990-36产品经理:15 Most Common Cyber Attack Types and How to Prevent Them 15种最常见的网络攻击类型以及如何防范

15 Most Common Cyber Attack Types and How to Prevent Them
15种最常见的网络攻击类型以及如何防范

According to Statista, the average cost of a data breach is around 9.48 million USD, which includes expenses related to discovering and responding to the attack, downtime, lost revenue, and long-term damage to the business’s reputation. It is projected that cybercrime will cost the global economy approximately $10.5 trillion annually by 2025. Of course, a large number of security incidents are caused by insiders – whether through negligence or malice.
据Statista称，数据泄露的平均成本约为948万美元，其中包括与发现和响应攻击、停机、收入损失以及对企业声誉的长期损害相关的费用。预计到2025年，网络犯罪每年将给全球经济造成约10.5万亿美元的损失。当然，大量的安全事故都是由内部人员引发的——无论是疏忽还是恶意。

What is a Cyber Attack? 什么是网络攻击？

A cyberattack refers to any deliberate attempt to gain unauthorized access to a network, computer system, or device with the intention of stealing, altering, exposing, or destroying data, applications, or other assets. These attacks are carried out by threat actors who use various strategies such as malware, social engineering, and password theft. It goes without saying that cyberattacks disrupt business operations; however, in some extreme circumstances, they can also lead to their complete destruction.
网络攻击是指任何蓄意试图未经授权访问网络、计算机系统或设备，意图窃取、更改、暴露或破坏数据、应用程序或其他资产。这些攻击是由使用恶意软件、社会工程和密码盗窃等各种策略的威胁行为体实施的。毋庸置疑，网络攻击会扰乱业务运营；然而，在某些极端情况下，网络攻击也会导致业务运营彻底被毁。

15 Common Types of Cyber Attacks 15种常见的网络攻击类型

While there are many different ways that an attacker can infiltrate an IT system, most cyber-attacks rely on pretty similar techniques. Below are some of the most common types of cyber-attacks:
虽然有许多不同的方式，攻击者可以渗透到IT系统，大多数网络攻击依赖于非常相似的技术。以下是一些最常见的网络攻击类型:

Malware
Phishing
Man-in-the-middle attack (MITM)
Distributed Denial-of-Service (DDoS) attack
SQL injection
Zero-day exploit
DNS Tunnelling
Business Email Compromise (BEC)
Cryptojacking
Drive-by Attack
Cross-site scripting (XSS) attacks
Password Attack
Eavesdropping attacks
Insider Threats
IoT-Based Attacks
恶意软件
网络钓鱼
中间人攻击
分布式拒绝服务攻击
SQL注入
零日漏洞利用
DNS隧道
商业电子邮件安全漏洞（BEC）
密码劫持
飞车袭击
跨站脚本（XSS）攻击
密码攻击
窃听攻击
内部威胁
基于物联网的攻击

1. Malware 1. 恶意软件

Malware is unwanted software installed on a system without permission, which can infect computers through legitimate websites, applications, or file attachments. Different types of malware have varying methods of infection, such as replicating, encrypting files, blocking access to data, displaying ads, or collecting information. Malware can include viruses, worms, trojans, ransomware, spyware, adware, keyloggers, botnets, and more. Emotet, for example, is a notorious banking Trojan that has evolved into a sophisticated and polymorphic malware that primarily spreads through phishing emails. Emotet can steal sensitive data, spread across networks, and deliver other malware.
恶意软件是未经允许安装在系统上的不需要的软件，它可以通过合法的网站、应用程序或文件附件感染计算机。不同类型的恶意软件有不同的感染方法，如复制、加密文件、阻止访问数据、显示广告或收集信息。恶意软件可以包括病毒、蠕虫、木马、勒索软件、间谍软件、广告软件、键盘记录器、僵尸网络等。例如，Emotet是一个臭名昭著的银行木马，它已经演变成一个复杂和多态的恶意软件，主要通过网络钓鱼电子邮件传播。Emotet可以窃取敏感数据，在网络中传播，并提供其他恶意软件。

