Journey into Cybersecurity: Learning about Cyber attacks and Threats

Welcome to my Journey into Cybersecurity series where I will share what I have learned about cybersecurity. My name is Rocky and I hope by making these blogs I can showcase my knowledge and hands-on experience to get a Cybersecurity role in the future.

For this blog I will be explaining about the different types of Cybersecurity attacks and threats that can happen against a person or organization.

Table of Contents

1. Introduction
2. Social Engineering
3. Targeted Cyber Attacks on Individuals
   - Malware
   - Password Attacks
   - Physical Attacks
4. Targeted Cyber Attacks on Applications
5. Targeted Cyber Attacks on Networks
6. Conclusion

Group of hackers doing different cyber attacks

Introduction

In today’s digital age cyber attacks and threats are on the rise posing a significant risk to individuals, businesses, and organizations. The extensive use of technology and the internet has made it easier for cyber attackers to prey on unsuspecting victims, causing serious harm.

The implications of a successful cyber attack can range from the loss of personal or confidential information to the disruption of critical systems and infrastructure. It is imperative to comprehend the various types of cyber attacks and the tactics used by attackers to execute them so that people can defend against them.

By acquiring this knowledge, individuals and organizations can take proactive steps to safeguard their systems against cyber threats. In this article, we will be exploring social engineering techniques that attackers use to manipulate individuals into revealing sensitive data or performing activities that compromise their security.

We will also examine the various types of attacks that can target users, networks, and applications, enabling readers to understand the techniques employed by attackers to breach their systems. This understanding is essential in the protection of oneself and one’s systems against harm.

Social Engineering

A hacker trying to use Phishing on a victim

Social engineering is a psychological attack that relies on manipulating individuals to reveal sensitive information or compromise their security. Unlike technical attacks, social engineering exploits people’s vulnerabilities rather than software or hardware weaknesses. Attackers employ various methods to manipulate their victims and catch them off guard.

It’s essential to be aware of social engineering techniques to recognize and prevent them from succeeding. Here are some of the most common types of social engineering attacks:

Phishing: Phishing involves posing as a trustworthy entity and tricking individuals into revealing sensitive information like login credentials or financial data, usually through emails. There are other types of phishing, such as:

• Vishing: A voice-call-based phishing attack.
• Spear phishing: A tailored phishing attack aimed at a specific individual or organization.
• Whaling: A phishing attack targeting high-level executives, such as CEOs or CFOs, to steal sensitive information or compromise their accounts.

Pharming: Pharming redirects users to a fake website, even if they enter the correct URL in their browser. Malware infects the victim’s computer or compromises a DNS server to achieve this.

Pretexting: Pretexting creates a false situation or pretext to fool individuals into disclosing sensitive information. For example, an attacker might pose as a customer service representative and ask for login credentials to resolve a supposed account issue.

Social engineering attacks’ effectiveness often depends on several factors, including:

Authority: Attackers frequently pose as people in positions of power, such as government officials or customer service representatives, to deceive their victims into divulging sensitive information.

Intimidation: Attackers might use threats or intimidation to scare their victims into following their commands.

Consensus: Attackers might use social proof, such as claiming that other people have already complied with their demands, to persuade their victims to do the same.

Scarcity: Attackers may make it seem that time is running out or that there is a limited supply of something to make victims comply with their demands.

Familiarity: Attackers might use personal information, such as a victim’s name or address, to build trust.

Trust: Attackers can exploit a victim’s trust in a specific individual or organization to gain sensitive information or compromise their security.

Targeted Cyber attacks on Individuals

User’s files being encrypted by malware

Targeted cyber attacks on individuals are becoming more frequent as hackers seek to obtain confidential information and inflict damage on their targets. Several forms of attacks can be directed at individuals, including malware attacks, password attacks, and physical attacks.

Malware, a shortened term for “malicious software,” is any software that is designed to cause harm or steal sensitive information from a computer system. Examples of malware include Viruses, Trojans, and Spyware. These attacks can infiltrate a person’s computer through various methods such as downloading an infected file, accessing a compromised website, or opening an infected email attachment.

Password attacks are another prevalent type of cyber attack targeting individuals. These attacks entail the effort to crack a person’s password to gain access to confidential information. Hackers can use different methods to decrypt passwords, such as brute force attacks, which involve trying all possible password combinations, and dictionary attacks, which use a pre-existing list of words to attempt to guess the password.

Physical attacks are another kind of attack that can be targeted toward individuals. These attacks involve using physical means to steal sensitive information. For instance, the theft of a laptop or system that contains confidential data would be considered a physical attack.

