Introduction to Cyber Attacks & Threats

Types of Cyber Attacks, Threats and Fraud explained.

Types of Cyber Attacks

Trojans

Trojans are computer programs that contain malicious or harmful code within.

• It provides attacker with remote control and access to the victims computer.
• It is installed stealthily on the target computer.
• It can be malicious.

Steps to prevent it from loading on your computer / network

• Never execute exes sent over email, chat, IRC, etc.
• Download only from trusted sites.

What Is IP Spoofing?

IP spoofing (or IP address forgery or a host file hijack) is a technique in which the attacker spoofs a Web site (to conceal the true identity) to carry out their nefarious activities.

Criminals/Hackers use various techniques to mask their true identity, and IP spoofing is one of the most common forms of on-line camouflage.

In IP-spoofing, the hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source. So when a visitor types in the URL (Uniform Resource Locator) of a legitimate site, he/she’s basically taken to a fraudulent Web page created by the hijacker.

For IP spoofing attack to be successful it is important that the real trusted system does not interfere and interrupt the spoofing process at any time. This is where DOS (Denial-of-service) attacks come into picture.

By using a DOS attack, the attacker ensures that all the memory of the trusted system is used up so that it cannot respond to packets sent by the victim’s system. Once the attacker is sure that the trusted system will not respond, he can continue with the IP spoofing process.

Web site administrators can minimize the possibility of IP spoofing by implementing hierarchical or one-time passwords and other data encryption/decryption techniques, and implementing firewalls that block outgoing packets with source addresses that differ from the IP address of the user’s computer or internal network.

Password Cracking Attacks

Types of Password Cracking Attacks.

• Password Guessing: Gather as much personal information about the victim and then try out various combinations of different names and numbers.
• Default Passwords: Most applications have built-in default passwords, which are usually disabled by system admins. But there is always a possibility that some default passwords could still be enabled which could be capitalized by the attacker.
• Dictionary-based Attacks: Hit and Trial method where the attacker uses a tool that uses all words which appear in the dictionary, as the victim’s password.
• Brute Force Attacks: Use a tool that tries out all possible combinations of the available keys on the keyboard as the victim’s password.
• Phishing: An email leads the unsuspecting reader to a faked online banking, payment or other site in order to login and capture their passwords.
• Social engineering – Call an office posing as an IT security tech guy or ask for the network access password.
• Shoulder surfing – Here you hack the easiest way, just watch someone enter his password behind his back. 

Phishing

Phishing is one technique that most hackers use to breach bank accounts, by cheating gullible victims. The success of this technique depends on how well the hacker is able to win the trust of the victim.

Here’s a typical sequence that a hacker attempts:

1. The hacker sends out a mail that looks like an authentic mail originating from legitimate financial institutions, and asks for the victims personal details.
2. The email asks the user to update or verify user information by clicking a link on the mail; the link however is fake and takes the user to a fraudulent site.
3. Once the victim enters the Log-in & password details, the hacker comes in possession of that, which he/she uses to carry out bank transactions.

It is known as Phishing because the technique used is more or less similar to the one used while fishing. While fishing you use a “bait” to catch fish. In phishing, the bait used is typically an email that appears legitimate.

Pharming

Pharming, also referred to as page-hijacking or page-jacking, is when you are redirected to a fake/scam/bogus version of a website, which may look identical to the website you were trying to view.

Pharming is used to obtain access credentials, such as user names and passwords.

For this method to work successfully, the hacker usually requires unprotected access to the target computer, and that is why its easier to alter a customer’s home computer, rather than a corporate business server.

Here are the steps involved in this scam.

Note: Websites are identified on the Internet by their IP addresses, so whenever a user enters the URL name, it gets translated into an IP address via the DNS server on the internet.

• Once the user visits a website for the first time, the DNS entry for that site is usually stored on the computers local cache so that the browser doesn’t have to keep accessing the DNS server for future visits.
• In pharming, a virus attacks the DNS cache and then modifies the entries so that the user is automatically led to a fraudulent site without him/her knowing about it.
• Once there on the bogus site, the user login credentials are captured in the the usual manner.

So basically, the victim is sent to a fraudulent site using a computer virus. And there are several ways in which the virus could land on that computer, including the possibility that it could have originated from a phishing email.

To safeguard against these attacks, you need sophisticated anti-pharming measures.

Denial-of-Service (DOS) Attacks

Here are the various Types of Denial-of-Service (DOS) Attacks.

DOS Attack

In a Typical DOS attack, there is a single attacker who uses his system or a spoofed address and tries to bring the target system down. The ratio between the number of attackers and the target system is usually 1:1.

Distributed DOS attack

In a Distributed DOS (D-DOS) attack, the attacker first targets a lesser secure decoy network and takes control of all its systems. The attacker then installs d-DOS attack tools/agents on each of these systems. The attacker then uses all these systems to carry out the d-DOS attack on the actual target system.

D-DOS attack is much more powerful and has a higher success rate than a Typical DOS attack.

Land Attacks

Land attacks exploit the fact that certain networks cannot handle certain data packets (having same source/destination address and port numbers).

