Attacks: types and what you need to know about them

When one is using the internet, he must know that there is no one in the cyber world who is secured and would not get attacked by any of the hackers. There are always some malicious attacks which are done on the people even randomly, hoping to gather some information about them which can lead the hackers to have their hands on some privileged information which they can use in the future. Here are some attacks which are quite famous and are used by the hackers;



Man-in-the-middle:

This attack is often known as the MiM as well. This is the type of attack in which some individual connections are made with the victims. Also, the messages are replayed between the and hence it is made sure that one is talking to the other person directly through some private connection. But the truth is, in this case, all the information is actually controlled by the hacker. The hacker can actually intercept the entire message which go on among two victims and can inject some new ones as well. Here the attacker can impersonate himself too to both end points for the satisfaction of the other one.



DDoS

One must know, that this attack means the distributed denial of service attack. This is the type of attack where many systems are first infected with the Trojans and then they are used to target one sole system and this cases the DDoS. The victims of this attack are the both of the ends and they systems which are involved are used maliciously and hence are also controlled by the hackers. Also, during this attack, the incoming which is used for the flooding of victim's system are used from many of the sources.



DoS

This attack is basically an attempt which is made so that some computer doesn't get available to the user. The ways through which this specific attack is done, can change. But they all contain the efforts for the permanent or temporary interruption of the services of some host who is connected to the internet. These threats are pretty much common in the business world and they are sometimes also responsible for some websites attacks as well.



Replay

This is the type of attack which is also known as the playback attack. Here, the data transmission which is valid is repeated or delayed fraudulently or maliciously. This thing is actually done by some adversary or the originator who can intercept the data and can retransmit it. To get rid of this problem, there is a technique which is vastly implemented in the banking sector. That is, the usage of only one time passwords. As the name suggests, there is a password hitch is allocated to the client and it stays valid for short period of time. Hence the chances of fraud and the data delay are ignored. Also, the time stamping is the other technique which is used for prevention of the attacks. When the secured protocol is achieved once, then the sync should be done.



Smurf attack

SMURF attack can be done on some simple client too. When this is performed, one can be infected through various ways like one can be the victim or the target of that specific attack. He can be on the network which has been used for abusing and amplifying the attack. This attack can done some very serious damages to the network services. They can be done to the individual users or some corporates as well. In these function one of the important element is the directed broadcast. So if one wants to ignore this attack and want to be date, then he should simply turn off the directed broad cast and it can help a lot. Hence the ports of routers can be closed so that none of the networks can get abused in this way. There is also a component which is important for this kind of attack. This is that attacks have to make some packets get injected in the network with some foraged IP address. There are some functions in the routers which can help getting rid of it by simple preventing that forgery of the IP. Hence this will help one prevent those SMURF attacks from being launched.



Spoofing

This technique is very common one. Here one can simply act like one he isn't and then can have access to all the data which he isn't authorized to have access to. This technique is very common these days. The spoofing has got many types and some of them are GPS spoofing, TCP spoofing, email spoofing etc. The email spoofing is the very common one that we see every day. There is from field in the emails which shows from where the emails are coming from. One can easily hide the and hence these spammers hide the source through which they are sending so many emails. The spoofing of the email address is done in pretty much the same way as it is done through the snail mail. The GPS spoofing is another interesting kind of it. It is the attack attempt which is done to deceive some GPS receiver.



Spam

The email spamming is basically an electronic version of some junk emails. It includes the sending of the unwanted message and they normally contain some unsolicited advertisements. They are sent to the receipt ants that are large in number. It is a very serious thing and is something to be compered about as this method can even be utilized for the delivery of Trojans, dares, viruses etc. There are some symptoms too through which one cane easily recognize whether the email is spam or not. Like one of them is, in the TO box, there won't be the email address of the receiver and it might be empty. Some of those emails may contain some really bad language and the websites which won't have any good content. So if someone gets these problems, he can do some measures to prevent it. Like, he can actually use some spam filtering software's and hence he can block the spams. Also, when he suspects that the email is spam, he can simply report it. Also, deleting it is the good option. Also, the messages which are sent from those who are not in the friends list should not be replied to. The anti-virus and the other security patches which are used by one should be kept updated time by time.



