27 Nov Show
Cyber attacks and threats are constantly evolving, with 350,000 new malware signatures detected every day. While cyber attacks and threats are an ongoing fight, they can be prevented by being aware of the various types of protocols, exploits, tools, and resources used by malicious actors. In addition, knowing where and how to expect attacks ensure you’re creating preventative measures to protect your systems. In this article, I’m going to explain the different types of cyber attacks and threats, how they work, and how you can prevent them from causing damage to your systems, your revenues, or your reputation. Article Navigation
What Is A Cyber Attack?Cyber attacks are performed with malicious intent when a threat actor attempts to exploit a vulnerability or weakness in a system or individuals of an organization. These attacks threaten to steal, alter, destroy, disable or gain access to or make use of an unauthorized asset. Cyber attacks, threats, and vandalism are a dangerous and increasing problem for businesses. Nearly all modern-day companies require a network of computers, servers, printers, switches, access points, and routers to operate. Businesses also deploy software tools to streamline functions, like QuickBooks for handling bookkeeping. Unfortunately, while these devices and applications provide a huge benefit to the company, they also represent a risk. All it takes is one employee to click on a malicious link that then gains access to your network and infects your systems. Download For Free: Comprehensive IT Security Policy For Business How Do You Prevent Cyber Attacks?Preventing a breach of your network and its systems requires protection against a variety of cyber attacks. For each attack, the appropriate countermeasure must be deployed/used to deter it from exploiting a vulnerability or weakness. The first line of defense for any organization is to assess and implement security controls. Some of the most common ways to prevent cyber attacks include:
Keep in mind that the list above is the bare minimum an organization needs to deter most common attacks. For advanced cyber attacks, a team of at least 2-3 information security engineers would be required to manage custom software solutions and advanced testing of an organization’s environment including:
Larger organizations with more mature cyber security programs will also often have dedicated red teams and blue teams that perform exercises to test the effectiveness of their IT security management systems. In short, blue teams monitor and maintain the defenses of a network and its systems, while red teams simulate real attacks in an attempt to break into systems either externally or internally. As a result, companies gain a better understanding of the various types of threats that exist. Finally, the most robust security programs will have a continuous and real-time layer of defense such as a Security Operations Center (SOC), managed detection and response (MDR), or active threat hunting and analysis. What Are The Different Types Of Cyber Attacks?The different types of cyber attacks include:
It’s important to note that no system is 100% vulnerability free or “hacker-proof”. If a threat actor has enough time, resources, and manpower to launch an attack then chances are they will find a way in. This is especially true of advanced persistent threat groups. Cyber attacks come in all shapes and sizes from deploying an application-specific attack against a database server to sending phishing emails with malicious attachments or URLs. While knowing the purpose of a cyber attack can be helpful it isn’t the main priority. What takes priority is knowing how the attack occurred and how to prevent them from succeeding in the future. The next sections will go in-depth on the different types of cyber attacks and threats and includes the steps you can take to prevent them from compromising your systems. Network Security AttacksNetwork attacks are any attempts to exploit a vulnerability or weakness on a network or its systems including servers, firewalls, computers, routers, switches, printers, and more. The goal of a network attack can be to steal, modify, or remove access to valuable data. Or, it could be to bring down a network. Network security attacks have become more common in recent years in part because small and mid-sized businesses are not making investments into securing their systems fast enough. As a result, hackers target businesses because their systems are often easier to compromise. Other reasons include a rise in hacktivism, bring your own device (BYOD) use, and cloud-based applications. Types of network security attacks include:
Denial Of Service (DoS)In a Denial Of Service (DoS) attack a malicious threat actor overloads a server with data preventing valid request coming from real clients on the network. The server uses resources (CPU/RAM) to process each request, and when overloaded, the performance of the system can be slowed down to a crawl. A DoS attack can also be performed on entire networks because the attack is targeted at the central router or firewall. As a result, network bandwidth is compromised, which denies access to all systems on that network, not just the one. You can prevent a denial of service attack by:
Distributed Denial Of Service (DDoS)A Distributed Denial Of Service Attack (DDoS) is an attack on a system that is launched from multiple sources and is intended to make a computer’s resources or services unavailable. DDoS attacks typically include sustained, abnormally high network traffic. The Mirai Botnet that launched a DDoS attack against the internet service provider Dyn causing outages for popular websites including Airbnb, Amazon, CNN, HBO, and Reddit. It did this by connecting and controlling thousands of wireless internet connected devices and used their resources to power the attack against their servers. You can prevent a distributed denial of service attack by:
Buffer OverflowsIn a buffer overflow attack, an application receives more input than it expects. As a result, the error exposes the system memory to a malicious threat. While a buffer overflow itself doesn’t cause damage, it does expose a vulnerability. Threat actors are then able to access memory locations beyond the application’s buffer, which enables them to write malicious code into this area of memory. When the application is executed the malicious code is launched. You can prevent a buffer overflow attack by:
Ping AttacksA ping attack is an attack designed to overwhelm or flood a targeted device with ICMP (Internet Control Message Protocol) pings. In normal situations, a ping is used to check connectivity between a source and a destination devices by way of ICMP echo-requests and echo-reply messages. A Ping Attack on the other hand purposely floods the target device with requests packets. The destination device is forced to respond with an equal number of reply packets and eventually cannot keep up with the volume of requests. This causes the target to become inaccessible to normal traffic and unresponsive to normal ping requests. You can prevent a Ping Attack by:
SYN FloodFor every client and server connection using the TCP protocol, a required three-way handshake is established, which is a set of messages exchanged between the client and server. The handshake process is listed below:
A SYN flood manipulates the handshake which allows the attacker to rapidly initiate a connection to a server without finalizing the connection. The server has to spend resources waiting for half-opened connections, which can consume enough resources to make the system unresponsive to legitimate traffic. The SYN flood is a form of a denial-of-service attack. You can prevent SYN Flood attack by:
DNS AmplificationA Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS), in which attackers use publically accessible open DNS servers to flood a target system with DNS response traffic. The primary technique consists of an attacker sending a DNS name lookup request to an open DNS server with the source address spoofed to be the target’s address. When the DNS server sends the DNS record response, it is sent instead to the target. Attackers will typically submit a request for as much zone information as possible to maximize the amplification effect. In most attacks of this type observed by US-CERT, the spoofed queries sent by the attacker are of the type, “ANY,” which returns all known information about a DNS zone in a single request. Because the size of the response is considerably larger than the request, the attacker is able to increase the amount of traffic directed at the victim. By leveraging a botnet to produce a large number of spoofed DNS queries, an attacker can create an immense amount of traffic with little effort. Additionally, because the responses are legitimate data coming from valid servers, it is extremely difficult to prevent these types of attacks. You can prevent DNS Amplification attacks by:
Back DoorA backdoor is a malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware. Backdoor installation is achieved by taking advantage of vulnerable components in a web application. Once installed, detection is difficult as files tend to be highly obfuscated. Webserver backdoors are used for a number of malicious activities, including:
You can prevent Back Door Attacks by:
Spoofing AttackA spoofing attack occurs when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls. There are several different types of spoofing attacks that malicious parties can use to accomplish this. Some of the most common methods include IP address spoofing attacks, ARP spoofing attacks and DNS server spoofing attacks. You can prevent a Spoofing Attack by:
Smurf AttackA Smurf attack is a form of a DDoS attack that causes packet flood on the victim by exploiting/abusing ICMP protocol. When deployed, large packets are created using a technique called “spoofing”. The phony source address that is now attached to these packets becomes the victim, as their IP is flooded with traffic. The intended result is to slow down the target’s system to the point that it is inoperable and vulnerable. The Smurf DDoS Attack took its name from an exploit tool called Smurf widely used back in 1990s. The small ICMP packet generated by the tool causes big trouble for a victim, hence the name Smurf. Smurf attacks are an old technique but remain relevant due to the popularity of deployment and necessary preemptive prevention tactics. You can prevent a Smurf Attack by:• Blocking directed broadcast traffic coming into the network TCP/IP HijackingTCP Hijacking is a cyber-attack in which an authorized user gains access to a legitimate connection of another client in the network. Having hijacked the TCP/IP session, the attacker can read and modify transmitted data packets, as well as send their own requests to the addressee. The intruder can determine the IP addresses of the two-session participants, make one of them inaccessible using a DoS (Denial of Service) attack, and connect to the other by spoofing the network ID of the former. You can prevent TCP/IP Hijacking by:
Man In The Middle AttacksA Man-in-the-Middle (MitM) attack is when an attacker intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two. Attackers might use MitM attacks to steal login credentials or personal information, spy on the victim, or sabotage communications or corrupt data. MitM attacks consist of sitting between the connection of two parties and either observing or manipulating traffic. This could be through interfering with legitimate networks or creating fake networks that the attacker controls. Compromised traffic is then stripped of any encryption in order to steal, change or reroute that traffic to the attacker’s destination of choice. You can prevent a MITM Attack by:
Replay AttacksA replay attack occurs when a cybercriminal eavesdrops on a secure network communication, intercepts it, and then fraudulently delays or resends it to misdirect the receiver into doing what the hacker wants. The attacker unwittingly deceives the participants into believing they have successfully completed the data transmission. Replay attacks help attackers to gain access to a network, gain information that would not have been easily accessible. You can prevent a Replay Attack by:
DNS PoisoningDNS poisoning (also known as DNS cache poisoning or DNS spoofing) is a type of attack which uses security gaps in the Domain Name System (DNS) protocol to redirect internet traffic to malicious websites. DNS poisoning happens when a malicious actor intervenes in that process and supplies the wrong answer. These types of man in the middle attacks are often called DNS spoofing attacks because the malicious actor is in essence tricking the DNS server into thinking that it has found the authoritative name server, when in fact it hasn’t. Once it has tricked the browser or application into thinking that it received the right answer to its query, the malicious actor can feed back whatever fake website it wants back to the host device – usually web pages which look like the desired website but actually are there to collect valuable information like passwords, banking information, and the like. You can prevent DNS Poisoning by:
ARP PoisoningARP Poisoning (also known as ARP Spoofing) is a type of cyber-attack carried out over a Local Area Network (LAN) that involves sending malicious ARP packets to a default gateway on a LAN in order to change the pairings in its IP to MAC address table. ARP Protocol translates IP addresses into MAC addresses. The attack consists of an attacker sending a false ARP reply message to the default network gateway, informing it that his or her MAC address should be associated with his or her target’s IP address (and vice-versa, so his or her target’s MAC is now associated with the attacker’s IP address). Once the default gateway has received this message and broadcasts its changes to all other devices on the network, all of the target’s traffic to any other device on the network travels through the attacker’s computer, allowing the attacker to inspect or modify it before forwarding it to its real destination. You can prevent ARP Poisoning by:
Domain KitingDomain kiting is the practice of repeatedly registering and deleting a domain name so that the registrant can, in effect, own the domain name without paying for it. Domain kiting exploits the five-day add grace period (AGP) in the domain name registration system. During the first five days after registering, a registrant can delete a given domain name without charge or penalty. ICANN, the organization responsible for the registration system, has proposed abolishment of the grace period as a means of making domain kiting and domain tasting unprofitable for the practitioner. The main reason for domain kiting is earning extra money from advertisements and marketing methods while not paying any fees for the domain. If the kiting is continuous it is possible that the registration fee for the domain is never paid since the registrar keeps canceling it before the grace period ends; thus, the registrar can earn profit without any costs incurred. You can prevent Domain Kiting by:
TyposquattingTyposquatting, also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else’s brand or copyright) that targets Internet users who incorrectly type a website address into their web browser (e.g., “Gooogle.com” instead of “Google.com”). The typo squatted domain owner may redirect traffic to a different URL, show ads, or simply park the domain with the hope that the brand buys the domain from them. You can Prevent Typosquatting Attacks by:
Client-Side AttacksClient-side attacks require user-interaction usually initiating from a web browser to an internet website. The tactics used to invoke the attack are seamless to the end user, such as, enticing them to click a link, open a document, or somehow download malicious content. The flow of data is reversed compared to server-side attacks: client-side attacks initiate from the victim who downloads content from the attacker. You can prevent Client-Side Attacks by:
Watering Hole AttacksA watering hole attack is a targeted attack. It is designed to compromise users within a specific industry or group of users by infecting websites they typically visit and luring them to a malicious site. The end goal is to infect the user’s computer and gain access to their organization’s network. Watering Hole attacks, also known as strategic website compromise attacks, are limited in scope as they rely on an element of luck. They do however become more effective, when combined with email prompts to lure users to websites. You can prevent Watering Hole Attacks by:
Zero-Day AttacksIf a hacker manages to exploit the vulnerability before software developers can find a fix, that exploit becomes known as a zero-day attack. Zero-day vulnerabilities can take almost any form because they can manifest as any type of broader software vulnerability. For example, they could take the form of missing data encryption, SQL injection, buffer overflows, missing authorizations, broken algorithms, URL redirects, bugs, or problems with password security. This makes zero-day vulnerabilities difficult to proactively find—which in some ways is good news because it also means hackers will have a hard time finding them. But it also means it’s difficult to guard against these vulnerabilities effectively. You can prevent Zero-Day Attacks by:
Wireless AttacksA wireless attack involves identifying and examining the connections between all devices connected to the business’s wifi. These devices include laptops, tablets, smartphones, and any other internet of things (IoT) devices.
Data EmanationIs a form of an attack whereby data is compromised by receiving the analog output from a device and transferring the by-product to another resource. The source of the attack can derive from emanations from the sound of keyboard clicks, light from LEDs, and reflected light. The electromagnetic field generated by a network cable or device can also be manipulated to eavesdrop on a conversation or to steal data. You can prevent Data Emanation Attacks by:
JammingJamming is a type of Denial of Service (DoS) attack targeted to wireless networks. The attack happens when RF frequencies interfere with the operation of the wireless network. Normally jamming is not malicious and is caused by the presence of other wireless devices that operate in the same frequency as the wireless network. Hackers can perform Denial of Service (DoS) jamming attacks by analyzing the spectrum used by wireless networks and then transmitting a powerful signal to interfere with communication on the discovered frequencies. The main aim of a DoS attack is to direct malicious signals towards the sensor nodes’ communication channels to deplete their resources such as the battery life, bandwidth, and storage in order to prevent transmitted sensor data from reaching its destination, thereby affecting its long-term availability. You can prevent Jamming Attacks by:
Bluetooth VulnerabilitiesSeveral attack methods target Bluetooth devices specifically. These include:
You can prevent Bluetooth Vulnerability Attacks by:
Near-Field CommunicationNear Field Communication (NFC) technology allows two devices placed within a few centimeters of each other to exchange data. In order for the technology to work, both devices must be equipped with an NFC chip. This technology is usually embedded in commuter cards, smart cards, and smartphones. The security attacks and risks that could occur in NFC are due to the physical nature of the NFC sensors and its operating mechanism which uses the insecure communication channel. NFC communication is susceptible to eavesdropping, ticket cloning, data corruption, data modification, data insertion, and Denial of Service (DoS) attacks. You can prevent Near Field Communication Attacks by:
War DrivingWar Driving is defined as the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computing device. The term War Driving is derived from the 1980s phone hacking method known as war dialing. War dialing involves dialing all the phone numbers in a given sequence to search for modems. The War Driving gained popularity in 2001, because that time wireless network scanning tools became widely available. The initial war driving tools included simple software coupled with the WNIC (Wide-area Network Interface Coprocessor). Recent wireless technology developments enable a network to extend far beyond the parking space of an office building. In some cases, a wireless network has the ability to span several miles. Now an attacker can stay far away from the building and still catch a strong signal from the network. A good war driving software package is NetStumbler. You can prevent War Driving Attacks by:
Evil TwinAn evil twin attack is a hack attack in which a hacker sets up a fake Wi-Fi network that looks like a legitimate access point to steal victims’ sensitive details. The attack can be performed as a man-in-the-middle (MITM) attack. The fake Wi-Fi access point is used to eavesdrop on users and steal their login credentials or other sensitive information. Because the hacker owns the equipment being used, the victim will have no idea that the hacker might be intercepting things like bank transactions. An evil twin access point can also be used in a phishing scam. In this type of attack, victims will connect to the evil twin and will be lured to a phishing site. It will prompt them to enter their sensitive data, such as their login details. These, of course, will be sent straight to the hacker. Once the hacker gets them, they might simply disconnect the victim and show that the server is temporarily unavailable. You can prevent Evil Twin Attacks by:
Deauthentication and DisassociationA Deauthentication attack is a type of denial of service attack that targets communication between a user and a Wi-Fi access point. Deauthentication frames fall under the category of the management frames. When a client wishes to disconnect from the AP, the client sends the deauthentication or disassociation frame. The AP also sends the deauthentication frame in the form of a reply. This is the normal process, but an attacker can take advantage of this process. The attacker can spoof the MAC address of the victim and send the deauth frame to the AP on behalf of the victim; because of this, the connection to the client is dropped. The aireplay-ng program is the best tool to accomplish a deauth attack. You can prevent Deauthentication and Disassociation attacks by:
War ChalkingWarchalking is when someone draws symbols or markings in an area to indicate open Wi-Fi. This type of attack is relatively harmless. The practice of creating symbols that could demonstrate the open wireless network and they were documented for standardization. So whenever they would come across an open Wi-Fi, they would draw these symbols on nearby walls or pavement or even on the lamps so as to advertise it. Importance of it was to make other people were aware that open wireless network exists at a particular location for other to use it as well. They would draw specific symbols to state whether there was an open node, closed node or even the encrypted one. You can prevent Warchalking attacks by:
Packet Sniffing and EavesdroppingAn eavesdropping attack, also known as a sniffing
or snooping attack, is a theft of information as it is transmitted over a network by a computer, smartphone, or another connected device. An eavesdropping attack can be difficult to detect because the network transmissions will appear to be operating normally. To be successful, an eavesdropping attack requires a weakened connection between a client and a server that the attacker can exploit to reroute network traffic. The attacker installs network monitoring software, the “packet sniffer,” on a computer or a server to intercept data as it is transmitted. You can prevent Packet Sniffing and Eavesdropping by:
Replay Attacks (Wireless)A simple, yet effective strategy for wireless DoS is to replay locally overheard data packets. These packets are then carried by other forwarding nodes resulting in increased levels of congestion on a wider scale. There are variations of the attack, where either control or data packets are replayed. The objective of the attacker is to make the packet to look like a legitimate unit avoiding at the same time detection. The intelligence of such an attack lies in convincing the MAC level recipient(s) of a packet to accept and forward it and, the final destination into believing that this was a legitimately retransmitted packet and that no attack is being launched. You can prevent Replay Attacks (Wireless) by:
WPS AttacksWi-Fi Protected Setup (WPS) is a wireless standard that enables simple connectivity to “secure” wireless APs. The problem with WPS is that its implementation of registrar PINs make it easy to connect to wireless and can facilitate attacks on the very WPA/WPA2 pre-shared keys used to lock down the overall system. The WPS attack is relatively straightforward using an open source tool called Reaver. Reaver works by executing a brute-force attack against the WPS PIN. You can prevent WPS Attacks by:
WEP/WPA AttacksWEP, or Wired Equivalent Privacy, was implemented in 1995 to provide the same expectation of privacy as on wired networks for users of Wi-Fi but had security problems that came to light shortly afterwards. It was deprecated in 2004, superseded by the WPA and WPA2 encryption that you see today. The reason for this was a series of increasingly devastating attacks against the encryption used in WEP, resulting in the ability to recover the password in a matter of minutes. WEP is a stream cipher which relies on never using the same key twice to provide security. Unfortunately, as demonstrated in several published attacks, an attacker is easily able to force the same key to be used twice by replaying network traffic in a way that forces a tremendous amount of packets to be generated. This allows an attacker to collect the data needed to determine the encryption key and crack the network password outright. With good range and a powerful network adapter, anyone can expect to crack WEP networks in only a few minutes. Unfortunately, WPA (Wi-Fi Protected Access) is susceptible to password-cracking attacks, especially when the network is using a weak PSK or passphrase. You can prevent WEP/WPA Attacks by:
IV AttackAn IV attack is also known as an Initialization Vector attack. This is a kind of wireless network attack that can be quite a threat to one’s network. This is because it causes some modifications on the Initialization Vector of a wireless packet that is encrypted during transmission. After such an attack, the attacker can obtain much information about the plaintext of a single packet and generate another encryption key which he or she can use to decrypt other packets using the same Initialization Vector. With that kind of decryption key, attackers can use it to come up with a decryption table which they and use to decrypt every packet being sent across the network. You can prevent IV Attacks by:
TKIP AttackTKIP was introduced in 2003, and amongst other enhancements, including a new per-packet hashing algorithm, the Message Integrity Check (MIC). MIC is based on a weak algorithm, designed to be accommodated on legacy WEP hardware. TKIP uses MIC for guaranteeing the integrity of an encrypted frame. If more than two MIC failures are observed in a 60 second window, both the Access Point (AP) and client station shut down for 60 seconds. The new TKIP attack uses a mechanism similar to the “chopchop” WEP attack to decode one byte at a time by using multiple replays and observing the response over the air. When a MIC failure occurs, the attacker can observe the response and waits for 60 seconds to avoid MIC countermeasures. Using the mechanism, the attacker can decode a packet at the rate of one byte per minute. Small packets like ARP frames can typically be decoded in about 15 minutes by leveraging this exploit. You can prevent TKIP Attacks by:
WPA2 AttacksWPA2 is a type of encryption used to secure the vast majority of Wi-Fi networks. A WPA2 network provides unique encryption keys for each wireless client that connects to it. Unfortunately, in 2017 an attack method called KRACK (Key Reinstallation AttaCK) was discovered to break WPA2 encryption, allowing a hacker to read information passing between a device and its wireless access point. This technique used a variation of a common – and usually highly detectable – man-in-the-middle attack. The vulnerability could potentially allow a hacker to spy on your data as well as gain access to unsecured devices sharing the same Wi-Fi network. In some instances, attackers could also have the ability to manipulate web pages, turning them into fake websites to collect your information or to install malware on your devices. You can prevent WPA2 Attacks by:
Malware & Ransomware AttacksMalware, or malicious software, is any piece of software that was written with the intent of doing harm to data, devices or to people. Systems infected with malware will present with symptoms such as running slower, sending emails without user action, randomly rebooting, or starting unknown processes. Ransomware / Crypto-MalwareRansomware is a type of malware designed to lock users out of their system or deny access to data until a ransom is paid. Crypto-Malware is a type of ransomware that encrypts user files and requires payment within a time frame and often through a digital currency like Bitcoin. VirusesA virus is the most common type of malware attack. In order for a virus to infect a system it requires a user to click or copy it to media or a host.Most viruses self-replicate without the knowledge of the user. These viruses can be spread from one system to another via email, instant messaging, website downloads, removable media (USB), and network connections. Some file types are more susceptible to virus infections – .doc/docx, .exe, .html, .xls/.xlsx, .zip. Viruses typically remain dormant until it has spread on to a network or a number of devices before delivering the payload. KeyloggersKeylogging, or keyboard capturing, logs