Types of Cyber Attacks and its Combating
Vikas Singh
Associate Director Engineering @ Droom | Ex Oxigen, Square Yards, ShopClues, IndiaMART | Hands on, Innovator, Problem Solver, Startup Enthusiast
Prevention is always better than cure. And we can't be safe from cyber attacks until know its types and symptoms. Here, I am describing all kinds of cyber attacks which I got to know while one of our server was infected by Ransomware.
Brute Force Attacks: A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.
Prevention
- Use of strong passwords of long length with a good combination of characters.
- Restrict number of times a user can attempt to login successfully
- Enforcing a timeout for users who exceed the specific maximum of failed login attempts.
Phishing & Spoofing: Phishing: A form of fraud where the attacker masquerades as a reputable entity or person. It is very common with email. The victim receives an email with the link or attachment that if clicked on will install malware on the victim’s computer or device.
A homophone for fishing. It is very popular because it’s easier to trick someone who can break their computer’s device. These guys often target around popular events and holidays by sending them emails having such links or code.
Misspelled urls and subdomains are also used e.g axixbank.com instead of axisbank.com, amezon.in instead of amazon.in
Attack against specifically senior executives of a company called a Whaling Attack.
Email spoofing is the forgery of an email header so the message appears to have originated from someone other than the actual source.
Fighting against Phishing
- Vigilance
- Use of emails filters
Bots & Botnets
Bots: It is a short for Robtos commonly referred to as Zombies. An attacker gains complete control over the infected computer using trojan horse. The performance of infected computer is severely degraded.
Botnets: It is a collection of bots. A botmaster or bot herder is in control of the botnets. A command & control server is used to issue commands to the bots in a botnet. Botnets are very often used to perform DDoS attacks.
Prevention
- Updated antivirus and anti malware products.
- Not clicking on suspicious links.
DoS or DDoS Attacks
In general client server architecture, a client's request to a server and get response.
Denial of Service Attack
- Floods servers and networks with useless traffic.
- A website becomes inaccessible or there is an enormous amount of spam email.
Prevention: The ip address of the source can be blocked.
Distributed Denial of Service Attack
- Harder to combat because traffic comes from thousands of different sources.
- It is also difficult to distinguish between legitimate user traffic from attack when spread across so many sources.
- DDoS attacks are distributed using botnets
- Very common with Hacktivists
Combating DDoS Attacks
- Over provision bandwidth
- Creating a DDoS playbook: Have a policy that most of the cyber security company suggest and activate this policy when this attack happens.
- Consult a DDoS specialist company e.g Akamai, CloudFlare
- Restrict ping
Man in the middle attack
Let’s imagine you want to send some text message to someone and what will happen if a postman as being a hacker changes its content! This is a real time scenario of man at middle attack where you have someone who is able to intercept messages between two or more peoples.
- It can only succeed when the attacker can impersonate both sides.
- It is very common with unsecured wireless connection.
Types of MITMMs
- Email Hijacking – Attacker gains access to email accounts
- Wifi Eavesdropping – Hijacking a wifi connection
- Session Hijacking – connection between a computer and a website
A real incident of MITMAs Cybercriminals in Belgium stole over $6M in 2015 by gaining access of corporate accounts of several companies.
SQL Injection
It is one of the oldest form of attacks. The attacker executes malicious SQL commands to corrupt a database. It can provide the attacker with unauthorized access to sensitive information like password and usernames. This type of attacks has been used against Sony Pictures, Microsoft, Yahoo, LinkedIn and even the CIA.
Havij developed in iran is a popular tools used by penetration testers to find and exploit SQL #CyberAttacks #Ransomware #DDoS #Havij #SqlVulnerability #CyberSecurities. The problem here is though Havij is a double edge sward. For good guys, it can be used to identify vulnerability in your code but a bad guys can use this software as well to enter in your code.
Cross site Scripting (XSS) Attack:
The attacker executes malicious code into a website or web application. It is similar to sql injection attack where attackers use malicious code.
- The attacker doesn’t target the victim directly but the website that the victim would visit.
- The victim’s browser becomes infected.
Combating SQL Attacks
- Limiting database privileges
- Comprehensive data sanitization e.g only numbers allowed in a phone filed form and database.
- Applying software patches.
Two major forms for malware
Viruses & worms: Virus and worms are malicious code written to alter the way a computer or a network operates. It requires an active host program or an already infected system to run and cause damage by infecting others executable files and documents. Viruses can vary widely in their objective. Its intent are purely destructive i.e destroy the files. It can also slow down the performance of a system. Some viruses are non destructive i.e latent viruses.
