MARYAM KHALIL 01-135202-037 BSIT-4A

3Bahria University, Islamabad Campus

Department of Computer Sciences
Information Security
Assignment-2
(Spring-2022 Semester)

Course: Information Security Date: 12-04-2022

Summited Date: 19-04-2022
Faculty’s Name: Dr. Kashif Naseer Qureshi Max Marks: 10

Q. No. 1. Explain all the cyber-attacks given in below Figure with proper example and details.
(Note: Write ion your own words, assignment should plagiarism free and same assignments will
be mark 0)

SOCIAL ENGINEEERING ATTACKS

Social engineering is a manipulation technique that exploits human error to gain
private information, access, or valuables. Attacks can happen online, in-person, and
via other interactions. Once an attacker understands what motivates a user's actions,
they can deceive and manipulate the user effectively.

EXAMPLE
$100 Million Google and Facebook Spear Phishing Scam.
Persuasive email phishing attack imitates US Department of Labor.
Russian hacking group targets Ukraine with spear phishing.

PHISHING
Phishing is the most common type of social engineering attack. There are at least six
different sub-categories of phishing attacks. Phishers invest varying amounts of time
into crafting their attacks. Therefore, there are so many phishing messages with
spelling and grammar errors. Phishing attacks are targeted in one of two ways. Mass
phishing or spear phishing is a widespread attack aimed at many users. Whaling
attacks specifically aim at high-value targets like celebrities, upper management, and
MARYAM KHALIL 01-135202-037 BSIT-4A
government officials. These attacks are non-personalized and try to catch any
unsuspecting person.

EXAMPLE
A recent phishing campaign used LinkedIn branding to trick job hunters into thinking
that people at well-known companies like American Express and CVS CarPoint had
sent them a message or looked them up using the social network, wrote threat post.
If they clicked on the email links, recipients found themselves redirected to pages
designed to steal their LinkedIn credentials.

BATING
Baiting abuses your natural curiosity to coax you into exposing yourself to an
attacker. Typically, potential for something free or exclusive is the manipulation used
to exploit you. The attack usually involves infecting you with malware. Baiting attacks
may leverage the offer of free music or movie downloads to trick users into handing
their login credentials. Alternatively, they can try to exploit human curiosity via the
use of physical media. Back in July 2018, Cryptosecurity reported on an attack
targeting state and local government agencies.

EXAMPLE
USB drives left in public spaces, like libraries and parking lots.
Email attachments including details on a free offer, or fraudulent free software.

QUID-PRO QUO
Like baiting, quid pro quo attacks promise something in exchange for information.
One of the most common types is when fraudsters impersonate the U.S. Social
Security Administration. Earlier attacks have shown that office workers are more
than willing to give away their passwords for a cheap pen. The exploit comes from
getting you excited for something valuable that comes with a low investment on your
end. However, the attacker simply takes your data with no reward for you.

EXAMPLE
exploiting a target’s greed, sometimes attackers don’t offer something of extrinsic value.
Rather, they hold victim’s hostage with information.
If an attacker has information on the target or the target’s company, they may threaten
to release it publicly or to the wrong person. Attackers use this tactic to make demands.
“I have precious company information. Give me your user account information or I’ll
make it publicly available.”
Even if this claim is false, the individual wouldn’t know it, so the hackers usually try
sounding confident and avoid giving out more details than needed.

PHONE-PHISHING
Vishing has the same purpose as other types of phishing attacks. The attackers are
still after your sensitive personal or corporate information. This attack is
accomplished through a voice call. Hence the “v” rather than the “ph.” in the name.
MARYAM KHALIL 01-135202-037 BSIT-4A
A common vishing attack includes a call from someone claiming to be a
representative from Microsoft. This person informs you that they’ve detected a virus
on your computer. You’re then asked to provide credit card details so the attacker
can install an updated version of anti-virus software on your computer. The attacker
now has your credit card information, and you have likely installed malware on your
computer.
The malware could contain anything from a banking Trojan to a bot (short for robot).
The banking Trojan watches your online activity to steal more details from you – often
your bank account information, including your password.
A bot is software designed to perform whatever tasks the hacker wants it to. It is
controlled by command and control (C&C) to mine for bitcoins, send spam, or launch
an attack as part of a distributed denial of service (DDoS) attack.

EXAMPLE
• The Fake Invoice Scam. Let's start with arguably the most popular phishing
template out there - the fake invoice technique.
• Email Account Upgrade Scam.
• Advance-fee Scam.
• Google Docs Scam.
• PayPal Scam.
• Message From HR Scam.
• Dropbox Scam.

EAVESDROPPING
Eavesdropping attacks happen when cyber criminals or attackers listen in to network
traffic traveling over computers, servers, mobile devices, and Internet of Things (IoT)
devices. Network eavesdropping, also known as network snooping or sniffing, occurs
when malicious actors exploit insecure or vulnerable networks to read or steal data
as it travels between two devices. Eavesdropping is most common for wireless
communication.

EXAMPLE
Wi-Fi access points are mostly unsafe and allow un-authorized person to take
advantage of them. The problem is that very few people understand the risk behind
these open networks. So, this technique helps the attackers to receive data packets
that have been transmitted through the Wi-Fi signals.

