Types of Cyber attack

Why Cyber Security?

 Now-a-days everything is going on web

 Major proportion of systems connected to internet (i.e, large inventory for intruders to
attack)
 That’s why cyber security became major concern in the world of computers over the
past decade
 Types of cyber attacks

 Cyber attack is an illegal attempt to gain something from a computer

system
 These can be classified into

 Web-based attacks
 These are the attacks on a website or web application

 System-based attacks
 Attacks that are intended to compromise a computer or a computer network
 Web-based attacks

 Injection attacks

 In this type of attacks, some data will be injected into a web applications to manipulate
the application and get required information
 Ex: SQL Injection, Code Injection, Log Injection, XML Injection etc.,

 SQL injection (SQLi) is most common type of injection attack

 In SQLi, customized string will be passed to web application further manipulating
query interpreter and gaining access to unauthorized information
 SQLi can be prevented upto some extent by proper validation of data and by enforcing
least privilege principle
 Web-based attacks

 File inclusion attack

 A file inclusion vulnerability allows an attacker to access unauthorized or sensitive files

available on the web server or to execute malicious files on the web server by making
use of the include functionality
 It can be further classified into
 Local file inclusion
 Including local files available on the server
 Remote file inclusion
 Includes and executes malicious code on a remotely hosted file
 Web-based attacks

 Cross-Site Scripting (XSS)

 This can be done by editing javascript in a webpage such that it will be executed in client
browser
 It can be classified into
 Reflected XSS attack
 Stored XSS attack
 DOM-based XSS attack

 DNS Spoofing

 DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is
introduced into a Domain Name System (DNS) resolver's cache, causing the name server
to return an incorrect IP address, diverting traffic to the attacker's computer (or any other
computer).
 Web-based attacks

 Denial of Service (DoS)

 DoS attack is an attempt to make a server or network resource unavailable to users
 This is generally done by flooding the server with communication requests
 DoS uses single system and single internet connection to attack a server
 Distributed Dos (DDoS) uses multiple systems and internet connections to flood a
server with requests, making it harder to counteract
 DoS can be classified into
 Volume based attacks
 goal is to saturate the bandwidth of the attacked site, and is measured in bits per second
 Protocal attacks
 consumes actual server resources, and is measured in packets per second
 Application layer attacks
 goal of these attacks is to crash the web server, and is measured in requests per second
 Web-based attacks

 Brute force

 It is a trial and error method

 Generates large number of guesses and validate them to obtain actual data (passwords
in general)

 Dictionary attack
 Contains a list of commonly used passwords and validate them to get original password

 Buffer overflow

 occurs when a program or process tries to store more data in a buffer (temporary data
storage area) than it was intended to hold
 Web-based attacks

 Session hijacking

 Web applications uses cookies to store state and details of user sessions
 By stealing the cookies, and attacker can have access to all of user data

 URL interpretation

 By changing certain parts of a URL, one can make a web server to deliver web pages for
which he is not authorized to browse

 Social engineering

 It is a non-technical method that relies heavily on human interaction and often

involves tricking people into breaking normal security procedures
 Web-based attacks

 Man-in-the-middle attack
 Attacker intercepts the connection between

client and server and acts as a bridge between

them
 Attacker will be able to read, insert and modify

the data in the intercepted communication

 Phishing

 Phishing is the attempt to acquire sensitive information, often for malicious reasons, by
masquerading as a trustworthy entity in an electronic communication
 Spear phishing
 It is a form of phishing, which targets specific organizations for confidential data

 Whaling
 In whaling, the targets are high-ranking bankers, executives or others in powerful positions or job titles
 System-based attacks

 Virus

 A computer virus is a self-replicating malicious computer program that replicates by

inserting copies of itself into other computer programs when executed
 It can also execute instructions that cause harm to system
 To remove of stay away from Viruses, you must have antivirus or antimalware for
maximum protection.

 Worm

 It works same as a computer virus

 but it can spread into other systems in the network by exploiting the vulnerabilities
automatically
 System-based attacks

 Trojan horse

 It appears to be a normal application, but when opened/executed some malicious code

will run in background
 These are generally spread by some form of social engineering

 Backdoors

 Backdoor is a method of bypassing normal authentication process

 The backdoor is written by the programmer who creates the code for the program
 It is often only known by the programmer
 System-based attacks

 Bots

 Bot is an automated process that interacts with other network services

 Can be classified into
 Spyware
 Used to gather information of user without their knowledge
 Ex: Keyloggers
 Adware
 Mainly used for promotions of products
 Not so harmful
 Methods to assist in cyberattacks

 Spoofing

 In spoofing, one person successfully impersonates as another by falsifying the data

 Ex: IP spoofing, email spoofing etc.,

 Sniffing

 Sniffing a process of capturing and analyzing the traffic in a network

 Port scanning

 It is a method to probe a system for open ports

 Intruder can exploit the vulnerabilities of open ports