Cyberattacks And Data Breach: How Hackers Exploit Weaknesses & How You Can Stay Safe?
The Austin Capital Data Digital Self-Defense Series 
By Kirti Kamerkar
Every 39 seconds, a cyberattack occurs somewhere in the world. In May 2024, Ascension Health was the victim of a ransomware attack that affected its electronic health records and disrupted clinical operations. The attack was detected on May 8, 2024. This is just one of thousands of cyberattacks that happen every day.
What if one day you wake up and all your bank accounts are empty? Or your private information is being sold on the dark web? This is the terrifying reality of cyberattacks.
If you want to be more prepared for cyberattacks, you should be aware of the terms “Data Breach” and “Digital Citizenship”. A Data Breach is nothing more than data leakage. It occurs when unauthorized individuals gain access to sensitive, confidential, or protected data. This can involve personal information, financial records, passwords, or business data being exposed, stolen, or misused. The terms “data breach” and “breach” are often used interchangeably with “cyberattack.” However, not all cyberattacks are data breaches. For that, we must dig into the root of cyberattacks. In order to understand the root cause of Cyberattacks, we need to know the root cause of data breaches.
https://www.fortinet.com/content/dam/fortinet/images/cyberglossary/data-breach.jpg
How does a data breach happen?
Hacking & Cyberattack
Weak Passwords
Phishing Scams
Malware & Ransomware
Insider Threats
Lost or Stolen Devices
What is Hacking & Cyberattack?
Hacking refers to the process of gaining access to a computer system, network, machinery or data and using the system in a way that the original design did not intend or anticipate. Some examples would be entering a company computer network through building control networks or an owner modifying thier Tesla to prevent the reporting of private information from thier car. Access can be authorized or unauthorized, and hacking can be used for both ethical (legal) and malicious (illegal) purposes
Hacker types and intent
Generally, hackers are categorized according to their core ethics and aims.
White Hat Hackers (Ethical Hackers): White Hat Hackers are Authorized professionals who find security flaws and help organizations fix them
Black Hat Hackers (Criminal Hackers): Black Hat Hackers are Hackers who break into systems to steal, destroy, or manipulate data for personal gain.
Gray Hat Hackers: Gray Hat Hackers are Hackers who find vulnerabilities without permission but may or may not use them maliciously.
A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content. Phishing, ransomware, DDoS attacks, malware infections, etc, are examples of cyberattacks. It is always malicious and harmful.
Common Types of Cyberattacks (How Hackers Strike)
Phishing Attacks 🎣
Ransomware Attacks 💰
DDoS (Distributed Denial of Service) Attacks 🌐
SQL Injection (SQLi) Attacks 💻📊
Man-in-the-Middle (MitM) Attacks 👤🔀👤
Credential Stuffing Attacks 🔑🔓
Zero-Day Exploits 🕵️♂️💣
Social Engineering Attacks 🎭📞
AI-Powered Attacks(Deepfake & Voice Spoofing) 🎭
1. Phishing Attacks 🎣
“Phishing” refers to an attempt to steal sensitive information, typically in the form of usernames, passwords, credit card numbers, bank account information, or other important data, in order to utilize or sell the stolen information.
In a Phishing Attack, the attacker sends an email to the victim. Once the Victim clicks on the email and goes to the phishing website. The attacker collects the victim’s credentials and uses those credentials to access a website. For example, an email pretending to be from your bank asking you to log in via a fake link.
https://www.cloudflare.com/img/learning/security/threats/phishing-attack/diagram-phishing-attack.png
Types of Phishing Attacks
Email Phishing📧: Attackers send fake emails pretending to be from banks, government agencies, or companies.
Spear Phishing🎯: A targeted phishing attack aimed at specific individuals or organizations.
Whaling 🐋 (CEO Fraud): A type of spear phishing targeting high-profile individuals like CEOs, executives, or government officials.
Smishing 📱 (SMS Phishing): Attackers send fraudulent text messages with malicious links or fake customer service requests.
Vishing ☎️ (Voice Phishing): Attackers call victims pretending to be from banks, tech support, or government agencies (IRS, FBI, etc.).
Angler Phishing 🎣 (Social Media Phishing): Attackers pose as customer support agents on social media to trick users into sharing login credentials
Clone Phishing 🖨️: Hackers copy (clone) a legitimate email and resend it with malicious links or attachments.