SPOOFING
Spoofing occurs when a cybercriminal disguises themselves as an individual,
business, or entity to commit malicious acts. Cyber criminals use various tactics to
spoof their identity, ranging from spoofed email addresses, websites, or phone
numbers. The goal of a spoofing scam is to steal from victims and damage their
reputation.

EXAMPLE
MARYAM KHALIL 01-135202-037 BSIT-4A
If the phone number displays without brackets () or dashes -. For example,
4567893543.
The caller ID is your phone number or looks very similar (e.g., one digit may differ).
The phone number or caller’s name are hidden.

DIRECT-ACCESS
Direct-access attack is an attack where a hacker can gain access to a computer and
be able to directly download data from it. They will be able to compromise security
by modifying that software and adding key loggers, worms, etc. Eavesdropping is
listening to a private conversation between hosts and network

EXAMPLE
A direct-access attack is simply gaining physical access to the targeted computer
system. This would enable the attacker to damage the hardware and software, to
install keyloggers, worms, viruses, and covert listening devices or to manually copy
sensitive information and data from the device. Example that deleting all the data
buy having direct access knowing your credentials

IDENTITY THEFT
Identity theft is probably the last thing you’d want to worry about, but perhaps you
should. Each year, millions of people around the world, many of them children and
minors, have their identity stolen. The rise of the internet, the wide distribution of
malicious software, and insufficient cybersecurity practices have all made identity
theft very easy to accomplish.

EXAMPLE
Between May and July 2017, hackers breached Equifax, one of the three major credit
reporting agencies in the United States. During that time, the personal information
of more than 143 million Americans was compromised, with at least a few hundred
thousand identities stolen.

In May 2015, hackers used the vulnerabilities in online software called “Get
Transcript” to breach the Internal Revenue Service (IRS). The IRS developed this
software to give taxpayers easy access to their credit history, but hackers used it to
steal more than 700,000 Social Security numbers.

REPUDIATION ATTACK
Repudiation is a process in which one cannot prove that a transaction took place
between two entities. The goal of the malicious attacker is to perform repudiation
when executing session layer attacks.
An attacker typically uses a repudiation attack when users are accessing web
information. Attackers like to use Java or ActiveX scripts, port-scanning utilities,
masquerading, and eavesdropping to carry out their repudiation attack.
MARYAM KHALIL 01-135202-037 BSIT-4A
It is one of the simplest forms of repudiation attacks is to use public e-mail systems
such as Hotmail, Yahoo, Mail, Gmail, etc. and others to generate garbage mail and
execute a DoS attack against a company's e-mail server.
In repudiation attack system and applications are unable to manage the control logs
properly and allows the malicious attacker to manipulate the identity and actions of
the user. The attacker logins through inappropriate data for accessing log files by
changing the authorized identifications. Thus, system logs need to be secured
effectively for the security of information and to find preceding actions.
In such cases repudiation attack acts as an important aspect where the user claims
that nothing has being done wrong regardless of whether done or not by him/her.
The system needs to ensure that the logs are secure and preserve while addressing
repudiation.

EXAMPLE

• Getting a free e-mail account from these systems is usually a simple

process, with little identity proof required.
• This makes it easy for a hacker to get an e-mail account and hide his
activities behind a cloud of anonymity.

MALWARE

Malware (short for “malicious software”) is a file or code, typically delivered over a
network, that infects, explores, steals or conducts virtually any behavior an attacker
wants. Ransomware is software that uses encryption to disable a target’s access
to its data until a ransom is paid. The victim organization is rendered partially or
totally unable to operate until it pays, but there is no guarantee that payment will
result in the necessary decryption key or that the decryption key provided will
function properly.

EXAMPLE

This year, the city of Baltimore was hit by a type of ransomware named Robbin
Hood, which halted all city activities, including tax collection, property transfers,
and government email for weeks. This attack has cost the city more than $18
million so far, and costs continue to accrue. The same type of malware was used
against the city of Atlanta in 2018, resulting in costs of $17 million.

VIRUS

A computer virus is a malicious application or authored code used to perform

destructive activity on a device or local network. The code’s malicious activity could
damage the local file system, steal data, interrupt services, download additional
malware, or any other actions coded into the program by the malware author. Many
viruses pretend to be legitimate programs to trick users into executing them on their
device, delivering the computer virus payload.
MARYAM KHALIL 01-135202-037 BSIT-4A

EXAMPLE

The Melissa virus infected thousands of computers worldwide by the end of 1999.
The threat was spread by email, using a malicious Word attachment and a catchy
subject: “Important Message from (someone’s name)”.

Melissa is considered one of the earliest cases of social engineering in history. The
virus had the ability to spread automatically via email. Reports from that time say
that it infected many companies and people, causing losses estimated at USD 80
million.

SPYWARE

Spyware is any piece of malicious software that infects your computer and spies on
your personal data. These programs can record a wide range of personal information
– from search and browsing histories to login credentials and credit card details.
Read on to learn about the most famous examples of spyware attacks.

EXAMPLE

Cool Web Search – This program would take advantage of the security vulnerabilities
in Internet Explorer to hijack the browser, change the settings, and send browsing
data to its author. Gator – Usually bundled with file-sharing software like Kazaa, this
program would monitor the victim’s web surfing habits and use the information to
serve them with better-targeted ads.