Hybrid DOS attack

In this method the attacker can combine various types of attacks. For example, a Land attack coupled with a distributed DOS attack can be one way of executing a hybrid DOS attack.

Adware Tracking Cookie

An adware tracking cookie is an adware that is downloaded to you computer with the intention of monitoring your online activities.

While a Spyware spies on you secretly and collects your personal information, an Adware also does the same but you can see all sort of unwanted popup ads on your screen.

Adware tracking cookies are malicious and are downloaded to your computer without your knowledge. These find their way to your computer when you visit certain websites, and their main intention is to track your online activities and report it back to their creators.

It also slows down the computer because the tracking cookies are running overtime. You may also notice that even when you are not online, you will still see pop-up advertisements which can be quite annoying when you’re doing some important work.

To remove Adware Tracking Cookie, you can apply the normal settings for your browser which states whether your computer can accept cookies or not. In addition, you can use anti-adware software program to remove adware tracking cookie.

USB Hacking

USB Hacking is a method by which the attacker uses a USB drive to execute programs that are stored on it. The applications stored can be made to Autorun.

Attackers can use this technique to get access to the username and password of the target computer (although an auto-hacking USB DRIVE can also be helpful in recovering passwords.)

To prevent USB Hacking, you can disable USB port on your computer and you can Turn-OFF Autoplay.

Buffer Overflow Attack

A buffer is a temporary area for data storage. When more data gets placed by a program, the extra data overflows into other buffers and can corrupt or overwrite data they were holding.

In a buffer-overflow attack, hackers can use the extra data to hold specific instructions that could damage files, change data or unveil private information.

To prevent Buffer Overflows: Follow Secure Coding Tips, Prevent execution of malicious commands, Check for Array Bounds, Install latest Patches and use Hardware based solution.

Fabrication Attack

Fabrication is a type of attack in which the attacker inserts forged objects into the system, without the sender’s knowledge or involvement.

So basically, the user has know knowledge that his system has been compromised! It involves Unauthorized creation, modification, and deletion of information, information systems and network elements.

A Fabrication attack is also known as counterfeiting or accountability attack.

Fabrication can be further categorized in to two types, which are as follows:

• Replaying: When a previously intercepted entity is inserted, this process is called replaying. For example, replaying an authentication message.
• Masquerading: When the attacker pretends to be the legitimate source and inserts his/her desired information, the attack is called masquerading. For example, adding new records to a file or database.

Input Validation attacks

In Input Validation attacks, an attacker intentionally provides unusual inputs to exploit the loopholes present in the application. These attacks can be dangerous and are quite easy to implement (do not require any tool or programming experience).

Most input validation attacks occur due to poor programming practices in the application. Applications that do not validate the inputs properly are vulnerable to Input Validation Attacks.

More common input validation attacks are as follows:

Buffer Overflow
Buffer overflow is due to bad programming or mismanagement of memory by the application developers. To execute a buffer overflow attack, attacker inputs a very long data, or a huge data in the input field.

SQL Injection
This kind of attack occurs when an attacker uses specially crafted SQL queries as an input, which can cause the database to give results when none is expected. Online forms such as login prompts, search enquiries, guest books, feedback forms, etc. are specially targeted to perform SQL Injection.

Cross-site Scripting (XSS)
Cross-site scripting attacks place malicious code, usually JavaScript, in locations where other users can see it. Target fields in forms can be addresses, bulletin board comments, etc.

Canonicalization
These attacks target pages that use template files or otherwise reference alternate files on the web server. The aim is to move outside of the web document root in order to access system files.

Bluejacking

BlueJacking is a term used to refer to the sending of unsolicited messages over Bluetooth to other Bluetooth equipped devices such as mobile phones, laptops, printers, cars, and Personal Data Assistants (PDAs), usually within a range of 10 meters. It allows phone users to send business cards anonymously to one another using Bluetooth technology.

Bluejacking does NOT involve any altercations to your phone’s data. These business cards usually consist of some clever message or joke. Bluejackers are simply looking for a reaction from the recipient.

The person sending the messages doesn’t have any control over your phone so it is technically harmless, however it can be quite confusing for the person on the receiving end when they receive anonymous messages.

It is also used for unsolicited advertising.

Bluejacking is possible because Bluetooth technology is open to receiving communications within the device’s effective range in the 2.4 GHz frequency band. If a device is Bluetooth enabled, it can send or receive Bluejacking messages. 

To ignore bluejackers, simply reject the business card, or if you want to avoid them entirely, set your phone to non-discoverable mode.

BlueSnarfing

Bluesnarfing means getting access to the data stored on a Bluetooth enabled phone, using Bluetooth wireless technology, and without alerting the user of the connection made to the device.

A hacker could access phonebook and associated images, calendar, and even the IMEI (International Mobile Equipment Identity). An attacker can read messages and even delete them, could play ringtones, videos, could carry out a phone call, set call forwarding options.

