2.3 Cyber Attacks Flashcards
2.3.1 Malware
Cybercriminals use many different types of malicious software, or malware, to carry out attacks. Malware is any code that can be used to steal data, bypass access controls or cause harm to or compromise a system.
VIRUS
A virus is a type of computer program that, when executed, replicates and attaches itself to other files, such as legitimate programs, by inserting its own code into the file. Some viruses are harmless yet others can be destructive, such as those that modify or delete data. Most viruses require end-user interaction to initiate activation, and can be written to act on a specific date or time.
Viruses can be spread through removable media such as USB flash drives, internet downloads, and email attachments. The simple act of opening a file or executing an infected program can trigger a virus. Once a virus is active, it will usually infect other programs on the computer or other computers on the network. Viruses mutate to avoid detection.
WORMS
A worm is a malicious software program that replicates by independently exploiting vulnerabilities in networks. Unlike a virus, which requires a host program to run, worms can run by themselves. Other than the initial infection of the host, they do not require user participation and can spread very quickly over the network, usually slowing it down.
Worms share similar patterns: they exploit system vulnerabilities, they have a way to propagate themselves, and they all contain malicious code (payload) that causes damage to computer systems or networks.
TROJAN HORSE
A Trojan horse is malware that carries out malicious operations by masking its true intent. It might appear legitimate but is, in fact, very dangerous. Trojans exploit the privileges of the user who runs them.
Unlike viruses, Trojans do not self-replicate but often bind themselves to non-executable files, such as image, audio, or video files, that act as a decoy to harm the systems of unsuspecting users.
2.3.2 Logic Bombs
A logic bomb is a malicious program that waits for a trigger, such as a specified date or database entry, to set off malicious code. Until this trigger event happens, the logic bomb will remain inactive.
Once activated, a logic bomb implements malicious code that causes harm to a computer in various ways. It can sabotage database records, erase files, and attack operating systems or applications.
Cybersecurity specialists have recently discovered logic bombs that attack and destroy the hardware components in a device or server, including cooling fans, central processing units (CPU), memory, hard drives, and power supplies. The logic bomb overdrives these components until they overheat or fail.
2.3.3 Ransomware
This malware is designed to hold a computer system or the data it contains captive until a payment is made.
Ransomware usually works by encrypting your data so that you cannot access it. According to ransomware claims, once the ransom is paid via an untraceable payment system, the cybercriminal will supply a program that decrypts the files or sends an unlock code. In reality, many victims do not gain access to their data even after they have paid.
Some versions of ransomware take advantage of specific system vulnerabilities. Ransomware is often spread through phishing emails that encourage you to download a malicious attachment, or through a software vulnerability.
2.3.4 Denial of Service Attacks
Denial of service (DoS) attacks are a type of network attack that is relatively simple to conduct, even for an unskilled attacker. These attacks are a major risk as they usually result in some sort of interruption to network services, causing a significant loss of time and money. Even operational technologies, which consist of hardware or software that controls physical devices or processes in buildings, factories or utility providers, are vulnerable to DoS attacks, which can cause system shutdown, in extreme circumstances.
Overwhelming quantity of traffic
This is when a network, host, or application is sent an enormous amount of data at a rate which it cannot handle. This causes a slowdown in transmission or response, or causes the device or service to crash.
Maliciously formatted packets
A packet is a collection of data that flows between a source and a destination computer or application over a network, such as the internet. When a maliciously formatted packet is sent, the receiver will be unable to handle it.
For example, if an attacker forwards packets containing errors or improperly formatted packets that cannot be identified by an application, this will cause the receiving device to run very slowly or crash.
2.3.5 Domain Name System
There are many essential technical services needed for a network to operate — such as routing, addressing, and domain naming. These are prime targets for attack.
DOMAIN REPUTATION
The Domain Name System (DNS) is used by DNS servers to translate a domain name, such as www.cisco.com, into a numerical IP address so that computers can understand it. If a DNS server does not know an IP address, it will ask another DNS server.
An organization needs to monitor its domain reputation, including its IP address, to help protect against malicious external domains. Domain reputation is used to classify emails as spam or potential security threats.
DNS SPOOFING
DNS spoofing or DNS cache poisoning is an attack in which false data is introduced into a DNS resolver cache — the temporary database on a computer’s operating system that records recent visits to websites and other internet domains.
These attacks exploit a weakness in the DNS caching software that causes DNS servers to redirect traffic for a legitimate domain to the IP address of an illicit server.
DOMAIN HIJACKING
When an attacker wrongfully gains control of a target’s DNS information, they can make unauthorized changes to it. This is known as domain hijacking.
The most common way of hijacking a domain name is to change the administrator’s contact email address through social engineering or by hacking into the administrator’s email account. The administrator’s email address can be easily found via the WHOIS record for the domain, which is of public record.
UNIFORM RESOURCE LOACTOR (URL) REDIRACTION
A uniform resource locator (URL) is a unique identifier for finding a specific resource on the Internet. Redirecting a URL commonly happens for legitimate purposes.
For example, you have logged into an eLearning portal to begin this course. If you log out of the portal and return to it another time, the portal will redirect you back to the login page.
It is this type of functionality that attackers can exploit. Instead of taking you to the eLearning login page, they can redirect you to a malicious site.
2.3.6 Layer 2 Attacks
Layer 2 refers to the data link layer in the Open Systems Interconnection (OSI) data communication model.
This layer is used to move data across a linked physical network. IP addresses are mapped to each physical device address (also known as media access control (MAC) address) on the network, using a procedure called address resolution protocol (ARP).
In its simplest terms, the MAC address identifies the intended receiver of an IP address sent over the network, and ARP resolves IP addresses to MAC addresses for transmitting data.
Attackers often take advantage of vulnerabilities in Layer 2 security.
SPOOFING
Spoofing, or poisoning, is a type of impersonation attack that takes advantage of a trusted relationship between two systems.
-MAC address spoofing occurs when an attacker disguises their device as a valid one on the network and can therefore bypass the authentication process.
-ARP spoofing sends spoofed ARP messages across a LAN. This links an attacker’s MAC address to the IP address of an authorized device on the network.
-IP spoofing sends IP packets from a spoofed source address in order to disguise the packet origin.
MAC FLOODING
Devices on a network are connected via a network switch by using packet switching to receive and forward data to the destination device. MAC flooding compromises the data transmitted to a device. An attacker floods the network with fake MAC addresses, compromising the security of the network switch.