Malware

Malware

There are many different types of malware each with its unique characteristics and methods of operation. Some of the most common types of malware include:

Ransomware: Ransomware is malware that encrypts a person’s files and demands payment in exchange for the decryption key. This malware can cause significant harm as it can prevent a person or business from accessing their important files and data.

For example, a hospital that is hit with ransomware would be unable to pull up very important patient files to proceed with any medical procedures.

Trojans: Trojans are malware that disguises themselves as legitimate software to gain access to a user’s system. Once installed, they can steal sensitive information, install additional malware, or give an attacker remote access to the system.

An example of a Trojan would be downloading an application from a non-trusted source such as a pirated game which may contain an executable that will allow the hacker to gain access to the system it was installed on.

Worms: Worms are malware that is designed to spread from one system to another without the need for human interaction. They can cause significant harm by infecting multiple systems and consuming network resources.

Some notable examples of worms are the Morris Worm which was the first worm ever where it constantly replicated itself on a target computer exhausting its resources and then spreading to other computers to do the same, and EternalBlue which exploited Microsoft’s Server Message Block which allowed hackers to execute code on the target computer and self spread to other systems.

Potentially Unwanted Programs (PUPs): PUPs are malware that is not necessarily malicious but can still cause harm by consuming system resources, changing browser settings, or displaying unwanted advertisements.

Fileless Virus: A Fileless virus is a malware that infects a system without writing any files to the hard drive. Instead, it infects memory and can be more difficult to detect and remove.

Some examples of Fileless viruses are Code Red and the Sapphire worm.

Learn about Code Red from Kaspersky’s blog at https://www.kaspersky.com/blog/history-lessons-code-red/45082/

Learn more about the Sapphire worm from the University of Houston website at https://www.uh.edu

Bots: Bots are a type of malware that can automate certain tasks, such as sending spam or participating in DDoS attacks.

Logic Bombs: A logic bomb is a type of malware that is designed to activate when certain conditions are met, such as a specific date or time, or when a certain file is deleted.

An example of a Logic Bomb would be an employee who created a program script to delete critical system files of a business on the date he is fired.

Spyware: Spyware is a type of malware that is designed to collect information about a person’s computer usage without their knowledge or consent. This information can include browsing history, keystrokes, and sensitive information such as passwords.

One of the most common forms of Spyware is a keylogger, which is malware that records the keystrokes of the user infected with it.

Rootkit: A rootkit is a type of malware that is designed to hide itself and other malware from detection. This can make it difficult to remove the malware and restore the system to a healthy state. Rootkit malware is the most difficult to remove as they are usually deep into the operating system they have infected making them persist even if the user factory resets their system.

Try to be aware of these various types of malware and take steps to protect your system from infection. This can include using anti-malware software, keeping software and security systems up to date, being cautious when downloading files or visiting websites, and avoiding suspicious emails or attachments. By taking these precautions, you can reduce your risk of harm from malware and better protect your system and sensitive information.

Password Attacks

Masked Password

Password attacks are a type of cyber attack that involves trying to crack a person’s password to gain access to sensitive information. There are several methods that attackers can use to carry out password attacks, including:

Spraying attack: A spraying attack is a type of password attack that targets a large number of accounts with a small number of common passwords. The idea behind this type of attack is that a small percentage of the targeted accounts will have weak passwords that can be easily cracked.

For example, after a hacker gains a list of emails through open source research like a university website they can then attempt to try the password “password” on every single email in hopes it works on one of them.

Dictionary attack: A dictionary attack is a type of password attack that involves trying words and common passwords from a dictionary as potential passwords. This type of attack can be effective because many people use simple, easily guessable passwords such as “password” or “123456”.

An example would be a hacker trying to gain access to a specific victim’s social media account using a list of common passwords, words, or something like their birthday.

Brute Force: A brute force attack is a type of password attack that involves trying every possible combination of characters until the correct password is found. This type of attack can be time-consuming and computationally intensive, but it is also very effective against weak passwords.

An example would be an attacker trying to access a database using an employee’s credentials and they only have their email/username. They would use brute force software like John the Ripper to attempt every possible combination of characters, numbers, and symbols, as well as different lengths to gain access.

Rainbow Table: A rainbow table is a precomputed table of hashes for commonly used passwords. This type of attack is faster than a brute force attack, as it does not need to compute hashes for each possible password. Instead, it simply looks up the hash of the target password in the table and compares it to the hash of the stored password.

It is important to use strong and unique passwords to reduce the risk of falling victim to password attacks. This can include using long passwords that include a mix of upper and lowercase letters, numbers, and special characters, and avoiding the use of easily guessed information such as birthdays or commonly used words. Additionally using multi-factor authentication can provide an extra layer of security and make it more difficult for attackers to gain sensitive information, even if they crack a password.

