Whether your first association with “hackers” is the 1995 Angelina Jolie flick or the hacktivist group Anonymous, you know that web security is complicated. Breaches seem to happen all the time. In 2013 alone, Facebook, Adobe, the New York Times, the Washington State Court System, the NSA, and even the Federal Reserve had major security break-downs affecting users around the globe.
Security hacking terminology is tossed about on the daily news, but what does it all really mean? Let us break it down for you. Here are 6 of the most common website hacks.
Common Code-Focused Hacks
SQL Injection Attacks – This poisoned shot of code into a data driven web application is fully preventable. Targeted at websites with existing vulnerabilities, a SQL injection inserts new malicious code into the exiting framework, allowing a database to be fully captured by the attacker. In a 2012 study, security company Imperva observed that the average web application received 4 attack campaigns per month, and retailers received twice as many attacks as other industries.
- Cross Site Scripting (XSS) Attacks – This hack works by adding malicious script into an otherwise benign website – often in a forum, comment section, or other input area – bypassing normal validation measures. When an unsuspecting user clicks on the bad item, the browser does not immediately recognize any threats, and the malicious code is enabled to access sensitive information used within that site, even rewriting the html content. XSS attacks are the most common attack on the web. Research shows that as many as 7 out of every 10 websites are vulnerable to this type of hack.
- Distributed Denial of Service Attack (DDOS) – In a DDOS Attack, a server or website is made unavailable to its users, and in this downtime, the hacker could compromise the site to their advantage. The most common form of a DDOS attack is the sending of vast quantities of URL requests to a webpage in a short amount of time, forcing a bottleneck when the CPU simply runs out of resources. This style of attack seems to be favored by Anonymous.
Common User-Focused Hacks
- Phishing – You know you shouldn’t give out sensitive information over the telephone unless you know exactly with whom you’re speaking, but sometimes, online, people are far more accommodating. Whether in the form of emails asking for sensitive information, shared links requesting this information, or even social engineering attacks, where falsified online chats will pose as customer service personnel, phishing is how the bad guys fish for otherwise secure information. Overly-trusting individuals are their prey.
- Clickjacking – Also known as a UI Redress Attack, clickjacking fools users into filling out sensitive information or clicking buttons on opaque layers on top of an actual website. While users believe they are on one website, they are really filling out information on an invisible top layer created by hackers. Sensitive information like usernames and passwords can be gathered in this way
- Cross Site Request Forgery Attack – Have you ever wondered why sites often ask you to log out of your account when you are finished with your session? Avoiding Cross Site Request Forgery Attacks is one big answer. In these attacks, hackers send forged HTTP requests to users logged in to a targeted site. By collecting cookie information, the hacker can act as you as long as they remain logged in – long after you may have walked away from your computer.
This is by no means a comprehensive list of hacking methodologies. There are easily hundreds of styles of attacks – far more than we can cover in a single blog. Interestingly, research shows that 40% of known hacks are motivated by cyber crime, 50% by hacktivism, 3% by cyber warfare, and 7% by cyber espionage.
There are 556 million cyber crime victims per year, over 1.5 million per day. Being aware of what you’re up against and defending your website against vulnerabilities are the first two steps to having a more secure internet experience.
Images courtesy of chanpipat / FreeDigitalPhotos.net
Comments on this article are closed.