Man in the middle attack
Malicious software is short for malicious software. It can refer to any kind of software, no matter how it is structured or how it operates. In Microsoft’s words, “its purpose is to damage a computer, server, or computer network.”
Worms, viruses, and Trojan horses are all kinds of malicious software, and their spreading principles are different. But the ultimate goal of these attacks is to make the computer or network inoperable and to grant root access to the attacker so that they can remotely control the system
This is a scam, where cyber criminals trick the target into taking harmful actions through email. For example, recipients are tricked into downloading malware that pretends to be important files, or they are asked to click on a link to enter a fake website, where they will be asked to provide sensitive information such as bank usernames and passwords.
Many phishing emails are relatively crude and are sent to thousands of potential victims via email, but some are specifically designed for valuable target individuals with the purpose of allowing them to hand over useful information.
Ransomware is a type of malicious software that encrypts the victim’s files. The attacker then asks the victim to pay a ransom to restore access to the data. The user will see instructions on how to pay for the decryption key. The fees range from a few hundred dollars to several thousand dollars and are usually paid to cybercriminals in cryptocurrency.
4. Denial of service
This is a brute force method aimed at preventing online services from working properly. It is a common despicable method for competitors and peer competition. For example, an attacker may send a large amount of traffic to a website or a large amount of requests to a database, thereby making these systems unable to work properly and making them unable to be used by anyone.
Distributed Denial of Service (DDoS) attacks use a large number of computers. These computers are usually attacked by malicious software and, under the control of cyber criminals, direct a large amount of network traffic to the attacked target.
5. Man-in-the-middle attack
An attack that attempts to intervene in secret between users and the web services they visit. A computer controlled by the intruder is placed virtually between two communicating computers in the network connection through various technical means.
For example, the attacker may set up a Wi-Fi network and design a login screen that simulates the hotel network; once the user logs in, the attacker can obtain any information sent by the user, including the bank password
6. Encryption hijacking
7. SQL injection
Add additional SQL statements to the end of the pre-defined query statements in the web application to implement illegal operations without the administrator’s knowledge, deceive the database server to perform unauthorized arbitrary queries, and obtain the corresponding data information.
For example, in a SQL injection attack, hackers will write some SQL commands in a web form that requires the name and address information; if the web site and database are not programmed correctly, the database may be queried, and the hacker may defraud the data.
8. Zero-day vulnerabilities
It means that the unfixed vulnerabilities in the software are immediately exposed, exploited, and then attacked. A security vulnerability that was maliciously exploited immediately after being discovered. In layman’s terms, related malicious programs appear within the same day that the security patch and flaw are exposed. Such attacks are often very sudden and destructive.