With the Optus cyber attack happening last year, many news outlets, and blogs, including ourselves, have written extensively about how the hack occurred and what Optus needs to do to stop it from happening again. One issue we’ve found with many articles is that they use the term “cyber attack” very broadly. Yes, all cyber attacks can be awful. But there are multiple different types. This article will look at the four most common types of cyber attacks and include examples to give you a better idea of how they work and the damage they can do.
Data Breach: Optus
As the name suggests, a data breach is a breach of data. Data breaches are often possible because companies use exposed APIs instead of a secure one.
An API is a software that allows applications to talk to one another. You probably use it all the time but don’t realize it when you Google something; an API will send your request for “Bakery near me” to the Google server, which will use another API to send back a list of local bakeries.
Usually, databases that contain sensitive information will use a closed API. The problem with Optus was that their API was public facing. Meaning that access was not encrypted, and anyone could get into their customer database with the right skills.
It was a grave mistake on the part of Optus. Even people who have never worked in cyber security will know that using an open API on private information is a big no-no.
Another mistake Optus made was that they used incrementing customer identifiers. A customer identifier is a number assigned to each customer and helps keep them anonymous. Usually, your customer number is entirely random, but with Optus, each new customer was just one number higher than the previous customer. This system made it easier for the hacker to write code that could steal sensitive data.
Denial of Service attack: Telstra and Thailand.
Denial of service is another type of attack that you often hear in the media. In layperson’s terms, a denial of service attack is an attack designed to deny people a service. Every website operates on a server. These are essentially huge and very fancy boxes filled with wires. However, each server can only hold so many devices at a time. So, when many people go onto a website, it becomes slower and sometimes stops working altogether.
That’s why large sites such as Facebook will have their own servers. And smaller websites, such as those for local businesses, use server providers such as HostGator.
During a denial of service attack, one of two things will happen. Either one person will send lots of traffic to a website. Or multiple people will all go onto a website at once. Either way, the traffic becomes too much for the server.
In August 2020, the Telstra servers became overloaded. However, Telstra says this was a DMS server issue, not a malicious attack. However, in 2015, the Thai government website was flooded with traffic in a deliberate denial of service attack. The attack was protesting against laws limiting internet access.
Malware: The Guardian
There are lots of different types of malware. Each is slightly different. A virus will affect specific programs and stop them from working correctly. And a worm will replicate itself, consuming valuable bandwidth. For example, spyware keeps track of what an infected computer’s user does, so they can either steal their bank details or blackmail them. Some hackers even infect computers with ransomware, denying victims access to their personal data and threatening to publish unless the victim pays.
A trojan is the most common way for a computer to get infected. A trojan will hide inside a file or software that the user downloads. In January 2023, the famous newspaper “The Guardian” became a victim of a malware attack. We can only assume one of their staff downloaded something they shouldn’t have. Because of this mistake, hackers got access to personal staff data. What happened to The Guardian was not a targeted attack but a general attack. And the Guardian was just unfortunate enough to become a victim.
Zero-Day Exploit: SugarCRM
When new networks first open, their security is usually relatively weak. Hackers have just a tiny window of time to do a zero-day exploit. But, if they have the capabilities, they can still do a lot of damage. One business that learned this the hard way is the software company SugarCRM. Hackers were able to bypass the authentication system and execute a remote code. In plain English, they got access to the server itself. Thankfully, they sorted the issue before any damage could be done.
Conclusion
Clearly, Optus is not the first company to become a victim of a cyber attack. And there will probably be plenty who fall victim to similar errors in the future. However, even if companies learn from the Optus attack and become more careful with their API, a data breach is one of many kinds of attacks that could happen. What’s the solution? We’re not sure. Perhaps educating people on how to avoid becoming victims or tightening cyber-attack laws.
Whatever the right solution, one thing is clear, hackers are, although often morally dubious, very intelligent. This isn’t a battle that can’t be easily won because just as we think it’s all sorted, attackers will show that they were one step ahead all along.