WORMS

A worm virus is very similar and is often categorized as a sub-class of computer virus.
One main difference between the two is that a user must perform an action for a
virus to keep spreading, whereas a worm does not require human intervention to
spread. Once a worm enters your system, it sort of scouts the environment looking
for opportunities, such as emailing itself to everybody in your contact list. So, the key
differentiating characteristic of a worm virus is that it can replicate itself, almost as
though it were a biological virus.

EXAMPLE

The Morris Worm was launched in 1988 by Robert Morris, an American student who
wanted to discover how big the internet really was. To do this, he launched a few
dozen lines of code, but he didn’t know that the code was riddled with bugs that
would cause a variety of problems on affected hosts. The result was thousands of
overloaded computers running on UNIX and a financial damage ranging between $10
million and $100 million.

The Storm Worm is an email worm launched in 2007. Victims would receive emails
with a fake news report about an unprecedented storm wave that had already killed
hundreds of people across Europe. More than 1.2 billion of these emails were sent
MARYAM KHALIL 01-135202-037 BSIT-4A
over the course of ten years in order to create a botnet that would target popular
websites. Experts believe that there are still at least a million infected computers
whose owners don’t know that they are part of a botnet.

ADWARE

Adware, also known as advertisement-supported software, generates revenue for its

developers by automatically generating adverts on your screen, usually within a web
browser. Adware is typically created for computers but can also be found on mobile
devices. Some forms of adware are highly manipulative and create an open door for
malicious programs.

EXAMPLE

Fireball made news in 2017 when a study ordered by an Israeli software company
found that more than 250 million computers and one-fifth of corporate networks
around the world were infected with it. Developed by Rotech, a Chinese digital
marketing agency, Fireball is a browser hijacker. It is bundled with other software
created by Rotech – including Mustang Browser and Deal Wi-Fi – and installed along
with these programs unbeknownst to the user. When it affects your computer, it
takes over your browser. It changes your homepage to a fake search engine (Trout)
and inserts obtrusive ads into any webpage you visit. To make matters worse, it
prevents you from modifying your browser settings. There’s still no proof that this
adware example does anything else besides hijacking your browser and flooding it
with ads. However, experts are worried that if Rotech decided to launch a cyber-
attack using Fireball, the consequences would be devastating simply based on the
number of infected systems worldwide.

ROOTKITS

A rootkit is a piece of software, or a collection of programs designed to give hackers

access to and control over a target device. Although most rootkits affect the software
and the operating system, some can also infect your computer’s hardware and
firmware. Read on to learn about the main types of rootkits and the best ways to
remove them.

EXAMPLE

In 2008, organized crime rings from China and Pakistan infected hundreds of credit
card swipers intended for the Western European market with firmware rootkits. The
rootkits were programmed to record the victims’ credit card info and send it all
directly to a server located in Pakistan. On the whole, the hackers behind this plot
managed to steal at least 10 million pounds by cloning credit cards and withdrawing
funds from the unsuspecting victims’ accounts.

KEY-LOGGER

A keylogger is a tool that hackers use to monitor and record the keystrokes you make
on your keyboard. Whether they’re installed on your operating system or embedded
MARYAM KHALIL 01-135202-037 BSIT-4A
into the hardware, some keyloggers can be very difficult to detect. Read on to learn
more about the most common types of keyloggers.

EXAMPLE

In 2016, a major survey conducted by a US-based cybersecurity firm revealed that

businesses from 18 countries were targeted as part of a coordinated campaign that
used the Olympic Vision keylogger to obtain confidential business-related
information. Distributed via fake emails allegedly sent by business associates, this
software-based keylogger logged not only keystrokes but also clipboard images and
texts, saved logins, and instant messaging chat histories.

BACK-DOORS

A computer backdoor allows an unauthorized user easy, high-level access to an

application, network, or device. Cybercriminals can use backdoors to bypass normal
security and authentication processes.

Default or weak passwords are one possible gateway for backdoor attacks. Once a
cybercriminal has access to your device, they can record your keyboard input, copy
sensitive information from your drives, or spy on you using your microphone and
webcam.

EXAMPLE

Not Petya (Petya Family)

Like Dark Side, Not Petya denied the user access to a machine or network and
displayed a ransom message. Users had to pay in cryptocurrency to get a key that
unlocked their system.

The Not Petya attack took place in June 2017 and affected more than 80 companies
across the US, the UK, Germany, Poland, Italy, Russia, and Ukraine. A White House
assessment estimated that Not Petya caused losses exceeding $10 billion.

TORJAN HORSES

A Trojan Horse is a piece of malware disguised as genuine software, that aims to

infect your computer and alter your files and data. Some Trojan Horses may even
give hackers access to your personal information. Read on to learn about the most
common types of Trojan Horses Viruses’.

EXAMPLE

In 2011, the computers in the Japanese parliament building were infected with a
Trojan horse allegedly created by the Chinese government. The Trojan was installed
after a member of the parliament opened an infected email, but the extent of the
attack was never disclosed.
MARYAM KHALIL 01-135202-037 BSIT-4A
In 2010, a Trojan horse also known as Zeus or Bot was used by Eastern European
hackers to attack a number of businesses and municipal officials in the region and
take control of their banking accounts. The creators of this Trojan had stolen a total
of $70 million.

