Demystifying some of the most common attacks over the internet that you may not know
In this fast-moving internet-savvy world, there are a lot of attacks happening over the internet that you may not even know about. Millions of systems are attacked every single day and Hackers use a plethora of tools and technologies to attack these systems. If you don’t know about these attacks, then there are high chances you may suffer from some or many of them.
A problem well-stated is a problem half-solved. — Charles Kettering
An attack is any malicious type of activity that can be performed to either steal, modify or delete data from computers, networks, or devices. This post aims to describe the majority of these attacks in a precise format. You can also share this article among your friends, family or colleagues to educate them about the same.
Browser Attack: Attackers disguise malware as an application or an update (phishing). The browser users are tricked to download the hidden malware. Browser intruded malware attacks the operating system or applications. It can be defended by updates to the browser, OS, or apps.
Phishing: is a hacker fishing around (commonly through emails) to obtain information such as usernames, passwords, card information by disguising themselves as a trustworthy entity. Phishing emails generally contain attachment files and website links that contain malware.
Spear Phishing is phishing an individual or a company using the personal information of the individual to increase success probability. It is the most common and successful type of security attack.
Clone Phishing is legitimately resending a previously sent email to the receiver containing an attachment or a website link infected with malware. It fools the receiver as if it is an updated email or a replied email.
Whaling is a phishing attack made to a high-level executive (the whale) of a company to attack important business-level files using executive-level access.
Link Manipulation is a phishing website link that contains malware or connects to an attacker’s website. It looks like a proper legitimate website link. Hacker’s web address is disguised under a text or tab that is not shown.
Filter evasion is phishing emails that use images instead of text to avoid anti-phishing filters used in security systems.
Website forgery is the phishing website replacing the user’s address bar or website with the hacker’s address bar and website. The user is then, fooled into providing important login, password, and account information to the hacker.
Covert Redirect is corrupting a website to have a malicious login popup dialogue box that covertly redirects the login to the hacker’s website.
Social Engineering provokes a user (with situational technical and social factors, e.x., fake news) to click on a malicious link to a hacker’s website.
Phone Phishing is a Telephone call or SMS to trick people into giving personal information.
Brute force Attack: is a repeated attempt to decode a PIN or password. Easy common passwords and dictionary attacks are attempted first. It is defended by frequent and well-selected password changes and avoiding logging-in frequently.
Denial of Service (DoS) Attack: is used to attack a computer, server, or network to block communications and services. Attackers overload the target with more requests than the target system can handle. Common targets are online banking, email, and commercial websites.
Distributed Dos (DDoS) uses multiple distributed computers to conduct the DoS attack. It can be defended by anti-virus software, firewalls, and email filters.
Buffer Overflow (Buffer Overrun) is used in DoS and DDoS attacks. An anomaly program (malware) overruns the buffer’s boundary and overwrites it into adjacent memory locations. Some of the possible Defence schemes that you can have here include: Randomizing the layout of memory, Deliberately leaving space between buffers, Monitor actions that write into adjacent memory spaces.
Two representative forms of buffer overflow are stack overflow and heap overflow.
Stack Buffer Overflow is used to manipulate a local variable related to the vulnerable buffer on the stack, to manipulate the return address in a stack frame, to manipulate the function pointer or exception handler to create operation malfunction, to manipulate the stack frame’s local pointer or local variable.
Heap Buffer Overflow occurs in sections of heaps. Heap is used in dynamic memory allocation (of program data) in applications during runtime. Protection methods to prevent heap overflow include separating code and data (to prevent execution of payload), randomizing heap location so that it's not available at a fixed offset position, periodically checking the condition of the heap (All these methods are applied in OSes and apps).
Man-in-the-middle (MITM) attack: secretly relays and manipulates packets between communicating servers and users. MITM results in active eavesdropping and manipulation of information. Defense against MITM attacks include Enhanced Authentication using a CA (Certificate Authority) based on verified certificates from a trusted 3rd-party, Latency examination based Tamper examination, HTTP Public Key Pinning (Certificate Pinning) where an HTTP server first announces (pings up) a list of public key hashes that can be used for messages and data encryption.
SQL Injection: SQL (Structured Query Language) is used for RDBMS (Relational Database Management System) and RDSMS (Relational Data Stream Management System) processing. It is a code injection technique used to attack SQL databases and data-driven applications. The attacker finds security vulnerabilities in an application and inserts SQL statements to spoof identity, tamper with existing data, void or change transactions, change account balances, disclosure of data, destroy data, ransom data, and application, Hijacking administrator role of the application or server.
Secure Sockets Layer (SSL) Attack: SSL is used to provide a secured encryption-protected link between website and browser as well as between email server and email user applications. In the early connection stages, SSL Attackers try to intercept user information (access passwords, cookies, authentication tokens, etc) before it is encrypted. Attackers try to gain sensitive data (credit/debit card information, social security numbers, etc).
Scans: are commonly used before launching an attack on a system. Attackers scan for open computer ports that can be used to gain access to a computer. Attackers repeatedly send messages to computer ports to find security vulnerabilities.
Domain Name Server (DNS) Attacks: DNS is used to change domain names to IP Addresses. DNS Spoofing (DNS Cache Poisoning) is an attack that changes the domain name’s IP address to a wrong IP address. DNS Spoofing is used for DNS Hijacking, where the user is redirected to a bogus website or a computer controlled by the attacker. It can be defended by using random source ports and updating server security patches.
Backdoor Attacks: Backdoor is a computer remote access application used by developers and administrators which can bypass the security system. Hackers try to gain access through malicious backdoors in hardware and software components. It can be defended by updating server security patches.
Here is a chart that illustrates how common these attacks were, in 2017. The situation is not much different in 2021.
Some of the growing security and threat issues
Botnet (Robot Network): Multiple devices are used to conduct Internet attacks (DDoS, stealing data, sending spams, intrusions) by the Botnet owner (attacker). Zombie computers (Hacker compromised computers connected to the Internet) are frequently used as Botnets. Users are generally not aware, that his/her computer is a zombie computer.
Zero-Day Vulnerability: New Zero-Day Vulnerabilities are discovered almost every day. A zero-day attack is an attack on the vulnerability of the web system that results in disabling of web services. Zero-day refers to the day that a critical system, network, software, or platform vulnerability was patched, such that the web operation was restored.
Browser and Website attacks: Attackers are always looking for vulnerabilities in browser and website plugins.
Repeated attacks: occur in companies that are frequently attacked, bigger companies are attacked more frequently, Ransomware is increasing rapidly.
Companies not reporting breaches and attacks: If personal records are stolen, the reputation of the organization is damaged severely. Companies may not even know if they have been breached or how to recover from that.
Summing up, I can say hackers are trying different ways to find vulnerabilities and we need to be aware enough to know about the majority of them. Security is of paramount importance to any organization or individual. Using cybersecurity best practices, we can guard against a lot of the aforementioned security issues.
That’s it from this blog. I hope you liked the content. Thanks, Have a great week!