal network architecture or systems in an old-school, hands-on way. Stolen laptops are a common example.
- Insider Attacks – Not every network attack is performed by an outsider. Angry employees, criminal third-party contractors, and bumbling staff members are just a few potential actors. They can steal and abuse access credentials, misuse customer data, or accidentally leak sensitive information.
- Advanced Persistent Threats – The most advanced network attacks are performed by elite teams of hackers who adapt and tailor techniques to the target environment. Their goal is usually to steal data over an extended period by hiding and “persisting”.