Common Cyber Attacks: A Detailed Guide

What it is

Phishing is a cyber attack where attackers disguise themselves as trusted organizations to steal sensitive information like passwords or OTPs.

How it works

• Attackers send emails or messages pretending to be legitimate.
• Messages create urgency or fear.
• Victims are redirected to fake websites to steal data.

Examples

• Nepal: Fake OTP requests from local banks.
• International: Large-scale campaigns mimicking PayPal or Google.

How to prevent it

• Never click unknown links or attachments.
• Verify sender addresses carefully.
• Enable multi-factor authentication.

What it is

Malware is malicious software designed to harm systems, steal data, or gain unauthorized access.

How it works

• Enters devices via downloads, email attachments, or infected drives.
• Runs silently to steal data, encrypt files, or allow remote control.

Examples

• Nepal: Ransomware targeting offices or small businesses.
• International: WannaCry ransomware in 2017 disrupted hospitals globally.

How to prevent it

• Use antivirus software.
• Keep systems and apps updated.
• Back up important data regularly.

What it is

DoS and DDoS attacks overwhelm servers, making websites or services unavailable.

How it works

• Attackers send massive traffic to a server.
• DDoS attacks use multiple devices (botnets) for larger impact.

Examples

• Nepal: Local website outages due to abnormal traffic spikes.
• International: 2016 Dyn DNS attack disrupted major platforms like Twitter and Netflix.

How to prevent it

• Use DDoS protection services and CDNs.
• Monitor traffic for unusual patterns.
• Apply rate limiting and firewall rules.

What it is

MitM attacks occur when attackers secretly intercept communications between two parties to steal or manipulate information.

How it works

• Attackers exploit unsecured public Wi-Fi networks.
• They intercept credentials, messages, or financial data.

Examples

• Nepal: Credential theft on public Wi-Fi.
• International: Banking credential interception on public networks.

How to prevent it

• Use VPNs on public Wi-Fi.
• Ensure HTTPS connections.
• Avoid sensitive transactions on open networks.

What it is

SQL Injection is a web-based attack where malicious SQL commands are inserted into websites to access or manipulate databases.

How it works

• Attackers input SQL commands into forms or URLs.
• Applications with poor input validation execute these commands.
• Attackers gain unauthorized access to sensitive data.

Examples

• Nepal: Data exposure on weak government portals.
• International: 2019 Capital One data breach.

How to prevent it

• Use parameterized queries or prepared statements.
• Validate and sanitize all user input.
• Conduct regular security audits.

What it is

Attempts to gain unauthorized access using weak or stolen passwords.

How it works

• Attackers use brute force, credential stuffing, or password spraying.
• Automated tools try multiple combinations.
• Successful attacks allow account access.

How to prevent it

• Use strong, unique passwords.
• Enable multi-factor authentication.
• Use password managers.

What it is

Manipulation of people into revealing confidential information or performing unsafe actions.

How it works

• Attackers impersonate trusted individuals.
• Create urgency or fear to trick victims.

How to prevent it

• Verify identities before sharing info.
• Be cautious of urgent requests.
• Educate yourself and others about tactics.

What it is

Zero-day exploits target software vulnerabilities unknown to developers with no available fix.

How it works

• Attackers find flaws before patches exist.
• Exploit vulnerabilities to install malware or steal data.

How to prevent it

• Install software updates promptly.
• Use intrusion detection and antivirus systems.

What it is

Threats from employees, contractors, or insiders, either intentional or accidental.

How to prevent it

• Implement least-privilege access policies.
• Monitor activity logs and unusual behavior.
• Provide cybersecurity awareness training to staff.