Internet and Cyber Attacks - 2
This is the second blog of the series discussing the internet and cyber attacks. You can find the first blog here.
Phishing Attacks
The purpose of phishing attacks is to obtain resources and information such as usernames, passwords, credit card details by disguising as a trustworthy entity. This is commonly done through emails and instant messages. It often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site
The following are some types of phishing attacks.
- Whaling
A whaling attack is a method used by cyber attackers to disguise as an important senior executive player at an organization and directly target senior or other important individuals at an organization, with the aim of stealing money or sensitive information or gaining access to their systems for criminal purposes. It uses methods such as email and website spoofing to trick a target into performing specific actions, such as revealing sensitive data or transferring money.
- Clone Phishing
In clone phishing, the attacker is trying to fool the victim by sending a nearly identical replica of a legitimate message which makes the victim into thinking as real. The message is sent from an address resembling the legitimate sender, and the body of the message looks the same as a previous real message. The difference is the attachment or the link in the message has been modified with a malicious one. The attacker may wiser and say a reason for resending the message again. Thus the victim may think it as a real legitimate message. Another variation of these attacks is, a cloned website with a spoofed domain to trick the victim. The victim may have to enter credentials/credit card details to the new web site.
You can refer to this to get an idea about how to mitigate these attacks.
- Spear Phishing
Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization, or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer. Spear phishing attackers often gather and use personal information about their target to increase their probability of success. The first study of social phishing, a type of spear-phishing attack that leverages friendship information from social networks, yielded over 70% success rate in experiments.
- Link Manipulation
Link manipulation is the technique in which the phisher sends a link to a malicious website. It looks like a popular legitimate website link. Hacker’s web address is disguised under text or a tab that is not shown. When the user clicks on the deceptive link, it opens up the phisher’s website instead of the website mentioned in the link.
- Filter Evasion
In these attacks, phishers are using images instead of text to make it harder for anti-phishing filters to detect the text commonly used in phishing emails.
- Website Forgery
Website Forgery is a type of web-based attack where the phisher builds a website that is completely independent or a replica of a legitimate website. The phishing website replaces the user’s address bar or website with the hacker’s address bar or website. User is fooled into providing important login, password, account information to the hacker
- Covert Redirect
Covert redirect is a way to perform phishing attacks that makes links appear legitimate but actually redirect a victim to an attacker’s website. The flaw is usually masqueraded under a log-in popup based on an affected site’s domain. It can affect OAuth 2.0 and OpenID based on well-known exploit parameters as well. This often makes use of open redirect and XSS vulnerabilities in the third-party application websites. Users may also be redirected to phishing websites covertly through malicious browser extensions.
- Social Engineering
Users can be encouraged to click on various kinds of unexpected content for a variety of technical and social reasons. For example, users might be outraged by a fake news story, click a link, and become infected.
- Phone Phishing
In these attacks, telephone call or SMS (Short Message Service) text messages to trick people into giving up personal information
DoS & DDoS
A DoS(Denial of Service) or DDoS(Distributed DoS) attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade.
DoS is a cyber attack that disables a device or network by making operational resources unavailable through overloading or malfunctioning
In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.
Following are some ways to mitigate DoS attacks
- IP Whitelisting/Blacklisting
- Rate Limiting
- Upstream Filtering and DDS
- Programming for Scale
- Firewalls
Buffer Overflow
Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. Buffer overflow (a.k.a. Buffer Overrun) is used in DoS and DDoS attacks. Anomaly program (malware) overruns the buffer’s boundary and overwrites into adjacent memory locations.
For example, a buffer for log-in credentials may be designed to expect username and password inputs of 10 bytes, so if a transaction involves an input of 14 bytes (that is, 4 bytes more than expected), the program may write the excess data past the buffer boundary. Buffer overflows can affect any type of software. They typically result from malformed inputs or failure to allocate enough space for the buffer. If the transaction overwrites executable code, it can cause the program to behave unpredictably and generate incorrect results, memory access errors, or crashes.
Attackers are exploiting buffer overflow by overwriting the memory of the applications. This affects the execution path of the program and it changes the execution path, triggering a response that damages files or exposes private information. For example, an attacker may introduce extra code, sending new instructions to the application to gain access to the systems.
Defense schemes
- Randomizing the layout of memory
- Deliberately leaving space between buffers
- Monitor actions that write into adjacent memory spaces
There are two types of buffer overflow attacks, those are stack buffer overflow and heap overflow.
MITM Attack (Man-in-the-Middle)
MITM attacker secretly relays and manipulates packets between communicating users/servers. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, TLS can authenticate one or both parties using a mutually trusted certificate authority.
Defense against MITM attacks
- Enhanced authentication using a CA (Certificate Authority) based on verified certificates from a trusted 3rd party
- Latency examination based tamper
examination - HTTP Public Key Pinning(a.k.a. Certificate Pinning)
SQL Injection
Code injection technique used to attack SQL databases and data-driven applications. The attacker finds a security vulnerability in an application and inserts SQL statements to
- Spoof identity
- Tamper with existing data
- Voiding or changing transactions
- Changing account balances
- Disclosure of data
- Destroy data
- Ransom data and application
- Hijack administrator role of the server or application
Input validation, Parametrized queries, Stored procedures, Escaping, Avoiding administrative privileges, Web application firewall are ways of preventing SQL injections. You can refer to this for more information.
~~~ Thanks for Reading ~~~