Physical Attacks

Hacker Shoulder Surfing a target

Physical attacks are a type of cyber attack that involve using physical means to steal sensitive information. These types of attacks can be just as effective as digital attacks and can result in serious consequences to individuals and organizations. Some of the most common physical attacks include:

Tailgating: Tailgating is a type of physical attack that involves following an individual into a secure location, such as a building or a computer room, without proper authorization. This can allow an attacker to access sensitive information or systems that would otherwise be protected.

An example of Tailgating would be an employee who forgot their access card into a building so they followed another employee who was able to authenticate themselves to get in.

Dumpster Diving: Dumpster diving is a type of physical attack that involves going through a person’s trash or recycling to find sensitive information. This information can include discarded bills, bank statements, or other documents that contain sensitive information.

An example of this would be someone going through the trash of an enterprise and taking their old thrown-out computers to sell only to find they still contained financial data and other confidential information on them. This type of information can then be sold to malicious actors on places such as the dark web.

Shoulder Surfing: Shoulder surfing is a type of physical attack that involves observing a person as they type in their password or other sensitive information. This can be done by looking over their shoulder or using a camera to record the information from a distance.

A common scenario for this to occur is simply someone leaving their computer or laptop unsupervised but logged in to something. Some applications or websites allow you to view your current password so leaving their system unsupervised would allow someone else to go on their device and view the password as well as any other possible confidential information that can be used against them in the future.

Malicious USB cable/Flash drive: Malicious USB hardware such as a USB cable or a USB flash drive is a type of physical attack that involves using a modified USB to infect a person’s computer with malware. This can be done by installing malware on the USB that will infect the computer when the cable or flash drive is plugged in.

A great example of this is at airports. Airports are a hub for this type of attack as there is such a huge flow of people coming in and out so simply leaving a flash drive on the ground or a USB cable in one of their many charging slots for their victim to “steal” would be simple.

Card Cloning: Card cloning is a type of physical attack that involves copying the information from a person’s credit or debit card to make unauthorized purchases. This can be done by using a card reader or by visually observing the card information and manually copying it.

A personal example I can present here is when going to pay with your debit card and the place of business systems are down so the employee would enter the information manually. Later I found out that my card has been used to pay someone through cash app multiple times and I was only alerted due to the unusual frequency of the transfers. To be more specific they were sending themselves $8 every few days to a total of $80 before I was alerted. I rarely used cash app and I don’t have notifications set for cash app to notify me that money is being used through it so just something to think about.

Skimming: Skimming is a type of physical attack that involves installing a device on an ATM or other card reader that can capture the information from a person’s credit or debit card. This information can then be used to make unauthorized purchases.

The most common places an attacker use this attack is at gas stations since it is easy to install a skimmer without much surveillance since they are usually self-service.

Use caution and be aware of these various types of physical attacks and take steps to protect yourself from harm. This can include being cautious when entering passwords or sensitive information in public, being mindful of who is around you, and securely disposing of sensitive information. By taking these precautions, you can reduce your risk of harm from physical attacks and better protect your sensitive information.

Targeted Cyber Attacks on Applications

Web application handing a user an error

Applications are often the target of cyber attacks, as they can provide an attacker with access to sensitive information or control over a system. It is therefore important to make sure that applications are secure and protected from attack. There are various types of attacks someone can make against an application such as:

Privilege escalation: Privilege escalation is a type of attack that involves exploiting a vulnerability in an application to gain higher-level privileges.

For example, an attacker might exploit a WordPress plugin and from there execute a reverse shell on the target system then continue to escalate their privilege until they have admin access and full control.

Cross-site scripting (XSS): XSS involves injecting malicious code into a website, which is then executed by a user’s browser. This can allow the attacker to steal sensitive information, such as login credentials, or to manipulate the appearance of the website.

An example of this would be someone inserting a Javascript script into a place a user can perform inputs like an input field for entering how many orders of a product the user wants. If there is no input validation the code will be submitted without issue even though it was expecting only numbers.

Injections: Injections are a type of attack that involves injecting malicious input into an application. There are several types of injections, including:

• Structured Query Language (SQL) Injection: SQL injection is a type of attack that involves injecting malicious input into a database query. This can allow an attacker to retrieve sensitive information or modify the contents of the database.
• Dynamic-Link Library (DLL) Injection: DLL injection is a type of attack that involves injecting malicious code into a running process. This can allow the attacker to execute arbitrary code or manipulate the behavior of the application.
• Lightweight Directory Access Protocol (LDAP) Injection: LDAP injection is a type of attack that involves injecting malicious input into an LDAP query. This can allow the attacker to retrieve protected information or modify the contents of an LDAP directory.
• Extensible Markup Language (XML) Injection: XML injection is a type of attack that involves injecting malicious input into an XML document. This can allow the attacker to retrieve confidential information or modify the contents of the XML document.