RANSOMEWARE

Ransomware is a malware designed to deny a user or organization access to files on

their computer. By encrypting these files and demanding a ransom payment for the
decryption key, cyberattacks place organizations in a position where paying the
ransom is the easiest and cheapest way to regain access to their files

EXAMPLE

Crypto locker

Crypto locker is one of the ransomware examples that Comodo targets. Comodo has
a unique feature that automatically protects the user from crypto locker if it reaches
the computer. The changes made by crypto locker are reversed real time and it’s
deleted by the ransomware removal tool.

Crypto locker is known for encrypting the user’s files and requires a payment later to
open it. Comodo creates a shadow version of the hard drive to immediately protect
the important files from crypto locker. It tricks the malware that it has infected the
files, when in fact it has only encrypted the shadow version.

PASSWORD-ATTACKS

A password attack refers to any of the various methods used to maliciously

authenticate into password-protected accounts. These attacks are typically facilitated
through the use of software that expedites cracking or guessing passwords. Among
hackers' favorite password attacks are brute force, credential stuffing and password
spray

EXAMPLE

For example, a hacker can use a man-in-the-middle attack in what's called SSL
hijacking. SSL hijacking is when someone tries to connect to a secure website, and
the attacker creates a bridge of sorts between the user and the intended destination
and intercepts any information passing between the two, such as passwords.

BRUTE-FORCE

A brute force attack is a hacking method that uses trial and error to crack passwords,
login credentials, and encryption keys. It is a simple yet reliable tactic for gaining
unauthorized access to individual accounts and organizations’ systems and
MARYAM KHALIL 01-135202-037 BSIT-4A
networks. The hacker tries multiple usernames and passwords, often using a
computer to test a wide range of combinations, until they find the correct login
information.

The name "brute force" comes from attackers using excessively forceful attempts to
gain access to user accounts. Despite being an old cyberattack method, brute force
attacks are tried and tested and remain a popular tactic with hackers.

EXAMPLE

Longer passwords are not always better. What really helps is to require a mix of
upper- and lowercase letters mixed with special characters. Educate users on
best password practices, such as avoiding adding four numbers at the end and
avoiding common numbers, such those beginning with 1 or 2. Provide a password
management tool to prevent users from resorting to easily remembered
passwords and use a discovery tool that exposes default passwords on devices
that haven’t been changed.

DICTIONARY

A dictionary attack is a basic form of brute force hacking in which the attacker selects
a target, then tests possible passwords against that individual’s username. The attack
method itself is not technically considered a brute force attack, but it can play an
important role in a bad actor’s password-cracking process.

The name "dictionary attack" comes from hackers running through dictionaries and
amending words with special characters and numbers. This type of attack is typically
time-consuming and has a low chance of success compared to newer, more effective
attack methods.

EXAMPLE

In a dictionary attack, the attacker utilizes a wordlist in the hopes that the user’s
password is a commonly used word (or a password seen in previous sites). Dictionary
attacks are optimal for passwords that are based on a simple word (e.g. 'cowboys' or
'longhorns'). Wordlists aren’t restricted to English words; they often also include
common passwords (e.g. 'password,' 'lutein,' or 'I love you,' or '123456'). But modern
systems restrict their users from such simple passwords, requiring users to come up
with strong passwords that would hopefully not be found in a wordlist.

DOS

A DOS, or disk operating system, is an operating system that runs from a disk drive.
The term can also refer to a particular family of disk operating systems, most
commonly MS-DOS, an acronym for Microsoft DOS. A Denial-of-Service (DoS) attack
is an attack meant to shut down a machine or network, making it inaccessible to its
MARYAM KHALIL 01-135202-037 BSIT-4A
intended users. DoS attacks accomplish this by flooding the target with traffic, or
sending it information that triggers a crash

EXAMPLE

• Buffer overflow attacks – the most common DoS attack. The concept is to send
more traffic to a network address than the programmers have built the system
to handle. It includes the attacks listed below, in addition to others that are
designed to exploit bugs specific to certain applications or networks
• ICMP flood – leverages misconfigured network devices by sending spoofed
packets that ping every computer on the targeted network, instead of just one
specific machine. The network is then triggered to amplify the traffic. This
attack is also known as the attack or ping of death.

DDOS

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the

normal traffic of a targeted server, service or network by overwhelming the target or
its surrounding infrastructure with a flood of Internet traffic.

DDoS attacks achieve effectiveness by utilizing multiple compromised computer

systems as sources of attack traffic. Exploited machines can include computers and
other networked resources such as IoT devices.

From a high level, a DDoS attack is like an unexpected traffic jam clogging up the
highway, preventing regular traffic from arriving at its destination.

EXAMPLE

The February 2018 GitHub DDoS attack

One of the largest verifiable DDoS attacks on record targeted GitHub, a popular
online code management service used by millions of developers. This attack reached
1.3 Tbsp., sending packets at a rate of 126.9 million per second.

The GitHub attack was a DDoS attack, so there were no botnets involved. Instead the
attackers leveraged the amplification effect of a popular database caching system
known as Memcached. By flooding Memcached servers with spoofed requests, the
attackers were able to amplify their attack by a magnitude of about 50,000x.

Luckily, GitHub was using a DDoS protection service, which was automatically alerted
within 10 minutes of the start of the attack. This alert triggered the process of
MARYAM KHALIL 01-135202-037 BSIT-4A
mitigation and GitHub was able to stop the attack quickly. The massive DDoS attack
only ended up lasting about 20 minutes.

