CSU 07426 / ITU_07426

LECTURE 3

1
EXAMPLE OF ATTACKS

2
 • Unlike other exploits, denials of service attacks are not used to
gain unauthorized access or control of a system.
• They are instead designed to render it unusable. Attackers can
deny service to individual victims, such as by deliberately
entering a wrong password enough consecutive times to cause
the victim account to be locked, or they may overload the
DENIAL OF capabilities of a machine or network and block all users at
once.

SERVICE • These types of attack are, in practice, very hard to prevent,

because the behaviour of whole networks needs to be
ATTACKS analyzed, not only the behaviour of small pieces of code.
• Distributed denial of service (DDoS) attacks are common,
where a large number of compromised hosts (commonly
referred to as "zombie computers", used as part of a botnet
with, for example; a worm, trojan horse, or backdoor exploit to
control them) are used to flood a target system with network
requests, thus attempting to render it unusable through
resource exhaustion.

3
 • An unauthorized user gaining physical access to a computer (or
part thereof) can perform many functions, install different
types of devices to compromise security, including operating
system modifications, install malware (e.g software worms, key
loggers), and covert listening devices.
• The attacker can also easily download large quantities of data
DIRECT- onto backup media, for instance, CD-R/DVD-R, tape; or
portable devices such as key drives, digital cameras or digital
ACCESS audio players.
• Another common technique is to boot an operating system
ATTACKS contained on a CD-ROM or other bootable media and read the
data from the hard drive(s) this way.
• The only way to defeat this is to encrypt the storage media and
store the key separately from the system. Direct-access attacks
are the only type of threat to standalone computers (never
connect to the internet), in most cases.

4
EAVESDROPPING
• Eavesdropping is an act of
passively listening to a private
conversation, typically
between hosts on a network.
• For instance, programs such as
Carnivore and NarusInsight have
been used by the FBI and NSA to
eavesdrop on the systems of
internet service providers.

5
 • Spoofing is a technique through which a
cybercriminal disguises themselves as a known or
Spoofing trusted source. This happens when one person or
program successfully masquerades/impersonates
another by falsifying user identity data and thereby
gaining illegitimate access.
• In so doing, the adversary can engage with the
target and access their systems or devices with the
ultimate goal of stealing information, extorting
money or installing malware or other harmful
software on the device.
6
Forms of Spoofing
Type Description
Domain Domain spoofing is a form of phishing where an attacker impersonates a known business or
Spoofing person with a fake website or email domain to fool people into trusting them. Typically, the
domain appears to be legitimate at first glance, but a closer look will reveal that a W is actually
two Vs, or a lowercase L is actually a capital I. Users responding to the message or interacting
with the site are tricked into revealing sensitive information, sending money or clicking on
malicious links.
Email Email spoofing is a type of cyberattack that targets businesses by using emails with forged
Spoofing sender addresses. Because the recipient trusts the alleged sender, they are more likely to open
the email and interact with its contents, such as a malicious link or attachment.

ARP Spoofing Read more about this attack here and here

7
 • Tampering describes an intentional
modification of products in a way that
TAMPERING would make them harmful to the
consumer.

8
REPUDIATION

• Repudiation describes a situation where

the authenticity of a digital signature is
being challenged.
• An entity deceives another by falsely
denying responsibility for an act.
• A repudiation attack happens when an
application or system does not adopt
controls to properly track and log users'
actions, thus permitting malicious
manipulation or forging the
identification of new actions.

9
 • Information Disclosure (privacy breach or data leak)
INFORMATION describes a situation where information, thought of
DISCLOSURE as secure, is released in an untrusted environment.
• Example - display an application bug, server information
or bank card information on a public website.

10
ELEVATION
OF PRIVILEGE
• Elevation of privilege
describes a situation
where a person or a
program wants to gain
elevated privileges or
access to resources that
are normally restricted
to him/it.

11
 • Malware — or malicious software — is any
program or code that is created with the
intent to do any form of harm to a
computer, network or server.
• Malware is the most common type of
Malware cyberattack, mostly because this term
encompasses many subsets such as
ransomware, trojans, spyware, viruses,
worms, keyloggers, bots, cryptojacking, and
any other type of malware attack that
leverages software in a malicious way.