Evil Twin Phishing 📡 (Wi-Fi Phishing): Hackers set up a fake Wi-Fi hotspot (often in cafes, airports, or hotels)
Business Email Compromise (BEC) 🏢: Hackers impersonate business partners, employees, or vendors to trick organizations into making fraudulent payments.
Pharming 💊 (Website Spoofing): Instead of sending fake emails, attackers redirect victims to fraudulent websites that look real.
Signs of a phishing attempt
The message claims to be urgent
The message urges you to click on an attachment
The message impersonates an authority figure
The message contains misspellings or grammatical errors
The sender’s email address doesn’t match who they claim to be
How to prevent phishing ?
Verify email sender addresses
Avoid clicking on suspicious links
Use multi-factor authentication (MFA) for extra security
2. Ransomware Attacks 💰
A Ransomware attack is a type of malware attack in which the attacker locks and encrypts the victim’s data and important files and then demands payment to unlock and decrypt the data. 20% of all cyberattacks recorded by the IBM® X-Force® Threat Intelligence Index in 2023 involved ransomware. When hackers gain access to a network, it takes less than four days to deploy ransomware. This speed gives organizations little time to detect and thwart potential attacks. After a device is exposed to the malicious code, the ransomware attack proceeds. It first infects your system. The victim unknowingly downloads ransomware, often via phishing emails, malicious links, or fake software updates. It encrypts files, making them inaccessible to the user. A ransom note appears, demanding payment (usually in cryptocurrency) in exchange for a decryption key. Ransomware can remain dormant on a device until the device is at its most vulnerable and only then execute an attack. If paid, there’s no guarantee the attacker will unlock the files. Some victims never get their data back, even after paying.
https://www.proserveit.com/hs-fs/hubfs/undefined-2.jpeg?width=762&height=497&name=undefined-2.jpeg
Types of Ransomware Attacks
Crypto Ransomware: Encrypts files and demands payment for decryption.
Locker Ransomware: Locks the entire system, preventing access until ransom is paid.
Double Extortion Ransomware: Attackers steal data before encrypting it, threatening to leak it if the ransom isn’t paid.
Ransomware-as-a-Service (RaaS): Cybercriminals sell ransomware kits to others, making it easier for anyone to launch attacks.
Signs of Ransomware
Sudden File Encryption
Ransom Note Appears
Unusual System Slowness
Strange Network Traffic
Locked or Restricted Access to System
Corrupted or Missing Backups
How to prevent Ransomware?
Regularly back up data on an external device.
Don’t click on suspicious email links.
Keep software updated to patch vulnerabilities.
3. DDoS (Distributed Denial of Service) Attacks 🌐
A DDoS (Distributed Denial of Service) attack is a cyberattack that overwhelms a website, server, or network with massive amounts of traffic, causing it to slow down or crash completely. Hackers use multiple compromised devices (“zombies” assembled into “botnets”) to flood the target, making it inaccessible to users.
DDoS attacks are carried out with networks of Internet-connected machines. These networks consist of computers and other devices (such as IoT devices) that have been infected with malware, allowing them to be controlled remotely by an attacker. These individual devices are referred to as bots (or zombies), and a group of bots is called a botnet. Once a botnet has been established, the attacker is able to direct an attack by sending remote instructions to each bot. When a victim’s server or network is targeted by the botnet, each bot sends requests to the target’s IP address, potentially causing the server or network to become overwhelmed, resulting in a denial-of-service to normal traffic. As a result, the website, server, or network slows down, crashes, or becomes unusable for legitimate users.
Types of DDoS (Distributed Denial of Service) Attacks
Volumetric Attacks — Overloads bandwidth with massive amounts of traffic (e.g., UDP Flood, ICMP Flood).
Protocol Attacks — Exploits weaknesses in network protocols to consume server resources (e.g., SYN Flood, Ping of Death).
Application Layer Attacks — Targets specific website applications (e.g., HTTP Flood, Slowloris Attack).
Volumetric Attacks — Overload bandwidth with massive amounts of traffic (e.g., UDP Flood, ICMP Flood).
Protocol Attacks — Exploits weaknesses in network protocols to consume server resources (e.g., SYN Flood, Ping of Death).
Application Layer Attacks — Targets specific website applications (e.g., HTTP Flood, Slowloris Attack).
Signs of DDoS (Distributed Denial of Service) Attacks
Slow or Crashed Websites: Pages take too long to load or don’t load at all.
Unusual Traffic Spikes: A sudden surge in visitors from unknown locations or devices.
