CYBER SECURITY

Week 2: Cyberattacks – Classification of Attacks –

Vulnerabilities – Threats – Risks
Module 5: Classification of Cyber Attacks
Course Co-Ordinator Content Reviewer Content Writer
Dr. Padmavathi Ganapathi Dr V Rhymend Uthariaraj Ms. M. Kalaivani
Professor-Department of Professor, Assistant Consultant
Computer Science Department of Information Tata Consultancy Services
Avinashilingam Institute for Technology TCS Centre, Infopark
Home Science and Madras Institute of Technology Kakkanad, Kochi-682042.
Higher Education for Women Campus, [email protected]
(Deemed-to-be-University), Anna University, +919597390087
Coimbatore Chennai-600 044.
padmavathi.avinashilingam@ [email protected]
gmail.com +919444150081
9486772744

1
 Objectives

✓Familiarize the technical classification of Cyber

Attacks
✓Demonstrate how the Cyber Attacks affect the
system and what are the damages caused to
the system

2
 Learning Outcomes

✓Classify the Cyber Attack types based on

certain factors
✓Appraise the common types of Cyber Attack

3
 Outline
Typical Cyber-attack types
DoS and DDoS Attack
XSS attack
SQL injection attack
Man-in-the-middle attack
Birthday attack
Password attack
Eavesdropping attack
Phishing and spear phishing
Drive-by download attack

4
 Most Common types of Cyber-attacks

DoS and DDoS attack

Drive-by download XSS attack
attack

Phishing and spear

SQL Injection attack
phishing attack Cyber Attack
types

Eavesdropping attack Man-in-the-Middle attack

Password attack Birthday attack

5
 DoS and DDoS Attack

• DoS makes the system unresponsive to the

actual service requests
• It does so by overpowering the system resources
• DDoS attack is similar to the DoS attack
• Difference is that the attack is launched from a
series of host machines

6
 DoS and DDoS Attack types

Dos and
DDoS Attack
Types

SYN flood Botnets

Attack

TCP SYN Ping of death

flood attack attack
Tear Drop Smurf
attack attack

7
 SYN flood attack

• This attack compromises the

initial handshake process
• It makes the server unavailable
for the actual traffic
• It sends SYN packets repeatedly
and eventually overwhelms the
targeted server

8
 TCP SYN flood attack
• During TCP connection establishment the attacker
fills up the target machine with multiple connection
requests
• It makes target machine to timeout, awaiting for
permission to connect from the server

9
 Tear Drop attack
• It is a DoS attack where fragmented packets
are sent to a target machine
• This makes the victim’s computer to crash
overwhelming with packets

Packet #1 IP ID = x
Packet length = 820
IP Header Fragment offset = 0
More fragments = 1
Packet #2
IP ID = x
IP Header Packet length = 820
Fragment offset = 800
More fragments = 0

10
 Smurf attack

• It is a DoS attack which involves IP spoofing

• A Ping is issued to the entire IP Broadcast
addresses
• It stimulates response to the ping packet and
the target computer
• The process is repeated and automated to
generate large amount of network congestion

11
An Example for Smurf Attack

12
 Ping of death attack

• It happens when the network packets are used

to ping the target machine with large packet size

13
 Botnets
• Botnets are millions of computers compromised
with viruses by the hacker who is under control
of DDoS attacks
• As these bots can be located anywhere, they
are generally very difficult to identify

14
Cross-site scripting attack (XSS Attack)

2 The Attacker injects a payload The website transmits the

3
in the website’s database with victim’s browser the page with
malicious JavaScript that the attacker’s payload. The
steals cookies. victim’s browser executes the
Website malicious scripts.

5 The attacker extracts victim’s

cookie, after which he use it
for session hijacking.

Attacker
Website Visitor

1 Attacker discovers a website 4 After script execution victim sends

for having script injection
his cookie to the attacker.
vulnerabilities.

15
 SQL injection attack

• This attack is most common in database-driven

websites
• Here SQL query is executed to the database
as the input from the client and the server
• It mostly works if a website uses dynamic SQL

16
Man-in-the-middle attack (MITM Attack)

• This happens when a hacker manipulates the

traffic by being in between the client and server

17
Types of MITM Attack

Session
Hijacking

MitM Attacks

Replay
IP Spoofing
Attack

18
 Session hijacking
• This happens when a hacker hijacks the
established connection between a client and
server
• The attacker changes the IP address for a
trusted client
• Then it makes the computer believe it is
communicating with the actual server

19
An example of Session hijacking

20
 IP Spoofing Attack

• It is used to convince the victim that he or she

is connected to a trusted and known entity

21
 Replay Attacks

• It is also known as play-back attack

• It happens when a data transmission is hacked
and purposely delayed or repeated

22
 Birthday attack

• Message Digest (MD) of fixed length is

produced by the hash function
• It uniquely characterizes the message
independent of its length
• The birthday attack refers to the probability that
two random message generates have the
same Message Digest

23
 Password attack
• It happens by guessing passwords randomly or
in systematic manner

Brute-force Attack

Dictionary Attack

24
 Eavesdropping attack
• Hacking of user confidential information sent
over the network
• It occurs through the interruption of network
traffic

Eavesdropping
Attack

Active Passive
Eavesdropping Eavesdropping
Attack Attack
25
 Phishing and Spear Phishing attacks

• Sending an email in the name of trusted

sources by an attacker is known as phishing
• When a phishing attack is conducted on a
targeted audience it is spear phishing
• This forces user to download malicious
program on victim systems exposing personal
data

26
Example for phishing attack

27
 Drive-by Download attack

• These attacks are usually used for scattering

malware
• Unsecured websites are searched by the
hackers
• They run malicious script into web pages
installing malware on to the host directly
• The victim will be redirected to download
operations in a website controlled by hackers

28
 Conclusion

• Cyber Attacks are on the rise, because there

are various ways and means through which a
system can be compromised
• It is absolutely necessary to understand the
technical functioning of the Cyber Attacks to
prevent and handle them better

29
Thank you

30