BOTNET

A botnet is a group of computers controlled remotely by a hacker who uses their

combined resources to carry out attacks against websites, computer networks, and
internet services. If your computer is infected with malware, it may be part of a
botnet. Read on to learn about the common botnet attack examples.

EXAMPLE

The Mirai botnet was behind a massive, distributed denial of service (DDoS) attack
that left much of the internet inaccessible on the U.S. east coast. But, what made
Mirai most notable was that it was the first major botnet to infect insecure IoT
devices. At its peak, the worm infected over 600,000 devices.

BUFFER-OVERFLOW

Buffers are memory storage regions that temporarily hold data while it is being
transferred from one location to another. A buffer overflow (or buffer overrun)
occurs when the volume of data exceeds the storage capacity of the memory buffer.
As a result, the program attempting to write the data to the buffer overwrites
adjacent memory locations. Attackers exploit buffer overflow issues by overwriting
the memory of an application. This changes the execution path of the program,
triggering a response that damages files or exposes private information. For
example, an attacker may introduce extra code, sending new instructions to the
application to gain access to IT systems.

EXAMPLE

For example, a buffer for log-in credentials may be designed to expect username and
password inputs of 8 bytes, so if a transaction involves an input of 10 bytes (that is,
2 bytes more than expected), the program may write the excess data past the buffer
boundary.

Buffer overflows can affect all types of software. They typically result from
malformed inputs or failure to allocate enough space for the buffer. If the transaction
overwrites executable code, it can cause the program to behave unpredictably and
generate incorrect results, memory access errors, or crashes.

TEARDROP
MARYAM KHALIL 01-135202-037 BSIT-4A
A teardrop attack relies on a bug within the code older computer systems use to
handle large amounts of data. Rather than putting together all the bits in the right
order and serving them up as expected, the systems wait for pieces that never arrive.
Eventually, the whole system crashes.

Teardrops are distributed-denial-of-service (DDoS) attacks. About 60 percent of IT

experts worry about hacks like this. They are also a type of IP fragmentation
attack, where a hacker overwhelms a network using fragmentation mechanisms.

The solution is relatively simple: Update your software and keep it current.

EXAMPLE

By default, F5’s BIG-IP Application Delivery Services protect against teardrop attacks
by checking incoming packets’ frame alignment and discarding improperly formatted
packets. Teardrop packets are therefore dropped, and the attack is prevented before
the packets can pass into the protected network.

SMURF

A Smurf attack is a form of a distributed denial of service (DDoS) attack that renders
computer networks inoperable. The Smurf program accomplishes this by exploiting
vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols
(ICMP). The amplification factor of the Smurf attack correlates to the number of the
hosts on the intermediate network. For example, an IP broadcast network with 500
hosts will produce 500 responses for each fake Echo requests. Typically, each of the
relies is of the same size as the original ping request

EXAMPLE

Distributed denial of service (DDoS) Smurf attack is an example of an amplification

attack where the attacker send packets to a network amplifier with the return
address spoofed to the victim's IP address.

PHYSICAL

Cyber-Physical Attack — a security breach in cyber space that impacts on the physical
environment. A malicious user can take control of the computing or communication
components of water pumps, transportation, pipeline valves, etc., and cause damage
to property and put lives at risk.

EXAMPLE

• An infected USB drive is planted in a parking lot, lobby, etc., which an employee
picks up and loads onto the network.
MARYAM KHALIL 01-135202-037 BSIT-4A
• An attacker breaks into a server room and installs rogue devices that capture
confidential data.
• The internet drop line is accessible from outside of the building, allowing an
attacker to intercept data or cut the line completely.
• An attacker pretends to be an employee and counts on a real employee’s
courtesy to hold the door for him as they enter together.
• An inside actor looks over the shoulder of a system engineer as they type
administrative credentials into a system.

EXPLOITS

An exploit (in its noun form) is a segment of code or a program that maliciously takes
advantage of vulnerabilities or security flaws in software or hardware to infiltrate and
initiate a denial-of-service (DoS) attack or install malware, such as spyware,
ransomware, Trojan horses, worms, or viruses. So the exploit is not the malware
itself but is used to deliver the malware. To exploit (in its verb form) is to successfully
carry out such an attack.

EXAMPLE

n recent years, there have been many well-known exploits used to initiate malware
attacks and cause huge data breaches. For example, in 2016, Yahoo disclosed that
an exploit had taken place years prior, resulting in a massive data leak that affected
about 1 billion of their users. A weak and out-of-date algorithm had caused a
vulnerability, providing hackers with access to multiple email accounts.

A recent infamous exploit named "Eternal Blue" takes advantage of a flaw found in
the Windows Server Message Block protocol. Sadly, the exploit was first designed by
the National Security Agency (NSA) but was stolen and publicized by the Shadow
Brokers group. It has since been used in the Not Petya and WannaCry ransomware
attacks.

More recently, Equifax, a credit reporting firm, suffered a huge breach of data when
hackers exploited a vulnerability found within the Apache Struts framework used in
a web application run by the company. A patch was developed, but Equifax failed to
update the compromised web application soon enough to avoid the breach.

PRIVILEGE ESCALATION ATTACK

An exploit is a code that takes advantage of a software vulnerability or security flaw.

It is written either by security researchers as a proof-of-concept threat or by
malicious actors for use in their operations. When used, exploits allow an intruder to
MARYAM KHALIL 01-135202-037 BSIT-4A
remotely access a network and gain elevated privileges or move deeper into the
network.