Buffer overflows: A buffer overflow occurs when a program writes more data to a buffer than it can contain, causing the data to overflow into adjacent memory locations. This can allow an attacker to execute arbitrary code, steal sensitive information, or manipulate the behavior of the application.

See an example of a Buffer Overflow Attack from the OWASP website here at https://owasp.org/www-community/attacks/Buffer_overflow_attack

Race conditions: Race conditions occur when two or more processes access and modify a shared resource at the same time, causing unexpected behavior.

An example of this would be when two customers purchasing an online order complete a transaction at the very same time confusing the ordering system which could cause a crash that a hacker can exploit.

Error handling: Error handling attacks exploit vulnerabilities in the way that an application handles errors, such as unhandled exceptions or buffer overflows. If a hacker manages to cause an error and the application does not handle it properly it will expose information about the application not intended for anyone to see.

Adding on from the Race condition example if the website doesn’t have proper Error handling the crash may reveal confidential information such as the type of database used to store transactions.

Replay attacks: Replay attacks involve replaying a recorded series of commands or data to cause an application to behave unexpectedly.

An example of this is say someone who has a toy doll meant for children that are capable of speech. There is an app for this doll allowing them to input whatever text they want the doll to say and choose a time to say them. If a hacker manages to intercept the communication between the app and the doll they can record that text and replay it back to the doll over and over at any time.

API attacks: API attacks involve exploiting vulnerabilities in an application programming interface (API) to access sensitive information or manipulate the behavior of an application.

For example, if a website uses an API to retrieve customer data which requires an authentication token a hacker can possibly exploit this by sending a fake authentication token and gaining access to the data.

Resource exhaustion: Resource exhaustion attacks cause an application to consume all available resources, such as memory or CPU time, causing it to crash or become unresponsive.

A common example of resource exhaustion attacks is DDoS attacks where attackers send and overload a server with too many requests causing the server to crash or be bogged down.

Memory leaks: Memory leaks occur when an application fails to release the memory that it has allocated, causing the memory to become unavailable for other uses.

An example of this could be an online video game that has a coding oversight where whenever a player picks up a certain item it isn’t removed or flagged as picked up therefore not releasing the memory holding the data for that item. If players continue to pick up the same item it’ll start to slow down the game for everyone and eventually crash. A hacker could exploit this information to perform a Denial of Service attack.

It is important to be aware of these various attacks and to take steps to protect your applications. This can include using secure coding practices, testing applications for vulnerabilities, using security tools such as firewalls and intrusion detection systems, and keeping software and security systems up to date. By taking these precautions, you can reduce your risk of harm from application attacks and better protect your sensitive information.

Targeted Cyber Attacks on Networks

Wireless router

Networks are often the target of cyber attacks as they can provide an attacker with access to sensitive information or control over many systems. It is therefore important to make sure that networks are secure and protected from attack.

One type of network attack is a wireless attack. Wireless attacks are a type of attack that target wireless networks and devices, including:

Evil twin: An evil twin is a wireless attack that involves creating a fake wireless access point that looks like a legitimate access point. This can allow an attacker to steal sensitive information or inject malicious code into a device.

For example a coffee shop with a WiFi name of “CoffeeWifi” for customers to connect to. A hacker could set up a WiFi hotspot with the same name and if customers connect to it the hacker will be able to view the device they are using gaining access to private information.

Rogue access point: A rogue access point is a wireless attack that involves installing an unauthorized wireless access point on a network. This can allow an attacker to steal confidential information or inject code into a device. An Evil Twin is a type of Rogue access point.

Bluesnarfing: Bluesnarfing is a wireless attack that involves accessing a Bluetooth-enabled device without the owner’s permission. This can allow an attacker to steal sensitive information or manipulate the behavior of the device.

An example of this is a hacker bluesnarfing a victim's phone to call long distance which will run off the victim’s phone bill.

Bluejacking: Bluejacking is a wireless attack that involves sending unsolicited messages to a Bluetooth-enabled device. This can be another way to send phishing messages as well as spread malware.

For example, a hacker sends a picture to a victim’s phone that when clicked will secretly install spyware on their device.

Disassociation: Disassociation is a wireless attack that involves disconnecting a device from a wireless network. This attack is usually the goal of hackers DDoSing a target.