2. Phishing 2.网络钓鱼

Phishing is a method used to trick victims into sharing sensitive information or installing malicious files. Sometimes It involves targeted spear phishing, which targets individuals or organizations with deceitful emails. In some cases they high-ranking individuals to steal money or sensitive data. SMiShing and Vishing techniques are sometimes used to entice individuals into revealing personal information through fraudulent text messages, phone calls and voice messages to extract private information. The 2015 attack on Ukraine’s power grid, attributed to Russia, involved sending targeted phishing emails to collect login details and information, leaving many without electricity during the winter.
网络钓鱼是一种欺骗受害者分享敏感信息或安装恶意文件的方法。有时，它涉及有针对性的鱼叉钓鱼，它的目标是个人或组织的欺骗电子邮件。在某些情况下，他们高级别的个人窃取金钱或敏感数据。欺骗和访问技术有时被用来诱使个人通过欺诈性短信、电话和语音信息泄露个人信息，以获取私人信息。2015年针对乌克兰电网的攻击被归咎于俄罗斯，其中包括发送有针对性的网络钓鱼电子邮件，以收集登录细节和信息，导致许多人在冬季断电。

3. Man-in-the-middle attack (MITM) 3. 中间人攻击

In a man-in-the-middle attack (MITM), an attacker surreptitiously inserts themselves into a communication between two unsuspecting parties. This enables them to potentially eavesdrop on the conversation, extract sensitive information or credentials, or even manipulate the content of the communication. While MITM attacks were once relatively common, the widespread adoption of end-to-end encryption in modern email and chat systems has made them significantly less prevalent.
在中间人攻击（MITM）中，攻击者偷偷地将自己插入到两个不知情方之间的通信中。这使他们能够潜在地窃听对话，提取敏感信息或凭据，甚至操纵通信的内容。虽然MITM攻击曾经相对常见，但随着现代电子邮件和聊天系统中端到端加密的广泛采用，MITM攻击已显著减少。

4. DoS and DDoS Attacks 4.DoS和DDoS攻击

DoS and DDoS (Distributed Denial of Service) attacks are malicious attempts to disrupt the normal functioning of a system or network by overwhelming it with excessive traffic. A DoS attack is carried out by a single attacker, while a DDoS attack involves multiple attacker-controlled machines, often infected with malware, collectively launching the attack. The primary goal of these attacks is disruption, making the targeted system or service unavailable to legitimate users. In some cases, the attacker may gain financial benefits if hired by a competing business. Successful DoS or DDoS attacks can leave the system vulnerable to further attacks. Notable examples include the massive attack on Amazon Web Services (AWS) in February 2020, which is claimed to be the largest publicly disclosed DDoS attack in history.
DoS和DDoS（分布式拒绝服务）攻击是一种恶意的尝试，通过大量的流量来破坏系统或网络的正常运行。DoS攻击是由单个攻击者进行的，而DDoS攻击涉及攻击者控制的多台机器，这些机器通常感染了恶意软件，共同发起攻击。这些攻击的主要目标是破坏，使合法用户无法使用目标系统或服务。在某些情况下，攻击者如果受雇于竞争企业，可能会获得经济利益。成功的DoS或DDoS攻击会使系统容易受到进一步的攻击。值得注意的例子包括2020年2月对亚马逊网络服务（AWS）的大规模攻击，据称这是历史上最大的公开披露的DDoS攻击。

5. SQL Injection 5. SQL注入

5. SQL Injection
   In the context of SQL databases, SQL injection is a vulnerability that allows an attacker to execute SQL statements through an HTML form on a webpage. If the database permissions are not properly configured, the attacker can manipulate the HTML form to perform unauthorized database actions, such as creating, reading, modifying, or deleting data.
   5.SQL注入
   在SQL数据库上下文中，SQL注入是一个漏洞，攻击者可以通过网页上的HTML表单执行SQL语句。如果数据库权限没有正确配置，攻击者可以操纵HTML表单来执行未经授权的数据库操作，例如创建、读取、修改或删除数据。

