Networking Concepts and

Cybersecurity

Threats & Attacks

 What is Threat ?
A Threat is a possible security violation that might exploit
the vulnerability of a system or asset. The origin of threat
may be accidental, environmental (natural disaster),
human negligence or human failure. Difference types of
security threats are interruption, interception, fabrication
and modification.
 Top 10 types of information security Threat
1. Insider threats
An insider threat occurs when individuals close to an organization
who have authorized access to its network intentionally or
unintentionally misuse that access to negatively affect the
organization's critical data or systems.
• 2. Viruses and Worms
• Viruses and worms are malicious software programs (malware) aimed at
destroying an organization's systems, data and network. A computer virus is
a malicious code that replicates by copying itself to another program, system
or host file. It remains dormant until someone knowingly or inadvertently
activates it, spreading the infection without the knowledge or permission of a
user or system administration.
• A computer worm is a self-replicating program that doesn't have to copy
itself to a host program or require human interaction to spread. Its main
function is to infect other computers while remaining active on the infected
system. Worms often spread using parts of an operating system that are
automatic and invisible to the user. Once a worm enters a system, it
immediately starts replicating itself, infecting computers and networks that
aren't adequately protected.
3. Botnets
• A botnet is a collection of Internet-connected devices, including PCs, mobile
devices, servers and IoT devices that are infected and remotely controlled
by a common type of malware. Typically, the botnet malware searches for
vulnerable devices across the internet. The goal of the threat actor creating
a botnet is to infect as many connected devices as possible, using the
computing power and resources of those devices for automated tasks that
generally remain hidden to the users of the devices. The threat actors --
often cybercriminals -- that control these botnets use them to send email
spam, engage in click fraud campaigns and generate malicious traffic for
distributed denial-of-service attacks.
4. Drive-by download attacks
In a drive-by download attack, malicious code is downloaded from a
website via a browser, application or integrated operating system without a
user's permission or knowledge. A user doesn't have to click on anything
to activate the download. Just accessing or browsing a website can start a
download. Cybercriminals can use drive-by downloads to inject
banking Trojans, steal and collect personal information as well as
introduce exploit kits or other malware to endpoints.
5. Phishing attacks
• Phishing attacks are a type of information security threat that employs social
engineering to trick users into breaking normal security practices and giving
up confidential information, including names, addresses, login credentials,
Social Security numbers, credit card information and other financial
information. In most cases, hackers send out fake emails that look as if
they're coming from legitimate sources, such as financial institutions, eBay,
PayPal -- and even friends and colleagues.
• In phishing attacks, hackers attempt to get users to take some
recommended action, such as clicking on links in emails that take them to
fraudulent websites that ask for personal information or install malware on
their devices. Opening attachments in emails can also install malware on
users' devices that are designed to harvest sensitive information, send out
emails to their contacts or provide remote access to their devices.
• 6. Distributed denial-of-service (DDoS) attacks
In a distributed denial-of-service (DDoS) attack, multiple
compromised machines attack a target, such as a server, website
or other network resource, making the target totally inoperable.
The flood of connection requests, incoming messages or
malformed packets forces the target system to slow down or to
crash and shut down, denying service to legitimate users or
systems.
7. Ransomware
In a ransomware attack, the victim's computer is locked, typically
by encryption, which keeps the victim from using the device or
data that's stored on it. To regain access to the device or data, the
victim has to pay the hacker a ransom, typically in a virtual
currency such as Bitcoin. Ransomware can be spread via
malicious email attachments, infected software apps, infected
external storage devices and compromised websites
8. Exploit kits
An exploit kit is a programming tool that enables a person without
any experience writing software code to create, customize and
distribute malware. Exploit kits are known by a variety of names,
including infection kit, crimeware kit, DIY attack kit and malware
toolkit. Cybercriminals use these toolkits to attack system
vulnerabilities to distribute malware or engage in other malicious
activities, such as stealing corporate data, launching denial of
service attacks or building botnets.
9. Advanced persistent threat attacks
• An advanced persistent threat (APT) is a targeted cyberattack
in which an unauthorized intruder penetrates a network and
remains undetected for an extended period of time. Rather than
causing damage to a system or network, the goal of an APT
attack is to monitor network activity and steal information to
gain access, including exploit kits and malware. Cybercriminals
typically use APT attacks to target high-value targets, such as
large enterprises and nation-states, stealing data over a long
period.
10. Malvertising
• Malvertising is a technique cybercriminals use to inject malicious code into
legitimate online advertising networks and web pages. This code typically
redirects users to malicious websites or installs malware on their computers
or mobile devices. Users' machines may get infected even if they don't click
on anything to start the download. Cybercriminals may use malvertising to
deploy a variety of moneymaking malware, including cryptomining scripts,
ransomware and banking Trojans.
• Some of the websites of well-known companies, including Spotify, The New
York Times and the London Stock Exchange, have inadvertently displayed
malicious ads, putting users at risk.
 What is Attack ?