EXAMPLE

Linux Password User Enumeration

Attackers often use password user enumeration to perform privilege escalation on a

Linux system. This basic attack identifies all user accounts on a Linux machine, which
requires the attacker first to obtain shell access. Once that step is complete, the
command "cat /etc/passwd | cut -d: -f1" will display a list of all the users on the
machine. Misconfigured FTP servers are one of the most common vulnerabilities that
Linux password user enumeration can exploit.

APT

Advanced Persistent Threat (APT) are compound network attacks that utilize multiple
stages and different attack techniques. APTs are not attacks conceived of or
implemented on the spur-of-the-moment. Read on to learn about APT detection and
protection measures. the goal of an APT attack is to break into the target network
and spend as much time as needed to search the network for sensitive information.
After the attack objectives are accomplished, the attackers disappear unnoticed.

EXAMPLE

• Ghost Net — based in China, attacks were conducted by spear phishing emails
containing malware. The group compromised computers in over 100
countries, focusing on gaining access to networks of government ministries
and embassies. Attackers compromised machines inside these organizations,
turned on their cameras and microphones and turned them into surveillance
devices.
• Stuxnet — a worm used to attack Iran’s nuclear program, which was delivered
via an infected USB device, and inflicted damage to centrifuges used to enrich
Uranium. Stuxnet is malware that targets SCADA (industrial Supervisory
Control and Data Acquisition) systems—it was able to disrupt the activity of
machinery in the Iranian nuclear program without the knowledge of their
operators.

HACTIVISM
MARYAM KHALIL 01-135202-037 BSIT-4A
The term “Hacktivism” was coined in the early 90s by the (in)famous hacker
collective, Cult of the Dead Cow. As the word suggests, Hacktivism is a means of
collective political or social activism manifest through hacking computers and
networks. Hacktivism began as a sub-culture of hacking, gaming and web
communities, and allowed technically inclined individuals to use the connectivity and
anonymity of the web to join together with others and operate towards common
causes. As such, hacktivists were originally mostly young males who enjoyed surfing
the web, visiting forums and newsgroups, sharing information on illegal download
sites, chatting in “private rooms” and colluding with like-minded drifters of the net.

EXAMPLE

More recently, hacktivist group Lizard Squard were responsible for an attack on the
U.K.’s Labor party during the country’s general election last December. The botnet-
powered DDoS attack targeted the then-leader of the party, Jeremy Corbyn, as well
as his party’s websites. The group promised more attacks on both government and
Labor party websites should Labor win the election (something they failed to do). In
the past, Lizard Squad had claimed responsibility for attacks on Sony, Microsoft XBox
and even Taylor Swift, but this was its first known outing for some years. According
to one report, the group may have turned to financially motivated crime in the
interim, quietly building and hiring out its botnet in a DDoS-for-hire service.

COMMODITY-THREAT

Commodity attacks are attacks that use readily available tools with little or no
customization. Commodity attacks are usually perpetrated by attackers who either
do not have the skills to perform more advanced attacks or who prefer to perform
many, easy attacks and benefit from a low success rate rather than spend a lot of time
to customize a small number of more profitable attacks against specific targets.

EXAMPLE

The Exploit Kit Playbook: Many incident reports show multiple ransomware
campaigns relying on an easy-to-buy RIG exploit kit, and then combining it with
commoditized ransomware like Kerber and Locky. The playbook for creating new
ransomware campaigns has been written and everyone is following it.

CYBER ESPIONGE

Cyber espionage is primarily used as a means to gather sensitive or classified

data, trade secrets or other forms of IP that can be used by the aggressor to
create a competitive advantage or sold for financial gain. In some cases, the
breach is simply intended to cause reputational harm to the victim by exposing
private information or questionable business practices.

Cyber espionage attacks can be motivated by monetary gain; they may also be
deployed in conjunction with military operations or as an act of cyber terrorism
or cyber warfare. The impact of cyber espionage, particularly when it is part of a
MARYAM KHALIL 01-135202-037 BSIT-4A
broader military or political campaign, can lead to disruption of public services
and infrastructure, as well as loss of life.

EXAMPLE

COVID-19 Research

More recently, cyber espionage has focused on research efforts related to the
COVID-19 pandemic. Since April 2020, intrusion activity targeting coronavirus
research has been reported against U.S., U.K., Spanish, South Korean, Japanese
and Australian laboratories; this activity was conducted on the part of Russian,
Iranian, Chinese and North Korean actors.

For example, one cyber espionage breach was discovered by CrowdStrike in the
second half of 2020. Our Falcon Overwatch team uncovered a targeted intrusion
against an academic institution known to be involved in the development of
COVID-19 testing capabilities. The malicious activity in question was attributed to
Chinese hackers, which gained initial access by way of a successful SQL injection
attack against a vulnerable web server. Once inside the victim environment, the
actor compiled and launched a web shell that was used to perform various
malicious activities largely focused on information gathering and collection.

INDIRECT-ATTACK

the indirect attack the information is received from (or about) the target source
without directly attacking it. Another way of putting it would be like when a database
is tricked into replying to queries for sensitive information because they (the queries)
pose as legitimate ones.