6. Zero-day Exploit 6. 零日漏洞利用

A zero-day exploit is a cyberattack where malicious actors exploit a recently discovered vulnerability in widely-used software applications or operating systems before a security patch is released. This allows attackers to target organizations using that software by taking advantage of the vulnerability while it remains unaddressed.
零日攻击是一种网络攻击，在安全补丁发布之前，恶意行为者利用最近发现的广泛使用的软件应用程序或操作系统中的漏洞。这使得攻击者可以在漏洞未得到解决的情况下利用漏洞来攻击使用该软件的组织。

7. DNS Tunnelling 7. DNS隧道

DNS tunneling is a stealthy attack strategy that allows attackers to access targeted systems consistently. Many organizations fail to monitor DNS traffic for suspicious activities, creating opportunities for attackers to include or “tunnel” malicious software into DNS queries. This software establishes a persistent communication channel that is difficult for most firewalls to identify.
DNS隧道是一种隐蔽的攻击策略，它允许攻击者一致地访问目标系统。许多组织未能监控DNS流量中的可疑活动，这为攻击者将恶意软件包括或“隧道”到DNS查询中创造了机会。该软件建立了一个持久的通信通道，这对于大多数防火墙来说是很难识别的。

8. Business Email Compromise (BEC) 8. 商业电子邮件安全漏洞（BEC）

BEC attacks are a type of cybercrime where the attacker targets specific individuals, typically employees with financial authorization, to deceive them into transferring funds into the attacker’s control. BEC attacks require meticulous planning and research, such as gathering information about the organization’s executives, employees, customers, business partners, and potential partners, to effectively convince the victim to release funds. BEC attacks inflict substantial financial losses, rendering them among the most damaging forms of cyber-attacks.
BEC攻击是一种网络犯罪，攻击者以特定的个人为目标，通常是拥有财务授权的员工，欺骗他们将资金转移到攻击者的控制之下。BEC攻击需要细致的计划和研究，例如收集组织的高管、员工、客户、业务合作伙伴和潜在合作伙伴的信息，以有效地说服受害者释放资金。BEC攻击造成巨大的经济损失，使其成为最具破坏性的网络攻击形式之一。

9. Cryptojacking 9. 密码劫持

Cryptojacking involves cybercriminals secretly using a victim’s computer resources, without their knowledge, to mine cryptocurrencies. Organizations often lack visibility into this type of attack, making it challenging to detect and respond. While cryptojacking may not directly result in data theft, it can still lead to significant resource drain and increased energy costs for the affected organization. It’s important for organizations to take appropriate measures to protect their networks and systems from cryptojacking attempts.
Cryptojacking涉及网络犯罪分子在受害者不知情的情况下秘密使用受害者的计算机资源来挖掘加密货币。组织通常缺乏对此类攻击的可见性，这使得检测和响应具有挑战性。虽然cryptojacking可能不会直接导致数据被盗，但它仍然会导致受影响组织的大量资源流失和能源成本增加。对于组织而言，采取适当的措施来保护其网络和系统免受加密劫持尝试非常重要。

10. Drive-by Attack 10. 飞车袭击

In a “drive-by-download” attack, an unsuspecting victim stumbles upon a website that surreptitiously infects their device with malicious software. This website can be under the direct control of the attacker or may have been compromised. In some instances, the malware is cunningly embedded within content like banners and advertisements. The prevalence of exploit kits has lowered the barrier to entry for aspiring hackers, enabling them to effortlessly create malicious websites or disseminate harmful content through various channels.
在一次“驱动下载”攻击中，一名毫无戒心的受害者无意中发现了一个网站，该网站暗中用恶意软件感染了他们的设备。此网站可能在攻击者的直接控制之下，或者可能已经被破坏。在某些情况下，恶意软件会狡猾地嵌入横幅和广告等内容中。漏洞利用工具包的流行降低了有抱负的黑客的进入门槛，使他们能够毫不费力地创建恶意网站或通过各种渠道传播有害内容。