Challenges associated with Bluesnarfing :

• By setting the device as non-discoverable, it does become significantly more difficult to find and attack a mobile device.
• Without specialized equipment the hacker must be within a 10 meter range of the device while running a device with specialized software.
• Only specific older Bluetooth enabled phones are susceptible to Bluesnarfing.

If you suspect that your phone is vulnerable to bluesnarfing or bluebugging, contact the manufacturer-authorized dealer. Use software patches that are available for many older Bluetooth phones. Turn the device to non-discoverable mode when not using Bluetooth technology. Never pair with unknown devices or in public places.

Blue Bug attack

Blue Bug is basically a bluetooth security loophole on some bluetooth-enabled cell phones.

It is possible for a hacker to exploit this loophole which will allow him/her the unauthorized downloading of phone books and call lists, the sending and reading of SMS messages from the attacked phone and many more things.

Bluebuggers also have bluesnarf capability, so they can read phonebooks and calendars and more. They can even read a phone’s call list to see who their victims called or who called them. They can even alter those lists.

A Blue Bug attack allows attackers to gain complete control over the data, voice and messaging channels of vulnerable target mobile phones.

A bluebugger can wirelessly direct a phone to make calls without the owner’s knowledge, after which the phone works as a bugging device, picking up conversations in the phone’s immediate area.

Similarly, a bluebugger can set call forwarding and then receive calls intended for the bluebug victim.

Dumpster Diving

Dumpster Diving is the method where attackers go through the target company’s trash, looking for sensitive data in any form possible.

Since an organization’s trash can contain anything from notes, memos, research formulas, presentation slides, plans, there is a high probability to find important information from the trash, unless the trash is disposed properly.

Depending on the industry in which your company operates and the sensitivity of the data, it could make sense to have a disposal policy in place to prevent dumpster divers from getting hold of something valuable.

Most companies that implement such policies usually require all paper, including print-outs, to be shredded in a cross-cut shredder before being recycled, any type of storage media to be erased. The policy requires all the staff to undergo training on how to deal with trash.

Shoulder Surfing

Here’s what an attacker is usually trying to do when performing Shoulder Surfing.

The attacker steals sensitive information that is displayed on the screen by looking over the shoulder of the victim.

The attacker pretends to be on a company tour or drops by the victim’s desk under some pretext and steals data by remembering whatever is displayed on the screen or is being typed.

Its also used for spying on the user of a cash-dispensing machine or other electronic device to get their personal identification number, password, etc.

Social engineering Attacks

Social engineering is the technique of influencing people (it’s more of a security attack) into performing actions or revealing confidential information, without the use of any technical tool or system.

Types of Social Engineering Attacks

• Impersonation: The social engineer pretends to be someone else and tries to get sensitive information.
• Intimidation: The social engineer pretends to be someone in power or close to someone in power and tries to get sensitive information.
• Real Life Social Engineering: The attacker physically enters the company premises and tries to retrieve information.
• Fake Prompts: Send a fake login prompt to the victim and ask him to enter important numbers and passwords

Social engineering attacks that are commonly carried out on unknowing victims.

• Trying to find out the victims password by pretending to be a technical person trying to fix some urgent and important technical difficulties.
• Pretend to be someone close to the boss or from the company’s headquarters and use fear and intimidation to get sensitive information from the victim.
• Enter the target company by disguising yourself as a cleaner, driver, employee, or guest and then try to get sensitive information.
• Send an email to the victim directing him to a fake login prompt, which should look exactly similar to his online bank account login screen. Try to capture his login details using this technique.

Difference between Intimidation and Impersonation

• In Intimidation, the attacker pretends to be someone close to the boss or from the headquarters (basically in a position of power) so that the victim will be pressurized to reveal sensitive information (out of fear of displeasing the big bosses).
• In Impersonation, the attacker pretends to be someone else within the corporation like the technical helpdesk, system administrator and so on. Using a lot of technical jargon, the attacker tries to get sensitive information from the victim by pretending to fix something that is important, urgent and professional to the victim.

SEO Poisoning

In SEO poisoning attack, legitimate websites are targeted (so that they are demoted or even blacklisted by search engines) to improve the SEO of other web pages.

To keep track of pages on the Internet, search engines use automated web scanners, called crawlers or spiders. Their purpose is to find every possible Web page on the net, read its content, and then index it for future user searches.

Attackers often try to exploit this feature in order to trick a search engine into associating a malicious Web page with very common search terms. This attack will cause the malicious Web page to appear among the search results in the search engine’s results page, massively increasing the chances of users visiting it.

This specific attack is not limited to HTML-based Web pages, but it also affects image searches. This shows that the attack can be effective in increasing the common user’s exposure to such malicious websites.

Keep Your Computer, Network and Computing Devices

In general, you keep your computer safe at two levels:

• Prevent viruses and malware from reaching your computer
• Get rid of them that are already on your computer

You do this by using software programs, and also by using a firewall for enhanced protection.

Every business, and home user, should watch out for and filter all the internet traffic. If need be, block certain types of traffic or even specific sites. You can even maintain a list of blocked sites to help protect users of your computer/network from going to sites that are known to be infected with spyware, virus and other malicious content.