Many approaches exist to gain access are different types of attacks on a system. One common requirement for all such approaches is that the attacker finds and exploits a system’s weakness or vulnerability.
Types of attacks on a system
Operating System Attacks
Today’s Operating Systems (OS) are loaded with features and are increasingly complex. While users take advantage of these features, they are prone to more vulnerabilities, thus enticing attackers. Operating systems run many services such as graphical user interfaces (GUIs) that support applications and system tools, and enable Internet access. Extensive tweaking is required to lock them down. Attackers constantly look for OS vulnerabilities that allow them to exploit and gain access to a target system or network. To stop attackers from compromising the network, the system or network administrators must keep abreast of various new exploits and methods adopted by attackers, and monitor the networks regularly.
By default, most operating systems’ installation programs install a large number of services and open ports. This situation leads attackers to search for vulnerabilities. Applying patches and hot fixes is not easy with today’s complex networks. Most patches and fixes tend to solve an immediate issue. In order to protect the system from operating system attacks in general, it is necessary to remove and/or disable any unneeded ports and services.
Some OS vulnerabilities include:
– Buffer overflow vulnerabilities
– Bugs in the operating system
– An unmatched operating system
Attacks performed at the 05 level include:
– Exploiting specific network protocol implementations
– Attacking built-in authentication systems
– Breaking file-system security
– Cracking passwords and encryption mechanisms
Security misconfiguration or poorly configured security controls might allow attackers to gain unauthorized access to the system, compromise files, or perform other unintended actions. Misconfiguration vulnerabilities affect web servers, application platforms, databases, networks, or frameworks that may result in illegal access or possible system takeover. Administrators should change the default configuration of the devices before deploying them in the production network. To optimize the configuration of the machine, remove any unneeded services or software. Automated scanners detect missing patches, misconfigurations, use of default accounts, unnecessary services, and so on.
Also Read : Top 10 Most Common Types of Cyber Attacks
Software developers are often under intense pressure to meet deadlines, which can mean they do not have sufficient time to completely test their products before shipping them, leaving undiscovered security holes. This is particularly troublesome in newer software applications that come with a large number of features and functionalities, making them more and more complex. An increase in the complexity means more opportunities for vulnerabilities. Attackers find and exploit these vulnerabilities in the applications using different tools and techniques to gain unauthorized access and steal or manipulate data.
Security is not always a high priority to software developers, and they handle it as an “add-on” component after release. This means that not all instances of the software will have the same level of security. Error checking in these applications can be very poor (or even nonexistent), which leads to:
- Buffer overflow attacks
- Sensitive information disclosure
- Denial-of-service attacks
- SQL injection attacks
- Cross-site scripting
- Session hijacking
- Parameter/form tampering
- Man-in-the-middle attacks
- Directory traversal attacks
- SQL injection attacks
Shrink-Wrap Code Attacks
Software developers often use free libraries and code licensed from other sources in their programs to reduce development time and cost. This means that large portions of many pieces of software will be the same, and if an attacker discovers vulnerabilities in that code, many pieces of software are at risk.
Attackers exploit default configuration and settings of the off-the-shelf libraries and code. The problem is that software developers leave the libraries and code unchanged. They need to customize and fine-tune every part of their code in order to make it not only more secure, but different enough so that the same exploit will not work.
An attack can be active or passive. An “active attack” attempts to alter system resources or affect their operation. A “passive attack” attempts to learn or make use of information from the system but does not affect system resources (e.g., wiretapping).you can learn all types of attack in CEH v10 location in Mumbai. The infosavvy provides the certified Ethical hacking training and EC Council Certification.
Man-in-the-middle (MitM) attack
A MitM attack occurs when a hacker inserts itself between the communications of a client and a server. Here are some common types of man-in-the-middle attacks:
In this type of MitM attack, an attacker hijacks a session between a trusted client and network server. The attacking computer substitutes its IP address for the trusted client while the server continues the session, believing it’s communicating with the client. as an example , the attack might unfold like this:
1. A client connects to a server.
2. The attacker’s computer gains control of the client.
3. The attacker’s computer disconnects the client from the server.
4. The attacker’s computer replaces the client’s IP address with its own IP address and spoofs the client’s sequence numbers.
5. The attacker’s computer continues dialog with the server and therefore the server believes it’s still communicating with the client.
IP spoofing is used by an attacker to convince a system that it’s communicating with a known, trusted entity and provide the attacker with access to the system. The attacker sends a packet with the IP source address of a known, trusted host rather than its own IP source address to a target host. The target host might accept the packet and act upon it.