11. Cross-site Scripting (XSS) Aattacks 11. 跨站点脚本（XSS）攻击

Cross-site scripting attacks, akin to SQL injection attacks, focus on infecting site visitors rather than extracting database data. An illustration of this is the comments section of a webpage. If user input is not filtered before publishing a comment, an attacker can insert a hidden malicious script. When a user visits the page, the script executes, potentially infecting their device, stealing cookies, or extracting credentials. The attack may also redirect the user to a malicious website.
跨站点脚本攻击类似于SQL注入攻击，其重点是感染站点访问者，而不是提取数据库数据。说明这一点的是一个网页的评论部分。如果在发布评论之前没有过滤用户输入，攻击者可以插入隐藏的恶意脚本。当用户访问页面时，脚本将执行，从而可能感染他们的设备、窃取cookie或提取凭据。攻击还可能将用户重定向到恶意网站。

12. Password Attack 12. 密码攻击

A password attack involves an attacker attempting to predict or discover a user’s password to gain unauthorized access to a device or account. Numerous methods exist for cracking passwords, including Brute-Force, Dictionary, Rainbow Table, Credential Stuffing, Password Spraying, Keylogger, and even Phishing techniques aimed at tricking users into revealing their credentials.
口令攻击涉及攻击者试图预测或发现用户的口令以获得对设备或帐户的未经授权的访问。许多方法存在的破解密码，包括Brute-Force，字典，彩虹表，凭据填充，密码喷洒，键盘记录，甚至网络钓鱼技术，旨在欺骗用户透露他们的凭据。

13. Eavesdropping Attacks 13. 窃听攻击

Eavesdropping attacks, often called “snooping” or “sniffing,” occur when an attacker looks for network communications that lack security to intercept and access the data being sent across the network. To protect against this, companies often ask employees to use a Virtual Private Network (VPN) when accessing the company network from public Wi-Fi hotspots, which are not secure.
窃听攻击，通常称为“窥探”或“嗅探”，发生在攻击者寻找缺乏安全性的网络通信，以拦截和访问正在通过网络发送的数据。为了防止这种情况，公司通常要求员工在从公共Wi-Fi热点访问公司网络时使用虚拟专用网络（VPN），这并不安全。

14. Insider Threats 14. 内部威胁

Insider threats, often consisting of current or previous employees, pose a significant risk to organizations due to their flexible access to the company network, including confidential data and intellectual property. Their understanding of business processes and policies makes it easier for them to carry out malicious activities, such as trading confidential information on the dark web for monetary gain. Of course, not all insider threats are malicious. It’s often the case where users simply send sensitive data to the wrong recipient.
内部威胁，通常由现任或前任员工组成，由于他们对公司网络的灵活访问，包括机密数据和知识产权，对组织构成重大风险。他们对业务流程和政策的理解，让他们更容易进行恶意活动，比如在暗网上交易机密信息以获取金钱利益。当然，并不是所有的内部威胁都是恶意的。通常情况下，用户只是将敏感数据发送给了错误的接收者。

15. IoT-Based Attacks 15. 基于物联网的攻击

IoT-based cyber-attacks exploit vulnerabilities in internet-connected devices, such as smart POS, Lighting, and Security systems, to launch denial-of-service, malware and phishing attacks for the purposes of disrupting critical infrastructure, business operations, and obtaining personal data.
基于物联网的网络攻击利用网络连接设备(如智能POS、照明和安全系统)中的漏洞，发起拒绝服务、恶意软件和网络钓鱼攻击，目的是破坏关键的基础设施、业务运作和获取个人数据。

How to Prevent Cyber Attacks 如何防范网络攻击

Preventing cyber-attacks requires a multi-pronged approach that encompasses a wide range of security solutions. While I won’t discuss the preventative measures for all possible attack vectors, below are some of the most notable ways that businesses can prevent common attack types.
防止网络攻击需要多管齐下的方法，包括广泛的安全解决方案。虽然我不会讨论所有可能的攻击媒介的预防措施，以下是一些最值得注意的方法，企业可以防止常见的攻击类型。

Malware: To prevent malware infections, implement anti-malware and spam protection software, train staff to recognize malicious emails and websites, enforce strong password policies, keep software updated, and control access to systems and data.

Phishing: To prevent phishing attacks, security awareness training is essential to educate employees about suspicious emails and links.