a user’s keystrokes and sends data to the threat actor. Users are typically unaware that their actions are being monitored. While there are use cases for employers using keyloggers to track employee activity, they’re mostly used to steal passwords or sensitive data. Keyloggers can be a physical wire discreetly connected to a peripheral like a keyboard, or installed by a Trojan. WormsSimilar to a virus, a worm can also self-replicate and spread full copies and segments of itself via network connections, email attachments, and instant messages. Unlike viruses, however, a worm does not require a host program in order to run, self-replicate, and propagate. Worms are commonly used against email servers, web servers, and database servers. Once infected, worms spread quickly over the internet and computer networks. Trojan HorsesTrojan horse programs are malware that is disguised as legitimate software. A Trojan horse program will hide on your computer until it’s called upon. When activated, Trojans can allow threat actors to spy on you, steal your sensitive data, and gain backdoor access to your system. Trojans are commonly downloaded through email attachments, website downloads, and instant messages. Social engineering tactics are typically deployed to trick users into loading and executing Trojans on their systems. Unlike computer viruses and worms, Trojans are not able to self-replicate. Social engineering is the attempt to manipulate a user into giving up sensitive information such as user account credentials, wiring funds, or personal customer information. This form of cyber attack is one of the most popular for deploying malicious code on to a network. According to recent data, 98% of cyber attacks rely on social engineering. Most are familiar with email phishing and whaling techniques as it has become an essential component to any cyber security program and is often bundled into other IT solutions. 1. Phishing AttacksPhishing refers to an attack that is usually sent in the form of a link embedded within an email. The email is disguised and looks like an email from a reliable source, but in reality, it’s a link to a malicious site. 2. VishingVishing is a social engineering attack that attempts to trick victims into giving up sensitive information over the phone. In most cases, the attacker strategically manipulates human emotions, such as fear, sympathy, and greed in order to accomplish their goals. This form of attack has been around since the early 2000’s, but has become increasingly prevalent in part due to the upward trend in the amount of people working remotely today. 3. SmishingSmishing is a cyber attack that uses SMS text messages to mislead its victims into providing sensitive information to a cybercriminal. Sensitive information includes your account name and password, name, banking account or credit card numbers. The cybercriminal may also embed a short url link into the text message, inviting the user to click on the link which in most cases is a redirect to a malicious site. 4. PretextingAn attacker can impersonate an external IT services operator to ask internal staff for information that could allow accessing system within the organization. 5. Whaling AttacksWhaling adopts the same methods of spear phishing attacks, but the scam email is designed to masquerade as a critical business email sent from a legitimate authority, typically from relevant executives of important organizations. The word whaling is used, indicating that the target is a big fish to capture. 6. TailgatingThe tailgating attack, also known as “piggybacking,” involves an attacker seeking entry to a restricted area that lacks the proper authentication. The attacker can simply walk in behind a person who is authorized to access the area. In a typical attack scenario, a person impersonates a delivery driver or a caretaker who is packed with parcels and waits when an employee opens their door. Related Articles
Which of the following devices are the first line of defense for networks connected to the Internet?1. Network firewall. Firewalls are the first line of defense in network security. These network applications or devices monitor and control the flow of incoming and outgoing network traffic between a trusted internal network and untrusted external networks.
Which of the following is the process of sending unsolicited messages to another Bluetooth device?Blue jacking: Blue jacking is the process of sending unsolicited messages to Bluetooth-enabled devices. BlueSnarfing: is the illegal theft of information from Bluetooth enabled devices.
Which of the following types of attacks involves the sending of unsolicited messages over a Bluetooth connection?Bluejacking is the sending of unsolicited messages over a Bluetooth connection.
What type of attack captures portions of a session to play back later to convince a host that it is still talking to the original connection?A replay attack captures portions of a session to play back later to convince a host that it is still talking to the original connection.
|