12
 Types of Malware
Type Description

Ransomware In a ransomware attack, the malware encrypts a victim’s data and offers to provide a decryption key in exchange for a payment. Ransomware attacks are usually
launched through malicious links delivered via phishing emails, but unpatched system vulnerabilities and policy misconfigurations are used as well.
Fileless Fileless malware is a type of malicious activity that uses native, legitimate tools built into a system to execute a cyber attack. Unlike traditional malware, fileless
Malware malware does not require an attacker to install any code on a target’s system, making it hard to detect. While attackers don’t have to install code to launch a fileless
malware attack, they still need to get access to the environment so they can modify its native tools to serve their purposes
Spyware Spyware is a type of unwanted, malicious software that infects a computer or other device and collects information about specific user’s activities or data
(e.g passwords, personal identification numbers (PINs), and payment information) without their knowledge or consent.
Adware Adware is a type of spyware that watches a user’s online activity in order to determine which ads to show them. While adware is not inherently malicious, it has an
impact on the performance of a user’s device and degrades the user experience.
Trojan A trojan is a type of malware that disguises itself as legitimate code or software. Once inside the network, attackers can carry out any action that a legitimate user
could perform, such as exporting files, modifying data, deleting files or otherwise altering the contents of the device. Trojans may be packaged in downloads for
games, tools, apps or even software patches. Trojans are installed through social engineering techniques such as phishing or bait websites.
Worms A worm is a self-contained malicious program that replicates itself and spreads its copies to other computers. A worm may infect its target through a software
vulnerability or may be delivered via phishing or smishing. Installed worms can modify and delete files, inject more malicious software, or replicate in place until the
targeted system runs out of resources.
Rootkits Rootkit is a collection of software designed to give malicious actors control of a computer network or application. Once activated, the malicious program sets up a
backdoor exploit and may deliver additional malware, such as ransomware, bots, keyloggers or trojans. Rootkits may remain in place for years because they are hard
to detect, due in part to their ability to block some antivirus software and malware scanner software.
Mobile Mobile malware is any type of malware designed to target mobile devices. Mobile malware is delivered through malicious downloads, operating system
Malware vulnerabilities, phishing, smishing, and the use of unsecured WiFi.
Exploits An exploit is a piece of software or data that opportunistically uses a defect in an operating system or an app to provide access to unauthorized actors. The exploit
may be used to install more malware or steal data.
Scareware Scareware tricks users into believing their computer is infected with a virus. Typically, a user will see scareware as a pop-up warning them that their system is
infected. This scare tactic aims to persuade people into installing fake antivirus software to remove the “virus.” Once this fake antivirus software is downloaded,
then malware may infect your computer.
Keylogger Keyloggers are tools that record what a person types on a device. While there are legitimate and legal uses for keyloggers, many uses are malicious. In a keylogger
attack, the keylogger software records every keystroke on the victim’s device and sends it to the attacker.
 • Phishing is a type of cyberattack that uses
email, SMS, phone, social media, and social
engineering techniques to entice a victim to
Phishing share sensitive information — such as
passwords or account numbers — or to
download a malicious file that will install
malware on their computer or phone.