Inaccessible Network or Server: Employees or customers can’t connect to the system.
Increased CPU or Bandwidth Usage: High server load even without legitimate traffic.
How to Prevent DDoS (Distributed Denial of Service) Attack?
Use a Web Application Firewall (WAF): This blocks malicious traffic before it reaches your server.
Deploy Anti-DDoS Services: Services like Cloudflare, AWS Shield, or Akamai can detect and mitigate attacks.
Monitor Network Traffic: Set up alerts for unusual spikes in activity
Rate Limiting & Load Balancing: Controls incoming traffic to avoid overload.
Use a Content Delivery Network (CDN): This distributes traffic across multiple servers to prevent overloading.
4. SQL Injection (SQLi) Attacks 💻📊
SQL Injection (SQLi) is a cyberattack that exploits vulnerabilities in a website’s database by injecting malicious SQL queries. This attack can allow hackers to steal, modify, or delete sensitive data, bypass authentication, and even take full control of a system. Attackers insert malicious SQL code into input fields (e.g., login forms, search bars). The database interprets the input as part of an SQL command, leading to unauthorized access. Hackers can steal usernames, passwords, and credit card details or even delete entire databases.
Types of SQL Injection Attacks
Classic SQL Injection: Directly inserting SQL commands to retrieve or manipulate database data.
Blind SQL Injection: The attacker doesn’t see database errors but determines vulnerabilities by observing server responses.
Time-Based SQL Injection: Attackers inject queries that delay database responses, revealing vulnerabilities.
Union-Based SQL Injection — Using the
UNIONSQL statement to extract data from other database tables.
Signs Of SQL Injection Attacks
Unexpected Database Errors — SQL syntax errors or warnings in website responses.
Unauthorized Access — Users gaining higher privileges than they should.
Data Leaks — Sensitive data appears in logs or public views.
Website Malfunctions — Pages crash or behave abnormally after inputting special characters (‘ , — , ; , etc.).
How to Prevent SQL Injection Attacks?
Use Prepared Statements: Always use parameterized queries where user input is treated as data, not code. This ensures that malicious input can’t alter the structure of the SQL query.
Use Stored Procedures: Stored procedures separate the data from the SQL logic and ensure that user input is handled properly.
Input Validation
Validate and sanitize all user input. Ensure input conforms to the expected type, length, and format. For example, if an email address is expected, ensure the input is a valid email.Escape User Input
If you must directly include user input in a query, ensure special characters (like single quotes) are properly escaped to prevent them from being interpreted as part of the SQL command.Use Web Application Firewalls (WAF)
A WAF can filter out malicious SQL injections by inspecting HTTP requests and blocking harmful queries.Limit Database Privileges
Limit the permissions granted to database accounts used by the application. For example, the application should not be able to delete or update critical data unless absolutely necessary.Error Handling
Avoid revealing detailed error messages to users. Instead, show generic error messages and log the actual errors securely for troubleshooting.
5. Man-in-the-Middle (MitM) Attacks 👤🔀👤
A Man-in-the-Middle (MitM) attack is a type of cybersecurity threat where an attacker secretly intercepts, alters, or relays communication between two parties without their knowledge. MitM attacks often occur when data is transmitted over insecure channels, like public Wi-Fi, or if encryption is improperly implemented. Here’s a simplified breakdown of how a MITM attack works in three steps:
Interception: The attacker sets up a fake Wi-Fi hotspot in a public space, often without requiring a password. When a victim connects to this hotspot, the attacker can intercept any online data exchanges, such as emails and website logins.
Positioning between victim and destination: The attacker uses techniques like IP spoofing, where they alter IP packets to impersonate the victim’s computer system and redirect the victim to the attacker’s website.
Decryption: Through techniques like HTTPS spoofing, SSL hijacking, and SSL stripping, the hacker decrypts the intercepted data, making the victim’s activity visible to the attacker.