In the real-life example that was mentioned earlier, it would be like the thief knocking
on your door and asking you if you had any old lamps that you would like to exchange
for new ones. You, not knowing the true value of the lamp and thinking he was a true
trader – with no ulterior motives regarding the knowledge of the genie it holds within
– would hand your old lamp to him.

EXAMPLE

“Watering hole technique” refers to instigating an attack where the hacker

compromises a target website by inserting an exploit that will result in a malware
malfunction or a Trojan being planted in the system.

What is even more dangerous is that websites that have been infected using this
method can then pass the infection on (or open the doors to) websites that are
MARYAM KHALIL 01-135202-037 BSIT-4A
connected to or visited from or through them. The efficiency of this attack can be
proven by the fact that large companies like Facebook, Apple and Twitter have all
been hit using this method.

MOBILE ADHOC NETWORK BASED

MANET stands for Mobile Ad hoc Network also called a wireless Ad hoc network or
Ad hoc wireless network that usually has a routable networking environment on
top of a Link Layer ad hoc network. They consist of a set of mobile nodes connected
wirelessly in a self-configured, self-healing network without having a fixed
infrastructure. MANET nodes are free to move randomly as the network topology
changes frequently. Each node behaves as a router as they forward traffic to other
specified nodes in the network.

Mobile ad hoc networks are self-configuring, dynamic networks in which nodes are
free to move. They do not rely on a pre-existing infrastructure such as routers or
access points. The challenge is equipping each device to maintain the information
required to properly route traffic.

EXAMPLE

Examples include pressure, temperature, toxins, pollutions, etc. An ad-hoc network

is a collection of wireless mobile hosts forming a temporary network without the aid
of any stand- alone infrastructure or centralized administration

CYBER-PHYSICAL SYSTEMS

Cyber-Physical Attack — a security breach in cyber space that impacts on the physical
environment. A malicious user can take control of the computing or communication
components of water pumps, transportation, pipeline valves, etc., and cause damage
to property and put lives at risk.

Recent advancement of cyber physical systems open doors to various safety

measures, threats, attacks and vulnerabilities are such major key challenges.
Comparison of various cyber physical attacks and analysis on several parameters has
been done. Key noted issues are results of cyber-attacks, CPS attack traceability and
the review on communication security architecture.

EXAMPLE

An infected USB drive is planted in a parking lot, lobby, etc., which an employee picks
up and loads onto the network. infected an attacker breaks into a server room and
installs rogue devices that capture confidential data

SQL INJECTION

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL
code for backend database manipulation to access information that was not
MARYAM KHALIL 01-135202-037 BSIT-4A
intended to be displayed. This information may include any number of items,
including sensitive company data, user lists or private customer details.

EXAMPLE

An attacker wishing to execute SQL injection manipulates a standard SQL query to

exploit non-validated input vulnerabilities in a database. There are many ways that
this attack vector can be executed, several of which will be shown here to provide
you with a general idea about how SQLI works.

LOGIC BOMB

A logic bomb is a malicious piece of code that’s secretly inserted into a computer
network, operating system, or software application. It lies dormant until a specific
condition occurs. When this condition is met, the logic bomb is triggered —
devastating a system by corrupting data, deleting files, or clearing hard drives.

EXAMPLE

An incident in 1982, during the Cold War between the US and the Soviet Union, is
considered the original logic bomb attack. The CIA was supposedly informed that a
KGB operative had stolen the plans for an advanced control system along with its
software from a Canadian company, to be used on a Siberian pipeline. The CIA
apparently had a logic bomb coded in the system to sabotage the enemy.
Since then, like after the birth of the computer virus itself, logic bomb attacks have
become frequent in real life as well as in movies and television.

MAN IN THE MIDDLE ATTACK

A man-in-the-middle attack represents a cyberattack in which a malicious player

inserts himself into a conversation between two parties, impersonates both of them,
and gains access to the information that the two parties were trying to share. The
malicious player intercepts, sends, and receives data meant for someone else – or
not meant to be sent at all, without either outside party knowing until it’s already too
late.

EXAMPLE

The Marconi Case The first recorded man-in-the-middle attack in history took place
long before the Internet was even invented and it involves Guglielmo Marconi, a
Nobel prize winner considered to be the inventor of the radio. What happened?
When a legal advisor to Marconi, Professor Fleming, was making a demonstration of
wireless transmission from one location to another, a Mr. Maskelyne, with his own
receiver, intercepted the message that was supposed to be sent from Cornwall to the
Royal Institute and then transmitted his own message.

TAMPERING

Data tampering is the act of deliberately modifying (destroying, manipulating, or

editing) data through unauthorized channels. Data exists in two states: in transit or
MARYAM KHALIL 01-135202-037 BSIT-4A
at rest. In both instances, data could be intercepted and tampered with. Digital
communications are all about data transmission.

EXAMPLE

A classic example of parameter tampering is changing parameters in form fields.

When a user makes selections on an HTML page, they are usually stored as form field
values and sent to the Web application as an HTTP request. These values can be pre-
selected (combo box, check box, radio button, etc.), free text or hidden.