Related Product : Certified Ethical Hacker | CEH Certification
A replay attack occurs when an attacker intercepts and saves old messages then tries to send them later, impersonating one among the participants. this sort can be easily countered with session timestamps or nonce (a random number or a string that changes with time).
Currently, there’s no single technology or configuration to stop all MitM attacks. Generally, encryption and digital certificates provide an efficient safeguard against MitM attacks, assuring both the confidentiality and integrity of communications. But a man-in-the-middle attack are often injected into the center of communications in such how that encryption won’t help — for instance , attacker “A” intercepts public key of person “P” and substitute it together with his own public key. Then, anyone wanting to send an encrypted message to P using P’s public key’s unknowingly using A’s public key. Therefore, A can read the message intended for P then send the message to P, encrypted in P’s real public key, and P will never notice that the message was compromised. additionally , A could also modify the message before resending it to P. As you’ll see, P is using encryption and thinks that his information is protected but it’s not, due to the MitM attack.
So, how can you confirm that P’s public key belongs to P and to not A? Certificate authorities and hash functions were created to solve this problem. When person 2 (P2) wants to send a message to P, and P wants to be sure that A won’t read or modify the message which the message actually came from P2, the following method must be used:
- P2 creates a symmetric key and encrypts it with P’s public key.
- P2 sends the encrypted symmetric key to P.
- P2 computes a hash function of the message and digitally signs it.
- P2 encrypts his message and therefore the message’s signed hash using the symmetric key and sends the whole thing to P.
- P is able to receive the symmetric key from P2 because only he has the private key to decrypt the encryption.
- P, and only P, can decrypt the symmetrically encrypted message and signed hash because he has the symmetric key.
- he’s ready to verify that the message has not been altered because he can compute the hash of received message and compare it with digitally signed one.
- P is additionally ready to convince himself that P2 was the sender because only P2 can sign the hash in order that it’s verified with P2 public key.
Phishing and spear phishing attacks
Phishing attack is that the practice of sending emails that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something. It combines social engineering and technical trickery. It could involve an attachment to an email that loads malware onto your computer. It could even be a link to an illegitimate website which will trick you into downloading malware or handing over your personal information.
Spear phishing may be a very targeted sort of phishing activity. Attackers take the time to conduct research into targets and make messages that are personal and relevant. due to this, spear phishing are often very hard to spot and even harder to defend against. one among the only ways in which a hacker can conduct a spear phishing attack is email spoofing, which is when the information within the “From” section of the e-mail is falsified, making it appear as if it’s coming from someone you recognize , like your management or your partner company. Another technique that scammers use to add credibility to their story is website cloning — they copy legitimate websites to fool you into entering personally identifiable information (PII) or login credentials.
To reduce the danger of being phished, you’ll use these techniques:
- Critical thinking — don’t accept that an email is that the real deal just because you’re busy or stressed otherwise you have 150 other unread messages in your inbox. Stop for a moment and analyze the e-mail.
- Hovering over the links — Move your mouse over the link, but don’t click it! Just let your mouse cursor h over over the link and see where would actually take you. Apply critical thinking to decipher the URL.
- Analyzing email headers — Email headers define how an email need to your address. The “Reply-to” and “Return-Path” parameters should lead to the same domain as is stated within the email.
- Sandboxing — you’ll test email content during a sandbox environment, logging activity from opening the attachment or clicking the links inside the e-mail .
Drive-by download attacks are a standard method of spreading malware. Hackers search for insecure websites and plant a malicious script into HTTP or PHP code on one among the pages. This script might install malware directly onto the pc of somebody who visits the site, or it’d re-direct the victim to a site controlled by the hackers. Drive-by downloads can happen when visiting a website or viewing an email message or a pop-up window. Unlike many other types of cyber security attacks, a drive-by doesn’t rely on a user to do anything to actively enable the attack — you don’t need to click a download button or open a malicious email attachment to become infected. A drive-by download can cash in of an app, operating system or web browser that contains security flaws thanks to unsuccessful updates or lack of updates.
To protect yourself from drive-by attacks, you would like to stay your browsers and operating systems up to date and avoid websites which may contain malicious code. stick with the sites you normally use — although keep in mind that even these sites are often hacked. Don’t keep too many unnecessary programs and apps on your device. The more plug-ins you have, the more vulnerabilities there are which will be exploited by drive-by attacks.
Because passwords are the most commonly used mechanism to authenticate users to an information system, obtaining passwords may be a common and effective attack approach. Access to a person’s password are often obtained by looking round the person’s desk, ‘‘sniffing’’ the connection to the network to acquire unencrypted passwords, using social engineering, gaining access to a password database or outright guessing. The last approach are often done in either a random or systematic manner:
• Brute-force password guessing means using a random approach by trying different passwords and hoping that one work Some logic are often applied by trying passwords related to the person’s name, job title, hobbies or similar items.