Man-in-the-middle: In the case of MITM attacks, using a VPN is crucial when connecting through public Wi-Fi, being cautious of fake websites, intrusive pop-ups, and invalid certificates.

DoS and DDoS: Preventing DoS and DDoS attacks requires robust network infrastructure with firewalls, traffic filtering, rate limiting, and collaboration with ISPs.

SQL injection/Cross-site scripting: These attacks can be prevented by properly sanitizing inputs and ensuring that special characters entered by users are not rendered on web pages.

Zero-day exploits: Traditional antivirus solutions may not be effective against zero-day exploits, but Next-Generation Antivirus (NGAV) solutions can offer some protection.

DNS tunneling: DNS tunneling can be prevented with specialized tools that block malicious DNS queries and blacklist suspicious destinations.

Business Email Compromise: To prevent BEC attacks, employees should be trained to scrutinize emails for fake domains, urgency, and other suspicious elements.

Cryptojacking: Protecting against cryptojacking involves monitoring network device CPU usage and training employees to spot performance issues or suspicious emails.

Drive-by attacks: To minimize drive-by attacks, remove unnecessary browser plug-ins, install ad-blockers, and disable Java and JavaScript when possible.

Password attacks: Preventing password attacks involves strong password policies, Multi-Factor Authentication (MFA), and penetration testing.

Eavesdropping: Eavesdropping attacks can be mitigated by encrypting sensitive data at rest and in transit, using firewalls, VPNs, and intrusion prevention solutions, and educating employees about phishing attempts.

Insider threats: To address insider threats, implementing strict access controls, regularly monitoring user behavior, conducting thorough background checks, and educating employees about security risks are essential.

IoT attacks: Protecting against IoT attacks requires changing default router settings, using strong and unique passwords, disconnecting devices when not in use, and keeping them updated with the latest patches.

恶意软件：为了防止恶意软件感染，实施反恶意软件和垃圾邮件防护软件，培训员工识别恶意电子邮件和网站，实施强密码策略，保持软件更新，并控制对系统和数据的访问。

网络钓鱼：为了防止网络钓鱼攻击，安全意识培训对于教育员工有关可疑电子邮件和链接的知识至关重要。

中间人：在 MITM 攻击的情况下，通过公共 Wi-Fi 连接时使用 VPN 至关重要，谨防虚假网站、侵入性弹出窗口和无效证书。

DoS 和 DDoS：防止 DoS 和 DDoS 攻击需要强大的网络基础设施，包括防火墙、流量过滤、速率限制以及与 ISP 的协作。

SQL 注入/跨站点脚本：可以通过正确清理输入并确保用户输入的特殊字符不会呈现在网页上来防止这些攻击。

零日攻击：传统的防病毒解决方案可能无法有效抵御零日攻击，但下一代防病毒 (NGAV) 解决方案可以提供一些保护。

DNS 隧道：可以使用阻止恶意 DNS 查询并将可疑目的地列入黑名单的专用工具来阻止 DNS 隧道。

商业电子邮件泄露：为了防止 BEC 攻击，应培训员工检查电子邮件是否存在虚假域名、紧急情况和其他可疑元素。

加密劫持：防范加密劫持涉及监控网络设备 CPU 使用情况并培训员工发现性能问题或可疑电子邮件。

路过式攻击：为了最大限度地减少路过式攻击，请删除不必要的浏览器插件、安装广告拦截器，并尽可能禁用 Java 和 JavaScript。

密码攻击：防止密码攻击涉及强密码策略、多重身份验证 (MFA) 和渗透测试。

窃听：可以通过加密静态和传输中的敏感数据、使用防火墙、VPN 和入侵防御解决方案以及对员工进行有关网络钓鱼尝试的教育来减轻窃听攻击。

内部威胁：为了解决内部威胁，实施严格的访问控制、定期监控用户行为、进行彻底的背景调查以及对员工进行安全风险教育至关重要。

物联网攻击：防范物联网攻击需要更改默认路由器设置、使用强而独特的密码、在不使用时断开设备连接，并使用最新补丁进行更新。