Information Security

Lecture: 7-8

Dr. Tehsin Kanwal

Assistant Professor
What Are Common Types of Attacks?

Depending on the attacker’s goal and objective, many different types of

attacks can suit their needs and abilities. These attacks can be summarized
in three categories:

 Attacks on availability—These attacks impact access or uptime to a

critical system, application, or data.
 Attacks on people—These attacks involve using coercion or deception to
get another human to divulge information or to perform an action (e.g.,
clicking on a suspicious URL link or opening an email attachment from an
unknown email address).
 Attacks on IT assets—These attacks include penetration testing,
unauthorized access, privileged escalation, stolen passwords, deletion of
data, or performing a data breach
What Is Malicious Software?
 Some software infiltrates (gain access to), one or more
target computers and follows an attacker’s instructions.
 These instructions can include causing damage, escalating
security privileges, divulging private data, or even
modifying or deleting data.
 This type of software is malicious software, or malware
for short.
Types of Malware
 Infecting programs actively attempt to copy themselves to
other computers. Their main purpose is to carry out an
attacker’s instructions on new targets. Malware of this type
includes the following:
 Viruses

 Worms

 Hiding programs hide in the computer, carrying out the

attacker’s instructions while avoiding detection. Malware that
tends to hide includes the following:
 Trojan horses
 Rootkits
 Spyware
Viruses

 A computer virus is a software program that attaches itself to or

copies itself into another program on a computer.
 The purpose of the virus is to trick the computer into following
instructions not intended by the original program developer.
 Users copy infected files from another computer on a network,
from a flash drive, or from an online service.
 Alternatively, users can transport viruses from home and work on
their portable computers, which have access to the Internet and
other network services.
Worms
 A worm is a self-contained program that replicates and sends copies of itself to other
computers, generally across a network, without any user input or action.
 The worm’s purpose may be simply to reduce network availability by using up
bandwidth, or it may take other nefarious actions.
 The main difference between a virus and a worm is that a worm does not need a
host program to infect. The worm is a standalone program.
Trojan Horses
A Trojan horse, is malware that masquerades as a
useful program.
 Trojan horse programs look like it perform useful tasks,
but actually, they hide malicious code. Once the
program is running, the attack instructions execute
with the user’s permissions and authority.
 The first known computer Trojan was Animal, released
in 1974. Animal disguised itself as a simple quiz game
in which the user would think of an animal and the
program would ask questions to attempt to guess the
animal.
 In addition to asking questions, however, the program
copied itself into every directory to which the user had
write access.
 Rootkits

 A rootkit modifies or replaces one or more existing programs to

hide traces of attacks.
 Rootkits commonly modify parts of the operating system to conceal
traces of their presence.

 Rootkits can exist at any level

 Computer’s boot instructions
 the applications that run in the operating system

 Once installed, rootkits provide attackers with easy access to

compromised computers to launch additional attacks.
Spyware

 Spyware is a type of malware that specifically threatens the

confidentiality of information. It gathers information about a user
through an Internet connection, without his or her knowledge.
 Spyware can also spread via peer-to-peer file swapping.
 Once installed, spyware monitors user activity on the Internet.
Spyware can also gather information such as email addresses and
even passwords and credit card numbers. The spyware can relay
these data to the author of the spyware.
 The author might use the data simply for advertising or marketing
purposes but could employ it to facilitate identity theft.
Adware
 Adware is similar to spyware but does not transmit personally
identifiable information (PII).
 PII is any information that can help identify a specific person. Examples
of PII include driver’s license numbers, Social Security numbers, credit
card numbers, and so on.
 For example, adware can help deliver popups tailored to purchasing
habits or can be used for market research purposes. A popup is a type of
window that appears on top of the browser window. Popups generally
contain ads. Although popups are not strictly adware, many adware
programs use them to interact with users. Some software products
include an option for blocking popups.
 Spyware and adware have rapidly become increasingly common threats
to computers, with some experts estimating that more than 90 percent
of computers are already infected.
 Fortunately, a number of software suppliers make antispyware and anti-
adware software. In fact, many antivirus and general anti-malware
software programs also detect and remove spyware and adware.
Social Engineering Attacks

 Social engineering is the art of one human attempting to

deceive another human into doing something or divulging
(exposing) information.
 Criminals use social engineering tactics to get humans to
divulge information about themselves or someone else.
 This is key in order to obtain private data to perfect identity
theft.
 Hackers also attempt to social engineer targeted employees
into divulging (exposing) information about IT systems or
applications so that the hackers can gain access.
Summary of social engineering attacks

 Impersonation—Pretending to be someone else (e.g.,

an IT help desk support person, a
delivery person, a bank representative).
 Intimidation—Using force to extort or pressure an
individual into doing something or
divulging information.
Scarcity—Pressuring another individual into doing
something or divulging information
for fear of not having something or losing access to
something.
Summary of social engineering attacks