Jamming: Jamming is a wireless attack that involves blocking or interfering with a wireless signal. This can cause devices to become unavailable or to lose their connection to the internet.

Radio Frequency Identification (RFID): RFID is a wireless technology that is used for tracking and identification. RFID attacks can involve stealing or manipulating the information stored on an RFID tag or reader usually to clone them for reuse.

Near-Field Communication (NFC): NFC is a wireless technology that is used for short-range communication between devices. NFC attacks can involve stealing or manipulating the information transmitted over an NFC connection.

Man-in-the-middle attack (MITM): Also known as on-path attacks MITM attacks involve intercepting and modifying the communications between two devices over a network to steal sensitive information or manipulate the behavior of the devices.

An example of this would be an attacker intercepting login credentials from a users computer to a bank server. After they have recorded the information they pass the login credential to the server so that the user can login. If the bank isn’t properly set up to handle these types of attacks the bank and the user would never know any thing has happened except for maybe noticing a small delay for the user to login.

Layer 2 attacks: Layer 2 attacks are network attacks that target the data link layer of the OSI model. These attacks can involve manipulating the communication between two devices to steal sensitive information or to manipulate the behavior of the devices. Some common types of layer 2 attacks include:

• Address Resolution Protocol (ARP) Poisoning: ARP poisoning is a layer 2 attack that involves manipulating the ARP cache of a device to associate the attacker’s MAC address with the IP address of another device. This can allow the attacker to steal sensitive information or manipulate the behavior of the device.
• Media Access Control (MAC) Flooding: MAC flooding is a layer 2 attack that involves sending a large number of MAC addresses to a switch to overflow the switch’s MAC address table. This can cause the switch to become unavailable or to stop forwarding traffic.
• MAC Cloning: MAC cloning is a layer 2 attack that involves copying the MAC address of a device to impersonate that device. This can allow the attacker to steal sensitive information or manipulate the behavior of the device.

Domain name system (DNS): DNS attacks are network attack that targets the domain name system (DNS), which is used to translate domain names into IP addresses. Some common types of DNS attacks include:

• Domain Hijacking: Domain hijacking is a DNS attack that involves taking control of a domain name by changing its DNS records. This can allow the attacker to use the audience intended for the original website owner for other cyber attacks.
• DNS Poisoning: DNS poisoning is a DNS attack that involves modifying the DNS records of a domain name to redirect traffic intended for the legitimate website to a different website.

One thing to mention is Domain reputation. Domain reputation is a measure of the trustworthiness of a domain name. DNS attacks can negatively impact the reputation of a domain, causing it to be blocked by email or web filters.

Distributed Denial-of-Service (DDoS): DDoS attacks are network attack that involves overwhelming a network or a system with a large amount of traffic to cause it to become unavailable. DDoS attacks can be launched from a large number of devices, such as compromised computers or IoT devices to maximize the amount of traffic sent to the target.

There are many examples of DDoS attacks which I recommend checking out from CloudFlare at https://www.cloudflare.com/learning/ddos/famous-ddos-attacks/

It is important to be aware of these various types of network attacks and to take steps to protect your network. This can include using strong passwords, keeping software and security systems up to date, and implementing firewalls and intrusion detection systems. By taking these precautions, you can reduce your risk of harm from network attacks and better protect your sensitive information.

Conclusion

In conclusion, cyber attacks and threats are an increasingly serious issue in our interconnected world. Understanding the various types of attacks and their implications is crucial in safeguarding both yourself and your confidential data. In this article, we explored social engineering techniques, targeted cyber attacks on individuals, targeted attacks on applications, and targeted network attacks.

The repercussions of cyber attacks can be severe, ranging from financial losses to the theft of sensitive information. Thus, it is vital to take proactive measures to shield yourself and your systems. Some actionable steps include:

• Learning about the various types of attacks and their implications
• Creating robust and distinct passwords for all accounts
• Keeping software and security systems up-to-date
• Using firewalls and intrusion detection systems to safeguard your network
• Being cautious while opening emails or attachments from unknown sources

Furthermore, it is crucial to stay informed about the latest cybersecurity developments to comprehend the potential threats and take necessary precautions.

The primary takeaway from this article is that cyber-attacks and threats are serious issues and require proactive action to protect oneself and sensitive data. By comprehending the various types of attacks and their implications, one can safeguard themselves and minimize the risk of harm.

In conclusion, cyber attacks and threats are a reality in today’s world, and it is imperative to be informed and prepared to protect oneself and sensitive information. By taking necessary steps to protect oneself and staying informed about potential threats, one can reduce the risk of harm from these malicious attacks.