A worm is self replicating and self propagating. A worm is more advanced than viruses.
Fight against viruses & worms
- Use antivirus & anti malware products
- Restrict use of flash drives because it can spread via these drives.
- Scan Email attachments
Trojans: A very powerful malware often disguised as legitimate software. Very sophisticated and could be anything e.g game, song or even an app. A trojan can’t self replicate. There are majorly four types of trojans
- Backdoor Trojan: Allows a user unauthorized access to a system in order to control it.
- Infostealer Trojan: Steals data from the infected computer. It could be steal critical information like password, address etc.
- Trojan downloader: Can download and install new version of malware onto a system.
- Trojan DDoS: Can conduct denial of service attacks against websites.
Fight against Trojans
- Using anti malware products
- Run update when available.
- Download files from only trusted websites.
Adware & Spyware
Adware: A program that displays unwanted banner advertisements. Often bundled within software that is installed. Adware is included to recover development costs or provide the product for free. Some adware can hijack your browser start or search pages.
Spyware: It can track web usage. It monitors computer and internet use. E.g keyloggers that can record keystrokes or take screenshots. Data is sent to hackers or advertising agencies.
Fight against adware & spyware
- Think twice about installing free software.
- Use spyware scanners.
Ransomware
- You have been locked out until you pay for your cyber crime.
- Can prevent you from using your PC or even encrypted files.
- Can spread to other PCs and turn them to botnets.
- Target anyone and everyone. It doesn’t care that you are a hospital, banks, a private business or individual.
- Often requests payments in bitcoins or crypto currency because they can’t be tracked.
- Numerous variants exist and more are produced very quickly. It is more difficult for the cyber security experts to keep track of all the different forms of this malware.
- It infects computer through emails link and downloads.
“WannaCry – May 2017 infected over 200,000 computers over 150 countries. Used a vulnerability in Windows operating systemâ€
“TorrentLocker – Early 2014 encrypted files and relied on spam emails for distribution. Used geographical targeting.â€
“Locky - Feb 2016 extorted $17,000 from a hospital in Hollywood. Continues to spread over world.â€
“CTB Locker – Early 2014 includes multilingual capabilities and is one of the first ransomware to be sold as a service in underground forums.â€
Fight against ransomware
- Data backups
- Turn off external applications like dropbox.
- Run updates including browser addons
- Never open spam emails or click suspicious links.
- Use antivirus
Rootkits: The burglar hiding in the attic. Hardest malware of all the detest and remove. It allows viruses and others malware to “hide in plain sight†by disguising them as real essential files. They are activated even before the operating system boots up. Recommended solutions will be to wipe out the hard drive. There is no software which and guarantee that it is 100% removed from your system. The safest way to use new hard drive.
Browser Hijacker: Hijacks the victim’s browser. It can redirect victims to specific pages. Intention is to make money by feeding ads to the victim. Most are developed by advertisers looking to track usage habits.
Rogue Security Software: Pretends to be a good program to remove malware but is in fact a malware itself. Very often will turn off any real security software available. Gotten from websites offering better security. The safest way to protect only to install software from known vendors.
Antivirus
Anti-virus is used to protect a computer from malware. Anti-virus detects malware by signature i.e pattern of data that is known to be related to already identified malware. Now take a look at this image right here.
you can see at the left side in image there is a dictionary file or a database where the anti-virus has all the code of all previously identified viruses.
So basically the anti-virus would COMPERE The source code of the file to what it has in its dictionary. If there is a match that means that file has a valid say if there is no match then it means that the file is possibly a legitimate file.
The other way would be for the antivirus to employ something called a huge stick method where the anti-virus is able to predict that a file is malicious by simply stored in its beak.
Anti-Viruses can also use Heuristic methods i.e predicting a file is malicious by studying its behaviour.
Sandbox Testing – the file is allowed to run in a controlled virtual system to see what it does.
The downside here is that there is a possibility of something called a false positive a very very popular terminology in the world of security a false positive means illegitimate program was wrongly classified as a malware.
So there is a tendency for antivirals to wrongly predict the legitimacy of a program. However this really happens most of the time when it was detected through humoristic methods. It's very often correct one should take note of that.
Antivirus Operation
- On access scanning – The antivirus checks every file or program that is opend.
- Full system scan – a memory, hard disk
- Polymorphic virus – A virus that morphs or changes its code making it very difficult to be detected.
- Now a days, many anti-virus system is able to detect such kind of viruses.