Attack is an deliberate unauthorized action on a system or

asset. Attack can be classified as active and passive attack.
An attack will have a motive and will follow a method when
opportunity arise.
 Attacks

Two attack types:

• Active attack: Attempts to alter system

resources or affect its operations.

• Passive attack: Attempts to learn or make use

of information from the system but does not
affect system resources.
 Attacks

Based on the origin of an attack:

o Inside attack - is carried out by an entity

inside the security perimeter.

o Outside attack - is performed by an

unauthorized user.
 Vulnerabilities

• Vulnerabilities of system resources is a

system, network or device weakness that could
be exploited to violate the system’s security .
When the resource is corrupted violate Integrity
When the resource is leaky violate Confidentiality
When the resource is unavailable violate Availability
 Threats and Attacks
• Four kinds of threats and their types of attacks
1) Unauthorized disclosure: a threat to system confidentiality
Types of Attacks:
• Exposure. The attacker obtains unauthorized knowledge of
sensitive data.
• Interception. The attacker gain access to data being
transmitted. - A common attack in communication network
• Inference. The attacker gains information from analyzing the
pattern of traffic in a network
• Intrusion. The attacker gains unauthorized access to data.
Probably after breaking the system’s access control protection
 Threats and Attacks

2) Deception: a threat to system or data integrity

Types of Attacks:
• Masquerade. The attacker accesses to the system acting as
an authorized user. – the attacker may have the login name
and password.
• Falsification. The attacker modifies or replaces valid data or
produces false data
• Repudiation. The attacker denies – sending the data,
– receiving the data or
– Possessing the data
 Threats and Attacks

3) Disruption: a threat to system availability and integrity

• Types of Attacks:
• Incapacitation. An attack on system availability by destructing
or damaging system resources (e.g., hardware) and their
services.
• Corruption. An attack to system integrity such that the system
resources or services operate in an unintended manner. – This
can be done by a malware or an attacker that modifies system
function
• Obstruction. An attack to system availability by interfering,
altering, or overloading communication functions
 Threats and Attacks

4) Usurpation: a threat to system integrity

Types of Attacks:
• Misappropriation. An unauthorized software uses the OS and
hardware resources – E.g., DoS attack that steals system
services
• Misuse. Disabling security functions, can be by the following
means: – malicious logic, or
– an attacker that gains access to the system
 Malware Terminology

• Virus
• Worm
• Logic bomb
• Trojan horse
• Backdoor (trapdoor)
• Mobile code
• Auto-rooter Kit (virus generator)
• Spammer and Flooder programs
• Keyloggers
• Rootkit
• Zombie, bot
 Attack on Confidentiality

• Confidentiality is concealment of
information
Eavesdropping,
packet sniffing,
illegal copying

network
 Attack on Integrity

• Integrity is prevention of unauthorized

changes
Intercept messages,
tamper, release again

network
 Attack on Availability

• Availability is ability to use information or

resources desired
Overwhelm or crash servers,
disrupt infrastructure

network
 Attack on Authenticity

• Authenticity is identification and assurance

of origin of information
Unauthorized assumption of
another’s identity

network
 Non-repudiation

• Sender will deny sending the message

network
 So, is security that important?

• Every day, all over the world, computer networks and hosts are
being broken into.

• The level of sophistication of these attacks varies widely.

• It is generally believed that most break-ins succeed due to weak

passwords, there are still a large number of intrusions that use
more advanced techniques to break in.

• Less is known about the latter types of break-ins, because by their

very nature they are much harder to detect.
 It is happening everywhere!

• 90% of large organizations reported

that they had suffered a security
breach, up from 81% in 2014.

• The incidence of hacking, and

associated financial loss, is far
greater than what has been reported
in the media.

• The majority of hacking incidents are

covered up to protect reputation.
• Even if companies call in
investigators once they suspect their
systems have been infiltrated, they
are extremely reluctant for any
external parties to be aware of how
much damage has really been
caused.
 Statistics

• Fortune 1,000 companies lost more than $45

billion from the theft of proprietary information in
2002

• The majority of those hacking incidents hit tech

companies.

• 67 individual attacks with average theft of $15

million in losses.

• The reported damage estimate from the

LoveLetter virus is as much as $10 Billion.

• The reported damage estimate from the

Melissa virus was $385 Million.

• Including hard and soft dollar figures, the

true cost of virus disasters is between
$100,000 and $1 Million per company.
From ICSA.Net, 23 October 2000, http://www.securitystats.com/reports.asp , Computer Virus Prevalence Survey
 Threats to Data
• Threats to data come from many different
sources:
– Insiders
– Hackers/Crackers
– Industrial Espionage
– malicious code.

• Insiders pose the greatest threat to your data

because they have special knowledge of your
environment.