 Authority—Using a position of authority to coerce or persuade an individual to

divulge information.
 Consensus/social proof—Using a position that “everyone else has been doing it” as
proof
that it is okay or acceptable to do.
 Dumpster diving—Finding unshredded pieces of paper that may contain sensitive
data
or private data for identity theft.
 Familiarity/liking—Interacting with the victim in a frequent way that creates a
comfort
and familiarity and liking for an individual (e.g., a delivery person may become
familiar
to office workers over time) that might encourage the victim to want to help the
familiar
person.
 Hoaxes—Creating a con or a false perception in order to get an individual to do
something or divulge information.
Wireless Network Attacks

Wireless Network Attacks Wireless network attacks

involve performing intrusive monitoring, packet
capturing, and penetration tests on a wireless
network.
 Given the rapid deployment of wireless network
connectivity in both public and private places, the
mobile user is under constant threat.
Wireless networks may be compromised as a network
access point into your IT infrastructure
Wireless Network Attacks
Web Application Attacks

 Web application attacks involve performing intrusive

penetration tests on public-facing web servers,
applications, and back-end databases.
 Given the rapid deployment of e-commerce and customer
or member portals and websites, access to private data,
sensitive data, intellectual property is abundant.
 Many different tactics are used by hackers and
perpetrators when attempting to penetrate and attack
web applications.
Web Application
Attacks
Web Application Attacks
 Attack prevention tools and techniques
What are Countermeasure
There are no simple measures to protect your organization from
computer attacks. You must focus on countermeasures that detect
vulnerabilities, prevent attacks, and respond to the effects of successful
attacks.

 The best strategy is to identify vulnerabilities and reduce them to

avoid attacks in the first place.
 Avoiding and responding to attacks should be the highest priority. You
can respond to attacks by developing plans to rapidly restore
computer and network resources if they are attacked, closing holes in
your organization’s defenses, and obtaining evidence for prosecution
of offenders.
 you should use the lessons learned from an attack to protect the
network from similar attacks.
 Attack prevention tools and techniques
Countering Malware
 Malware provides a platform for attacks on both personal and business networks.
Antimalware measures are the first line of defense against these attacks. You must take
steps to prevent the introduction of malware into your environment.
 It’s always better to prevent malware than to have to fix damage caused by malware.
You must develop a security program for preventing malware. Following are six general
steps for preventing malware:
 Create an education (information security awareness) program to keep your users
from installing malware on your system.
 Post regular bulletins about malware problems.
 Never transfer files from an unknown or untrusted source unless the computer has
an anti-malware utility installed. (You’ll learn more about anti-malware utilities in
a moment.)
 Test new programs or open suspect files on a quarantine computer—one that is not
connected to any part of your network—before introducing them to the production
environment
Attack prevention tools and techniques:
Countering Malware
 Install anti-malware software, make sure the software and data are current,
and schedule regular malware scans to prevent malicious users from
introducing malware and to detect any existing malware.
 Use a secure logon and authentication process

Many anti-malware products are available to prevent the spread of all types of
malware as well remove malware from infected computers. These include the
following:
 BitDefender—www.bitdefender.com.
 Kaspersky Anti-Virus—www.kaspersky.com.
 Webroot Antivirus—www.webroot.com.
 Norton AntiVirus—www.symantec.com/norton/antivirus.
 ESET Nod32 Antivirus—www.eset.com.
 AVG Antivirus—www.avg.com.
 G DATA Antivirus—www.gdatasoftware.com.
 Avira Antivirus—www.avira.com.
 McAfee Endpoint Protection—www.mcafee.com.
 Trend Micro—www.trendmicro.com.
 Microsoft Security Essentials—www.microsoft.com/ security_essentials
Attack prevention tools and techniques:
Protecting Your System with Firewalls
 A firewall is a program or dedicated hardware device that inspects network traffic
passing through it and denies or permits that traffic based on a set of rules you
determine at configuration.
 A firewall’s basic task is to regulate the flow of traffic between computer networks
of different trust levels—for example, between the LAN-to-WAN domain and the
WAN domain, where the private network meets the public Internet.
 There are numerous firewall solutions available. Prominent firewall vendors include
the following:
 Palo Alto Networks—www.paloaltonetworks.com.
 Cisco Systems—www.cisco.com.
 SonicWALL—www.sonicwall.com.
 WatchGuard Technologies—www.watchguard.com.
 Check Point—www.checkpoint.com.
SUMMARY
 Risks, threats, and vulnerabilities in the seven domains of an IT infrastructure and its
assets are an everyday menace.
 It is essential that organizations and individual users identify their own risks, threats,
and vulnerabilities and implement a plan to mitigate them.
 There are many types of threats. These include confidentiality threats, integrity
threats, and availability threats. In addition, there is the threat of a malicious attack.
 Malicious attacks can originate from Active threats that include
 Brute-force,

 Masquerading,

 IP address spoofing,

 Session hijacking,

 Replay, man-in-the-middle,

 Dictionary password attacks.

 Passive threats can include eavesdropping and monitoring. Viruses are the most
common and frequent type of attack.
 Anti-malware software is the most effective method of countering a virus attack. The
easiest target are users unaware of the security threats
References
 David Kim, Michael G. Solomon Fundamentals of Information Systems Security, 4th Edition,
Jones & Bartlett Learning, ISBN: 9781284116465
(https://books.google.com.pk/books?id=DiVGEAAAQBAJ&printsec=copyright&redir_esc=y#v=on
epa ge&q&f=false)