• Dictionary attack, a dictionary of common passwords is used to attempt to realize access to a user’s computer and network. One approach is to copy an encrypted file that contains the passwords, apply an equivalent encryption to a dictionary of commonly used passwords, and compare the results.
In order to protect yourself from dictionary or brute-force attacks, you would like to implement an account lockout policy which will lock the account after a few invalid password attempts. you’ll follow these account lockout best practices so as to set it up correctly.
SQL injection attack
SQL injection has become a common issue with database-driven websites. It occurs when a malefactor executes a SQL query to the database via the input file from the client to server. SQL commands are inserted into data-plane input (for example, rather than the login or password) in order to run predefined SQL commands. A successful SQL injection exploit can read sensitive data from the database, modify (insert, update or delete) database data, execute administration operations (such as shutdown) on the database, recover the content of a given file, and, in some cases, issue commands to the OS.
For example, a web form on a website might request a user’s account name then send it to the database in order to pull up the associated account information using dynamic SQL like this:
“SELECT * FROM users WHERE account = ‘“ + userProvidedAccountNumber +”’;”
While this works for users who are properly entering their account number, it leaves a hole for attackers. for instance , if someone decided to supply an account number of “‘ or ‘1’ = ‘1’”, that might end in a question string of:
“SELECT * FROM users WHERE account = ‘’ or ‘1’ = ‘1’;”
Because ‘1’ = ‘1’ always evaluates to TRUE, the info base will return the data for all users rather than just one user.
The vulnerability to the present sort of cyber security attack depends on the very fact that SQL makes no real distinction between the control and data planes. Therefore, SQL injections work mostly if an internet site uses dynamic SQL. Additionally, SQL injection is extremely common with PHP and ASP applications thanks to the prevalence of older functional interfaces. J2EE and ASP.NET applications are less likely to have easily exploited SQL injections due to the nature of the programmatic interfaces available.
In order to protect yourself from a SQL injection attacks, apply least privilege model of permissions in your databases. stick with stored procedures (make sure that these procedures don’t include any dynamic SQL) and ready statements (parameterized queries). The code that’s executed against the database must be strong enough to stop injection attacks. additionally , validate input file against a white list at the application level.
Cross-site scripting (XSS) attack
To defend against XSS attacks, developers can sanitize data input by users in an HTTP request before reflecting it back. confirm all data is validated, filtered or escaped before echoing anything back to the user, like the values of query parameters during searches. Convert special characters like ?, &, /, and spaces to their respective HTML or URL encoded equivalents. Give users the choice to disable client-side scripts.
Eavesdropping attacks occur through the interception of network traffic. By eavesdropping, an attacker can obtain passwords, credit card numbers and other confidential information that a user might be sending over the network. Eavesdropping can be passive or active:
- Passive eavesdropping — A hacker detects the information by listening to the message transmission in the network.
- Active eavesdropping — A hacker actively grabs the information by disguising himself as friendly unit and by sending queries to transmitters. This is called probing, scanning or tampering.
Detecting passive eavesdropping attacks is often more important than spotting active ones, since active attacks requires the attacker to gain knowledge of the friendly units by conducting passive eavesdropping before.
Data encryption is the best countermeasure for eavesdropping.
Malicious software are often described as unwanted software that’s installed in your system without your consent. It can attach itself to legitimate code and propagate; it can lurk in useful applications or replicate itself across the web . Here are some of the most common sorts of malware:
- Macro viruses — These viruses infect applications like Microsoft Word or Excel. Macro viruses attach to an application’s initialization sequence. When the application is opened, the virus executes instructions before transferring control to the application. The virus replicates itself and attaches to other code within the computing system .
- File infectors — File infector viruses usually attach themselves to executable code, such as .exe files. The virus is installed when the code is loaded. Another version of a file infector associates itself with a file by creating a virus file with an equivalent name, but an .exe extension. Therefore, when the file is opened, the virus code will execute.
- System or boot-record infectors — A boot-record virus attaches to the master boot record on hard disks. When the system is started, it’ll check out the boot sector and load the virus into memory, where it can propagate to other disks and computers.
- Polymorphic viruses — These viruses conceal themselves through varying cycles of encryption and decryption. The encrypted virus and an associated mutation engine are initially decrypted by a decryption program. The virus proceeds to infect an area of code. The mutation engine then develops a new decryption routine and therefore the virus encrypts the mutation engine and a copy of the virus with an algorithm corresponding to the new decryption routine. The encrypted package of mutation engine and virus is attached to new code, and therefore the process repeats. Such viruses are difficult to detect but have a high level of entropy due to the various modifications of their source code. Anti-virus software or free tools like Process Hacker can use this feature to detect them.