• Hackers/Crackers may break into your

systems to simply explore the infrastructure
and the systems connected to it or may hack
in for malicious reasons.

• Industrial espionage involves obtaining

confidential data from corporations or
government agencies for the benefit of a
competing organization.
TYPES OF ATTACKS
 Eavesdropping

This is the process of listening in or overhearing parts of a

conversation. It also includes attackers listening in on your
network traffic.

Example:
This is generally a passive attack, for example, a coworker
may overhear your dinner plans because your speaker
phone is set too loud. The opportunity to overhear a
conversation is coupled with the carelessness of the parties
in the conversation. Humm! Now I know what
you are doing in your room!
 Snooping

This is when someone looks through your files in the hopes

of finding something interesting whether it is electronic or on
paper.

Example:
People might inspect your dumpster, recycling bins, or
even your file cabinets; they can look under your
keyboard for post-It-notes, or look for scraps of paper
tracked to your bulletin board. Computer snooping on
the other hand, involves someone searching through
your electronic files trying to find something interesting.
 Interception

This can be either an active or passive process. In a

networked environment, a passive interception might involve
someone who routinely monitors network traffic. Active
interception might include putting a computer system
between sender and receiver to capture information as it is
sent.
Example:
Spy is captured and tortured for
information.
Stocker observes where the celebrity
is going and coming from, and use it
for malicious purpose.
 Modification Attacks

This involves the deletion, insertion, or alteration of

information in an unauthorized manner that is intended to
appear genuine to the user. These attacks can be very hard
to detect.

Example:
Change grades in a class, alter credit card
records, or something similar. Website
defacements are a common form of
modification attacks.
 Denial of Service Attacks

These attacks prevent access to resources to users

authorized to use those resources.

Example:
Stuck door!
An attacker may try to bring down an e-commerce website to
prevent or deny usage by legitimate customers. DoS attacks
are common on the internet, where they have hit large
companies such as Amazon, Microsoft, and AT&T. These
attacks are often widely publicized in the media. Several
types of attacks can occur in this category.
 Distributed Denial of Service Attacks

These attacks prevent access to resources to users

authorized to use those resources.

Example:
This is similar to a DoS attack.
This type of attack amplifies the
concepts of DoS attacks by using
multiple computer systems to
conduct the attack against a single
organization.
 Backdoor Attacks

This can have two different meanings, the original term back
door referred to troubleshooting and developer hooks into
systems. During the development of a complicated operating
system or application, programmers add back doors or
maintenance hooks. These back doors allow them to
examine operations inside the code while the program is
running. The second type of back door refers to gaining
access to a network and inserting a program or utility that
creates an entrance for an attacker.

Example:
Viruses that gain access to your OS or software
 Spoofing

This is an attempt by someone or something to masquerade

as someone else. This type of attack is usually considered as
an access attack. The most popular spoofing attacks today
are IP spoofing and DNS spoofing. The goal of IP spoofing is
to make the data look like it came from a trusted host when it
really didn't.

Example:
Viruses that gain access to your OS or software
 Man-in-the-Middle Attack

This involves placing a piece of software (or person) between

a server and the user that neither the server administrators
nor the user are aware of.

Example:
Software (or a person) intercepts data and then send the
information to the server as if nothing is wrong. The server
responds back to the software, thinking it's communicating
with the legitimate client. The attacking software continues
sending information to the server and so forth.
 Replay Attacks

This occur when information is captured over a network and

re-used for malicious purposes. Replay attacks are used for
access or modification to data.

Example:
In a distributed environment, logon and password information
is sent over the network between the client and the
authentication system. The attacker can capture this
information and replay it later.
 Password Attacks

The password is hacked by some means by an unauthorized

person.

Example:
1.Dictionary Attack
2.Brute Force Attack
3.Shoulder Surfing
4.Social Engineering
5.Hacking Software
 Password Security

• Top 10 most used passwords

 Password Security

• Password policy
• Passphrase
 Password Security

• Best practices
• Don’t use dictionary words or names in any form in passwords
• A strong password must be at least 12 characters long.
• It should not contain any of your personal information—
specifically your real name, user name, or even your company
name.
• It must be very unique from your previously used passwords.
• It should contain characters from the four primary categories,
including: uppercase letters, lowercase letters, numbers, and
special characters.
 Shoulder Surfing…

• Shoulder Surfing can provide an individual with hostile intentions a

great deal of information.
• Passwords, personal information, and even proprietary corporate
information can be obtained by this method
• How do we prevent such attacks?
• How to provide adequate measures even if someone has looked
over your shoulder?
47
Preventing Shoulder Surfing Attack

48
 Countermeasures

• means used to deal with security attacks

– prevent
– detect
– recover
• may result in new vulnerabilities
• will have residual vulnerability
• goal is to minimize risk given constraints