Cybercrime is the worst problem on the internet globally. Malicious people make software programs to steal information and money. So, nobody can say that he is 100% secure from all cyberattack types. Some of them are less dangerous, like spywares who spies users for displaying irregular commercials. Also, there are some more dangerous like stealing money, blackmail or just to offend users. But like in the real world, there are digital systems to prevent stealing, spying and blackmailing, so they make life more secure.

Here are the most common cyberattack types

Malware

Malwares is the group name for all types of harmful software. They spread through internet to computers and servers, what we call it infections. That kind of cyberattack can destroy data, steal data, spy, blackmail or do hardware damage. In average, every day about 350 000 new malware software has been registered. Types of malwares are:

• Worms: Deleting and stealing data;
• Viruses: Damaging data, and taking control of programs and computer;
• Bots: Controlling remotely computer;
• Trojans: Opening door for hackers;
• Ransomware: Blackmail and restricting access to files;
• Adware: Display aggressively pop-ups and ads;
• Spyware: Records online activity and spying;
• Spam and phishing: Send a lot of unwanted messages.

What are the different types of Malware? - Comtact

Malware Statistics & Trends Report | AV-TEST (av-test.org)

Man-in-the-middle attack

When a malicious person inserts himself into conversation between two sides. Then impersonates both sides and gains access to secret information like passwords is MITM Man-in-the-middle attack. Good SSL certificate prevents MITM attacks because usually, first it needs to strip SSL to make attack. Also, hosting and CDN provider must have DNSSEC for prevention.

Denial-of-service attack

DDoS or Distributed denial of service attack is meant by shutting down a machine or network to prevent work or to make it inaccessible to users. That is typically done with flooding the network with much traffic. Then servers and network cannot handle it and break down, or exhausted bandwidth. Good hosting can handle this type of attacks with more bandwidth, spread traffic across multiple servers on different countries, good firewalls, …

SQL injection

It is injecting malicious code via some form (like user login form) to SQL database. That code gives hackers access to make changes on databases, so he can destroy data or steal them. This is made often by programmer’s mistakes in code. Drupal communicated to database in PDO prepared statement to avoid SQL injection. PHP data object (PDO) is a procedure in programming to prevent SQL injection. PHP: Prepared statements and stored procedures - Manual

Zero-day exploit

One of the most dangerous of all cyberattack types. Attacker searching for vulnerability in some software and when finds he deploys malware. It must be done before software user update software and deploy security patch. Then attacker malware is hidden in software for some time, perhaps years, before attacking. The only known prevention is quickly updating software. Drupal's security patches are realized approximately every month. Also, OOP architecture of Drupal minimizes this danger.

DNS Tunneling

Sneaking camouflaged malicious code trough DNS and bypasses firewall and steal data like passwords. It is very difficult to detect it. But, prevention can be made with good hosting provider and CDN who has DNSSEC. eDot.pro to his clients gives excellent hosting and CDN provider, which prevents most of these attacks.

CSRF/XSRF cyberattack

This attack cause victim user to make some action unintentionally. For example, user gets notification to type his email and password on fraud website. Then attacker can access to user’s email. After that, attacker can steal data about credit cards or access restricted web applications.

Hacking

Simply, it is a changing code in some programming language. It can be malicious when somebody wants to do damage to make a cyberattack. Or it can be with good intentions for making software better. The term hacker is always represented as malicious attacker, but hacking some code can be in good faith. With OOP principles, there is no hacking or customizing a code for changing, there is just for cleaning bugs and deprecated code.

Drupal is the most secured Open-source CMS

eDot.pro uses Drupal, which has a security team of 30 members. They organized tracking, investigating, verifying, and publishing possible cyberattack types.