Phishing

This attack is basically done to get some of the sensitive information which can be the passwords. usernames etc. the technique is pretty simple one. It involves the method in which a person is sent email. He opens it up and then opens the link to some website, which might be to the social networking site. When he enters his credentials, the data goes to the hacker. The reason why one would put his credentials is that the website given looks too much like the real website and many people can't even differentiate among the real one and the fake one. Hence one should always be aware of this fact and should check whether the URL is correct or not.



Spam

This attack is also one of the dangerous ones. But most probably one won't know the name of this attack since it is not used that commonly. One might not be able to find the adequate data about it either.



Vising

Vising is actually the combination of two words which are voice and phishing. It is the tool of social engineering which includes some telephonic system. Through this the private and the personal information can be gained. The hackers first get the truth of public in the telephone services and then the physical location is said to be in the telephone company and is as associated to bill payer. This technique is most commonly used to steal one's important information like credit card numbers.



Spear phishing

This technique is the kind of phishing. It is specially targeted at the organization and is done to get some access to the data which they are not supposed to get. This technique is difficult one and can fool someone more easily than the normal better since the source which is shown, comes from some trusted party. This is the spoofing Email attempt which is fraudulent and should be dealt with strictly.



Xmas attack

Some firewalls which are stateless check the security policies which have the SYN flags on them. The attack's packets don't have the Seen on so they can get passed through security easily and hence one can become their victim.



Pharming

This is the type of attack which one can see quite easily. It is done so that the traffic of one website can be taken to another. It can be done by changing the host files on the computer of victim or even some DNS server's software's.



Privilege escalation

When there is some bug in the OS and it is default, then it can lead to this attack which can cause in the change of resources present at the system.



Malicious insider threat

This threat is typically a threat which an organization has to face internally. They come from those people who work in that organization.



DNS poisoning and ARP poisoning

One must know that the ARP and the DNS both can get infected so one should always install some antivirus to get rid of theme easily.



Transitive access

This technique involves the method that the victim's trust is gained and then the attack is gained so the security can be bypassed.



Client-side attacks

These are the attacks which get interacted with some server malicious data. If the client interacts with the serer, he would be at risk.



Password attacks

Here are some passwords attacks which are in the fashion these days;


Brute force

This attack can be used whenever the data is encrypted and the weak point in the encryption is targeted so that the access to some unauthorized data can be gained.


Dictionary attacks

This is the attack technique which is used for defeating the authentication mechanism. It is done by determining the passphrases and many of the possibilities are tried in order to break into it.


Hybrid

As the name suggests, one must know that this technique is the mixture of one or more types of attacks and it can be pretty dangerous as well.


Birthday attacks

This attack is the type of an attack which can exploit some maths in the probability theory. It is used for abusing the commination among some parties and there are some random attacks attempts made.


Rainbow tables

This attack involves the playing with some table. There is the table which is defined for the hackers by the hackers and they use it in order to get some access to the personal information that one can hold in his computer. This table is the pre computed one and it is sued for the hashes of passwords cracking's. It means the conversion of some plain password to some certain length and the limits characters set.



Typo squatting/URL hijacking

This technique is also known as the fake URL technique or the URL highjack. They depend of the mistakes which are made by users while putting the URL into the web browser. One might put any incorrect URL which can open up a new website.



Watering hole attack

This method includes the targeting of the sites which are most commonly visited by the targets which one is interested in. the hacker's just compromise the HTLM or the java Script so that the malicious codes can be inserted.


Hence, one would see there are many attacks types which exist and they are different in nature. So, one should know about them all so that they can make some good defence. Normally, staying aware of them and having some good antiviruses can do the trick.


VCE Exam Simulator Free DemoVCE Exam Simulator Free Demo
Read about VCE Exam Simulator
Download VCE Exam Simulator
Prep4sure - Professional IT Certification Training
BrainDumps - Get Real Exam Questions
Actual Tests - Lifetime Access to IT Exams

Site Search:

Close

Close
May Special! 25% Off

ExamCollection PREMIUM

Get Unlimited Access to all ExamCollection's PREMIUM files!



Enter Your Email Address to Receive Your 25% Off Discount Code

A Confirmation Link will be sent to this email address to verify your login

We value your privacy.
We will not rent or sell your email address

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.