- Stealth viruses — Stealth viruses take over system functions to conceal themselves. they are doing this by compromising malware detection software in order that the software will report an infected area as being uninfected. These viruses conceal any increase within the size of an infected file or changes to the file’s date and time of last modification.
- Trojans — A Trojan or a trojan horse may be a program that hides during a useful program and typically has a malicious function. a major difference between viruses and Trojans is that Trojans don’t self-replicate. additionally to launching attacks on a system, a Trojan can establish a back door which will be exploited by attackers. for instance , a Trojan are often programmed to open a high-numbered port therefore the hacker can use it to listen then perform an attack.
- Logic bombs — A logic bomb may be a sort of malicious software that’s appended to an application and is triggered by a selected occurrence, like a logical condition or a specific date and time.
- Worms — Worms differ from viruses therein they are doing not attach to a number file, but are self-contained programs that propagate across networks and computers. Worms are commonly spread through email attachments; opening the attachment activates the worm program. A typical worm exploit involves the worm sending a copy of itself to each contact in an infected computer’s email address additionally to conducting malicious activities, a worm spreading across the internet and overloading email servers may result in denial-of-service attacks against nodes on the network.
- Droppers — A dropper may be a program wont to install viruses on computers. In many instances, the dropper isn’t infected with malicious code and, therefore won’t be detected by virus-scanning software. A dropper also can connect to the web and download updates to virus software that’s resident on a compromised system.
- Ransomware — Ransomware may be a sort of malware that blocks access to the victim’s data and threatens to publish or delete it unless a ransom is paid. While some simple computer ransomware can lock the system during a way that’s not difficult for a knowledgeable person to reverse, more advanced malware uses a way called cryptoviral extortion, which encrypts the victim’s files during a way that creates them nearly impossible to recover without the decryption key.
- Adware — Adware may be a software application used by companies for marketing purposes; advertising banners are displayed while any program is running. Adware are often automatically downloaded to your system while browsing any website and may be viewed through pop-up windows or through a bar that appears on the pc screen automatically.
- Spyware — Spyware may be a sort of program that’s installed to gather information about users, their computers or their browsing habits. It tracks everything you are doing without your knowledge and sends the info to a remote user. It can also download and install other malicious programs from the web . Spyware works like adware but is typically a separate program that’s installed unknowingly when you install another freeware application.
Questions related to this topic
- Can you give me an example of common security vulnerabilities?
- Which attack forces an authenticated user?
- What makes a website vulnerable to SQL injection?
- What is SQL injection attack with example?
Learn CEH & Think like hacker
- What is Ethical Hacking? & Types of Hacking
- 5 Phases of Hacking
- 8 Most Common Types of Hacker Motivations
- What are different types of attacks on a system
- Scope and Limitations of Ethical Hacking
- TEN Different Types Of Hackers
- What is the Foot-printing?
- Top 12 steps for Foot printing Penetration Testing
- Different types of tools with Email Foot printing
- What is “Anonymizer” & Types of Anonymizers
- Top DNS Interrogation Tools
- What is SNMP Enumeration?
- Top vulnerability scanning tools
- Information Security of Threat
- Foot printing tools:
- What is Enumeration?
- Network Security Controls
- What is Identity and Access Management?
- OWASP high TEN web application security risks
- Password Attacks
- Defend Against Key loggers
- Defend Against Spyware
- Covering Tracks
- Covering Track on Networks
- Everything You Need To Know About Sniffing – Part 1
- Everything You Need To Know About Sniffing – Part 2
- Learn more about GPS Spyware & Apparatuses
- Introduction of USB Spyware and It’s types
- 10 Types of Identity Theft You Should Know About
- Concepts of Denial-of-Service Attack & Distributed Denial of Service Attack
- Most Effective Ways to Overcome Impersonation on Social Networking Site’s Problem
- How Dynamic Host Configuration Protocol (DHCP) Works
- DHCP Request/Reply Messages
- DHCP Starvation Attack
- Rogue DHCP Server Attack
- IOS Switch Commands
- Web Server Concept
- Web Server Attacks
- Web Server Attack Tools
- Web Server Security Tools
- 6 Quick Methodology For Web Server Attack
- Learn Skills From Web Server Foot Printing / Banner Grapping
- The 10 Secrets You Will Never Know About Cyber Security And Its Important?
- Ways To Learn Finding Default Content Of Web Server Effectively
- How will Social Engineering be in the Future
- Understand The Background Of Top 9 Challenges IT Leaders Will Face In 2020 Now
- Learning Good Ways To Protect Yourself From Identity Theft
- Anti-phishing Tools Guide
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com