Types of Man In the Middle Attack:
Packet Sniffing
The attacker captures and monitors the data packets transmitted between two parties. This is often done on unsecured networks (like public Wi-Fi), where data is transmitted without encryption.Session Hijacking
In this attack, the attacker intercepts a session between two parties, such as a logged-in user and a web server. They can steal session cookies or tokens to impersonate the user.SSL Stripping
In an SSL stripping attack, the attacker downgrades a secure HTTPS connection to an unencrypted HTTP connection. This allows them to read and manipulate the data exchanged between the user and the server.DNS Spoofing (DNS Cache Poisoning)
The attacker manipulates the DNS (Domain Name System) cache to redirect the victim’s traffic to malicious websites. The attacker may intercept login credentials or inject malicious content into the communication.HTTPS Spoofing
The attacker creates a fake version of a secure website (HTTPS) and tricks the victim into accessing it. This can allow the attacker to steal sensitive information like login credentials, credit card numbers, etc.Email Spoofing
An attacker sends an email that appears to be from a trusted source but is actually from the attacker. This could be used to trick the victim into disclosing sensitive information or downloading malicious attachments.
Signs of Man In the Middle Attack:
Unusual SSL/TLS Certificate Warnings
Unexpected Redirection of Websites
Slow or Unusual Network Performance
Disrupted or Unusual HTTPS Connections
Unexpected Changes in DNS Resolution
Authentication Failures or Account Compromise
Unexplained SSL/TLS Cipher Changes
Mixed Content Warnings
Suspicious URL Changes
How to prevent Man In The Middle Attack
Check SSL Certificates: Always verify the SSL/TLS certificates of websites before entering sensitive data.
Use HTTPS Everywhere: Ensure that the websites you visit use HTTPS and look for the padlock icon in your browser’s address bar.
Avoid Public Wi-Fi for Sensitive Transactions: If you must use public Wi-Fi, use a VPN (Virtual Private Network) to secure your connection.
Enable Two-Factor Authentication: Enable 2FA for your accounts to make it harder for attackers to hijack sessions.
Keep Software Updated: Ensure your operating system, browsers, and security software are up to date to protect against known vulnerabilities.
Real-World Cyberattack Cases 2024:
In 2024, the cybersecurity landscape was marked by several significant cyberattacks across various sectors. Here are some of the most notable incidents:
Change Healthcare: In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group and a major processor of U.S. medical claims, fell victim to a ransomware attack. The attackers, the BlackCat (ALPHV) group, infiltrated the company’s systems. They exfiltrated sensitive data and deployed ransomware that crippled operations.
This breach led to significant disruptions in healthcare services nationwide, as electronic payments and medical claims processing were halted. This forced patients to pay out-of-pocket for medications and services.
This attack is deemed one of the biggest in 2024 because of the impact it had on healthcare delivery and also because of the huge financial impact it had. UnitedHealth Group estimates the cost of response added up to approximately $2.87 billion in 2024. The company also provided over $6 billion in assistance to affected healthcare providers.
But this was not all. The attack made headlines the world over as UnitedHealth CEO Andrew Witty confirmed that the organization paid $22 million in ransom. The attack exposed the massive vulnerabilities in healthcare cybersecurity. It underscored the critical need for robust defences in healthcare as the impact of any cyber crisis in this industry goes far beyond the business bottom line.
CrowdStrike-Microsoft Outage: On July 19, 2024, a faulty update from CrowdStrike’s Falcon Sensor software caused widespread disruptions for Microsoft Windows users globally.
Users worldwide were greeted with the “Blue Screen of Death”. Approximately 8.5 million systems crashed across the world. This outage severely impacted various critical sectors, including aviation, banking, hospitals, and manufacturing. Even TV stations, grocery stores, and petrol pumps were hit. This incident, although not a cyber attack, showed just how far-reaching the impact of vulnerabilities in interconnected digital systems can be.
CrowdStrike’s CEO, George Kurtz, promptly apologised, clarifying that the incident was due to a software bug. Although a fix was quickly deployed, many organisations faced prolonged recovery periods, with some systems requiring manual intervention to restore full functionality. This event once again highlighted the critical need for robust risk management strategies for organizations worldwide.
How to Protect Yourself from Cyber Threats
🔒 Basic Cybersecurity Practices Everyone Should Follow:
✔ Use Strong Passwords — At least 12+ characters with letters, numbers, and symbols.
✔ Enable Multi-Factor Authentication (MFA) — Adds an extra layer of security.
✔ Be Wary of Phishing — Never click on unknown links or download attachments.
✔ Keep Software Updated — Security patches fix vulnerabilities.
✔ Use a VPN on Public Wi-Fi — Prevents hackers from intercepting your data.
Final Thoughts: Staying Vigilant in the Digital Age
Cybercrime isn’t slowing down — it’s evolving. Hackers are getting smarter, but so can you. By understanding common cyberattacks and taking simple precautions, you can protect yourself and your data from falling into the wrong hands.