Cyber Attack - Methods [Digital World]

Most common types of hacking

Cyber Attack - Methods [Digital World]

• Denial-of-Service Attack (DoS)

- A denial of service attack is a special type of attack that aims to hack large sites. This type of network attack is designed to shut down a network by sending large amounts of junk traffic. The service is denied when a system such as a web server is overloaded with illegitimate requests and thus does not allow it to respond to legitimate requests

• Distributed-Denial-of-Service (DDoS)

- DDoS attack occurs when several broken systems or several hackers simultaneously make many requests to the server and block the service with pointless traffic. During DDoS, a hacker must first gain access to a large number of Internet hosts. It then installs an attack program on these hosts, which quietly awaits command from the control program, which has the ability to communicate with the program installed on all hosts, indicate the target of the attack, and simultaneously launch the attack on that target. The resulting coordinated attack is particularly damaging as it comes from many hosts at once. Routers have an access filter that can filter DoS attack even in small volumes, so DDoS is one of the simplest and most popular type of attack

• Buffer overflow

- is when a hacker sends more data into the app than he expects. A buffer overflow attack typically triggers a situation where an attacker gains administrative rights to a shell

• Smurf - Attack

- During this attack the attacker sends IP ping requests to the receiving site. The ping packet indicates that it is directed to multiple hosts inside the system. The package also states that it is a request from any other site that is the target of a denial of service attack. As a result of the attack, the target site will receive a large number of responses, which it will not be able to process properly, and if it receives enough responses, the host will be able to go out of order and not receive real traffic

• SYN floods - synchronous

- When a computer connects to another computer, TCP / SYN and TCP / ACK information packets are usually exchanged with the server. The computer requesting the connection (client or user computer) sends the TCP / SYN packet, which sends the connection request to the server. If the server is ready to establish a connection, it sends the TCP / SYN-ACK package back to the client with the answer "Yes, connection is possible", reserves the place for the connection and waits for the client's TCP / ACK package. In SYN flood, the client address is changed so that the server sends the TCP / SYN-ACK packet to the client, but the magic message is not received because the client does not exist or is not waiting for any message and ignores the sent packet. This leaves the server with a dead connection secured for a client response that in turn will never come. Typically, this operation is used many times to allow the server to reserve space for all of these connections, and when there is no space left to reserve the connection, legitimate clients will not be able to establish new connections

• Exploit attack

- During this attack, the hacker knows about a security issue in the operating system or software and uses this issue to hack the system

• Trojan - Trojans

- These programs look like normal software but actually perform unintended or attacker actions at startup. Remote control spyware programs are mostly of this type. The number of trojan use techniques is limited only by the attacker's imagination. The infected file appears to be the same size as the actual file. The only effective protection is the timely use of a cryptographic sum or binary digital signature

• Bruteforce Attack

- During this attack, the hacker tries to crack the passwords stored in the network accounts database or in the encrypted file. There are three main types of this attack: lexical attack, brute-force attack, and hybrid attack. A dictionary attack uses a list of words in a file that contains supposed passwords. During a brute-force attack, a hacker tries to find the correct password by combining all possible symbols

• SQL injection

- During the injection, the hacker enters the code in the SQL request of the server database. The code corrupts any field in the site whose data must be stored in the database. Successful SQL injection can read important information from a database, modify database data, perform administrative operations on a database (e.g. DBMS shutdown), understand the contents of DBMS file system files, and in some cases execute commands in the operating system

• Key Logging

- In this method, the program stores in the specified file, host or server all the keystrokes typed on the victim's computer and installed by a secret attacker, which is difficult to see

• Passive Attack - Passive Attack

- During a passive attack, unprotected network traffic is monitored to find and remove passwords and information that may be used to carry out other types of attacks. Passive attacks include traffic analysis, monitoring of unsecured communications, decrypting weakly encrypted traffic, and obtaining authentication information such as passwords or email addresses. Passive attack of network operations allows opponents to see future actions. A passive attack causes the disclosure of information or data files without the consent or knowledge of the user

• Active Attack - Active Attack

- During an active attack, a hacker tries to attack a protected system. This can be done by stealth, viruses, worms or using Trojan horses. These attacks are aimed at the backbone of the network and try to use transit information or remotely attack an authorized user. An active attack causes the disclosure or distribution of data files, the DoS increase, or the modification of data

• Distributed Attack - Distributed Attack

- In a distributed attack, a hacker must offer the system some code, such as a Trojan hourse or back-door program, in such a way that the system considers this code secure and then distributes it among other companies and users. Distributed attacks also focus on damaging hardware or software modifications at the factory or during distribution. Malicious code is then used to gain unauthorized access to information or system functions

• Attack with Insider

- During an insider attack, a company employee attacks the system. the insider may or may not be harmful. The malicious insider knowingly intercepts, steals or damages the information, uses it illegally or blocks other authorized users. Non-harmful attacks often occur due to negligence, ignorance or lack of safety during the execution of the task

• Close-in Attack

- In a close-in attack, a hacker tries to physically approach network components, data, and systems to learn more about the network. During this attack, it must approach systems and data centers to modify, compile, or block access to information

• Social Engineer - Social Engineering

- One of the most popular attacks is social engineering, in which a hacker gains access to information systems through fraudulent personal communication, e-mail, or telephone conversations. The main idea of ​​social engineering is to put a person in a network disruption cycle and use it as a tool. The information provided by the victim can be used for further attack and to gain access to the system. The user is always referred to as the weakest link in network security

• phishing - attack

- During a phishing attack, a hacker creates a fake web page that looks exactly like a real popular site, such as the first page of facebook. The hacker then sends the user an email with a link to this fake page. When a user goes to this site and enters personal information, the hacker will gain access to this information and try to use the real site

• Sniffing - Sniffing

- Network packet sniffing is the listening and retrieval of data packets leaving the network. The sniper program works on the Ethernet level of the network and receives all incoming and outgoing traffic. If the Ethernet card is in search mode, the sniper program will get more information from the traffic. A sniper rifle mounted on a network backup device or network aggregation patch is capable of monitoring total network traffic. Most snipers are passive, they passively listen to the incoming and outgoing data packets in the device's network interface. There are many snippet programs on the internet. A more sophisticated of them allows for a more active attack. The best protection against sniffing is to encrypt end-to-end or user-to-user traffic

• Man in the middle attack

- This technique exploits vulnerabilities in the TCP / IP protocol architecture. Passion occurs when someone interferes and controls your communication process. When computers communicate at low network levels, they may not be able to correctly identify who they are exchanging data with. You think you are talking to the original partner, but in reality all the personal information is seen by the hacker

• Spoof attack - spoofing

- During the attack, the hacker changes the source address of the sent data packets so that the packets appear as sent from another source. This could be an attempt to bypass firewall rules. All devices connected to the network must send IP addresses to the network. Such Internet data packets store the sender's IP address and application-level data. If the hacker takes control of the software running on the network, he will be able to easily modify the device protocols to place an arbitrary IP address in the address field of the data source. This technique is known as IP spoofing, which can change the address of all packet sources to any other address. Modified source IP address in the package It is difficult to determine who actually sent the data. Spoofing protection is address filtering. All routers can do this. Routers check the scripts received from the IP address and determine whether the addresses are among the addresses that are accessible through the interface. If the source address is not allowed in the sender's packet from space, then such packets are blocked by the router