BYZANTINE ATTACK

The Byzantine attack in cooperative spectrum sensing (CSS), also known as the
spectrum sensing data falsification (SSDF) attack in the literature, is one of the key
adversaries to the success of cognitive radio networks (CRNs)

EXAMPLE

A Byzantine fault (also Byzantine generals’ problem, interactive consistency, source

congruency, error avalanche, Byzantine agreement problem, and Byzantine failure)
is a condition of a computer system, particularly distributed computing systems,
where components may fail and there is imperfect information

BLACK HOLE ATTACK

Black-hole attacks occur when a router deletes all messages it is supposed to

forward. From time to time, a router is misconfigured to offer a zero-cost route to
every destination in the Internet. This causes all traffic to be sent to this router. Since
no device can sustain such a load, the router fails.

EXAMPLE

Wireless Sensor Network Security

Some examples of Byzantine attacks are black holes, flood rushing, wormholes, and
overlay network wormholes: Black-hole attack: In this type of attack, the attacker
drops packets selectively, or all control and data packets that are routed through
him.

FLOOD RUSHING ATTACK

Rushing attack is one of the network layer attacks in MANET. In this attack, when the
attacker node receives the route request packet, it immediately forwards the route
request packet to its neighbors without processing the packet. Threshold-based
approach is used to detect rushing attack in MANET.

EXAMPLE

In a flood attack, attackers send a very high volume of traffic to a system so that it
cannot examine and allow permitted network traffic. For example, an ICMP flood
attack occurs when a system receives too many ICMP ping commands and must use
all its resources to send reply to commands. f you set the Drop UDP Flood
Attack threshold to 1000, the device starts to drop UDP packets from an interface
that receives more than 1000 UDP packets per second. The device does not drop
other types of traffic or traffic received on other interfaces.
MARYAM KHALIL 01-135202-037 BSIT-4A
BLUE JACKING ATTACK

Bluejacking is a hacking method that allows an individual to send anonymous

messages to Bluetooth-enabled devices within a certain radius. First, the hacker
scans his surroundings with a Bluetooth-enabled device, searching for other devices.
The hacker then sends an unsolicited message to the detected devices. Bluejacking
is a hacking method that lets a person send unsolicited messages (typically flirtatious
but can also be malicious) to any Bluetooth-enabled device within his own device’s
range. Also known as “blue hacking,” the process begins by scanning one’s
surroundings for discoverable Bluetooth-capable devices.

Bluejacking is much like doorbell ditching, wherein a person rings someone’s

doorbell and disappears before the homeowner can answer the door.

EXAMPLE

• Online adverts are everywhere these days, and some of them can be more
than just annoying and distracting. Malicious advertising, or Malwaretising
involves hackers sneaking ads onto legitimate websites. If you click on them,
intentionally or by accident, you run the risk of downloading malware and
viruses onto your device.

• Phishing emails are a classic but effective way to spread malware. Phishing is
the act of sending a message, usually an email, in which the sender pretends
to be a legitimate figure like a bank or a recognizable business. They then ask
the target to follow a link. Clicking the link will either infect your device with
malware or trick you into exposing login details for various accounts.

COVERT ATTACK

physically covert attacks are attacks that cause physical. effects that cannot be easily
noticed or identified by a human observer pone of the most sophisticated attacks on
these systems is the covert attack, where an attacker changes the system inputs and
disguises his influence on the system outputs by changing them accordingly.

EXAMPLE

Covert channels are frequently classified as either storage or timing channels.

Examples would include using a file intended to hold only audit information to
convey user passwords--using the name of a file or perhaps status bits associated
with it that can be read by all users to signal the contents of the file

Historic examples of covert action include the CIA's orchestration of the 1953 coup
in Iran; the 1961 Bay of Pigs invasion of Cuba; the Vietnam-era secret war in Laos;
and support to both the Polish Solidarity labour union in the 1970s and 1980s and to
the Mujahidin in Afghanistan during the 1980s
MARYAM KHALIL 01-135202-037 BSIT-4A

RESISTENT CONTROL PROBLEM

The resistance strategy is to make it as difficult as possible for attacks to progress

after the initial access, without the necessity of knowledge of the attacks. While this
often requires substantial effort, it reduces the damage that would otherwise incur
from the attacks. The resistance strategy is to make it as difficult as possible for
attacks to progress after the initial access, without the necessity of knowledge of the
attacks. While this often requires substantial effort, it reduces the damage that would
otherwise incur from the attacks. Sun Tzu supports this strategy via the principle that
“The art of war teaches us to rely not on the likelihood of the enemy’s not coming,
but on our own readiness to receive him” [13]. Many of the methods that support the
frustration controls will also support the resistance strategy.

EXAMPLE

For example, Black Friday sales, when thousands of users are clamoring for a
bargain, often cause a denial of service. But they can also be malicious. In this case,
an attacker purposefully tries to exhaust the site's resources, denying legitimate
users access.

REPLAY ATATCK

Replay Attack is a type of security attack to the data sent over a network. In this attack,
the hacker, or any person with unauthorized access, captures the traffic and sends
communication to its original destination, acting as the original sender. The receiver
feels that it is an authenticated message, but it is actually the message sent by the
attacker. The main feature of the Replay Attack is that the client would receive the
message twice, hence the name, Replay Attack.

EXAMPLE

Real world example

A staff member at a company asks for a financial transfer by sending an encrypted

message to the company's financial administrator. An attacker eavesdrops on this
message, captures it, and is now able to resend it.

Suppose in the communication of two parties A and B; A is sharing his key to B to

prove his identity but in the meanwhile Attacker C eavesdrop the conversation
between them and keeps the information which are needed to prove his identity to
B. Later C contacts to B and prove its authenticity.