14
Common phishing attacks

Type Description
Spear Phishing Spear-phishing is a type of phishing attack that targets specific individuals or organizations
typically through malicious emails. The goal of spear phishing is to steal sensitive information
such as login credentials or infect the targets’ device with malware.
Whaling A whaling attack is a type of social engineering attack specifically targeting senior or
executive employees to steal money or information or gain access to the person’s computer
in order to execute further cyberattacks.
SMiShing Smishing is the act of sending fraudulent SMS text messages designed to trick individuals
into sharing sensitive data such as passwords, usernames and credit card numbers. A
smishing attack may involve cybercriminals pretending to be your bank or a shipping
service you use.
Vishing Vishing, a voice phishing attack, is the fraudulent use of phone calls and voice messages
pretending to be from a reputable organization to convince individuals to reveal private
information such as bank details and passwords.
15
Code Injection Attacks
Code injection attacks consist of an attacker injecting malicious code into a
vulnerable computer or network to change its course of action.
Type Description
SQL Injection An SQL Injection attack leverages system vulnerabilities to inject malicious SQL statements into the backend
of a data-driven application, which then allows the hacker to extract information from a database. Hackers
use SQL Injection techniques to alter, steal or erase an application's database data. Read more here and
here
Cross-Site Cross-Site Scripting (XSS) is a code injection attack in which an adversary inserts malicious code within a
Scripting (XSS) legitimate website. The code then launches as an infected script in the user’s web browser, enabling the
attacker to steal sensitive information or impersonate the user. Web forums, message boards, blogs and other
websites that allow users to post their own content are the most susceptible to XSS attacks. Read more here
and here
Malvertising Malvertising attacks leverage many other techniques to carry out the attack. Typically, the attacker begins by
breaching a third-party server, which allows the cybercriminal to inject malicious code within a display ad or
some element thereof, such as banner ad copy, creative imagery or video content. Once clicked by a website
visitor, the corrupted code within the ad will install malware or adware on the user’s computer.
16
Clickjacking
• Clickjacking is an attack that tricks a user into clicking a webpage element which is
invisible or disguised as another element. This can cause users to unwittingly
download malware, visit malicious web pages, provide credentials or sensitive
information, transfer money, or purchase products online.
• Typically, clickjacking is performed by displaying an invisible page or HTML
element, inside an iframe, on top of the page the user sees. The user believes they
are clicking the visible page but in fact, they are clicking an invisible element in the
additional page transposed on top of it.
• The attack is possible thanks to HTML frames (iframes), the ability to display web
pages within other web pages through frames. If a web page allows itself to be
displayed within a frame, an attacker can cover the original web page with a
hidden, transparent layer with its own JavaScript and UI elements. The attacker
then tricks users into visiting the malicious page, which looks just like a site users
know and trust. 17
Types of Threat Actions that Cause Each
Consequence
• Unauthorized disclosure is a threat to confidentiality. A circumstance or event
whereby an entity gains access to data for which the entity is not authorized.
• The following types of attacks can result in this threat consequence:
✓Exposure: Sensitive data are directly released to an unauthorized entity.
✓Interception: An unauthorized entity directly accesses sensitive data
travelling between authorized sources and destinations.
✓Inference: A threat action whereby an unauthorized entity indirectly
accesses sensitive data (but not necessarily the data contained in the
communication) by reasoning from characteristics or by-products of
communications.
✓Intrusion: An unauthorized entity gains access to sensitive data by
circumventing a system’s security
protections.

18
Types of Threat Actions that Cause Each
Consequence
• Deception is a threat to either system integrity or data integrity. A
circumstance or event that may result in an authorized entity
receiving false data and believing it to be true.
• The following types of attacks can result in this threat consequence:
✓ Masquerade: An unauthorized entity gains access to a system or performs a
malicious act by posing as an authorized entity.
✓ Falsification: False data deceive an authorized entity.
✓Repudiation: An entity deceives another by falsely denying responsibility for
an act.

19
Types of Threat Actions that Cause Each
Consequence
• Disruption is a threat to availability or system integrity. A circumstance
or event that interrupts or prevents the correct operation of system
services and functions.
• The following types of attacks can result in this threat consequence:
✓ Incapacitation: Prevents or interrupts system operation by disabling a system
component.
✓ Corruption: Undesirably alters system operation by adversely modifying system
functions or data.
✓ Obstruction: A threat action that interrupts the delivery of system services by
hindering system operation.

20
Types of Threat Actions that Cause Each
Consequence
• Usurpation is a threat to system integrity. A circumstance or event that results in
control of system services or functions by an unauthorized entity.
• The following types of attacks can result in this threat consequence:
✓Misappropriation: This can include theft of service. An example is a
distributed denial of service attack when malicious software is installed on a
number of hosts to be used as platforms to launch traffic at a target host. In
this case, the malicious software makes unauthorized use of processor and
operating system resources.
✓Misuse: Misuse can occur using either malicious logic or a hacker that has
gained unauthorized access to a system. In either case, security functions can
be disabled or thwarted.

21