MARYAM KHALIL 01-135202-037 BSIT-4A

3Bahria University, Islamabad Campus

Department of Computer Sciences
Information Security
Assignment-2
(Spring-2022 Semester)

Course: Information Security Date: 12-04-2022

Summited Date: 19-04-2022
Faculty’s Name: Dr. Kashif Naseer Qureshi Max Marks: 10

Q. No. 1. Explain all the cyber-attacks given in below Figure with proper example and details.
(Note: Write ion your own words, assignment should plagiarism free and same assignments will
be mark 0)

SOCIAL ENGINEEERING ATTACKS

Social engineering is a manipulation technique that exploits human error to gain
private information, access, or valuables. Attacks can happen online, in-person, and
via other interactions. Once an attacker understands what motivates a user's
actions, they can deceive and manipulate the user effectively.

EXAMPLE
$100 Million Google and Facebook Spear Phishing Scam.
Persuasive email phishing attack imitates US Department of Labor.
Russian hacking group targets Ukraine with spear phishing.

PHISHING
Phishing is the most common type of social engineering attack. There are at least
six different sub-categories of phishing attacks. Phishers invest varying amounts of
time into crafting their attacks. Therefore, there are so many phishing messages
with spelling and grammar errors. Phishing attacks are targeted in one of two ways.
Mass phishing or spear phishing is a widespread attack aimed at many users.
Whaling attacks specifically aim at high-value targets like celebrities, upper
MARYAM KHALIL 01-135202-037 BSIT-4A
management, and government officials. These attacks are non-personalized and try
to catch any unsuspecting person.

EXAMPLE
A recent phishing campaign used LinkedIn branding to trick job hunters into
thinking that people at well-known companies like American Express and CVS
CarPoint had sent them a message or looked them up using the social network,
wrote threat post. If they clicked on the email links, recipients found themselves
redirected to pages designed to steal their LinkedIn credentials.

BATING
Baiting abuses your natural curiosity to coax you into exposing yourself to an
attacker. Typically, potential for something free or exclusive is the manipulation
used to exploit you. The attack usually involves infecting you with malware. Baiting
attacks may leverage the offer of free music or movie downloads to trick users into
handing their login credentials. Alternatively, they can try to exploit human curiosity
via the use of physical media. Back in July 2018, Cryptosecurity reported on an
attack targeting state and local government agencies.

EXAMPLE
USB drives left in public spaces, like libraries and parking lots.
Email attachments including details on a free offer, or fraudulent free software.

QUID-PRO QUO
Like baiting, quid pro quo attacks promise something in exchange for information.
One of the most common types is when fraudsters impersonate the U.S. Social
Security Administration. Earlier attacks have shown that office workers are more
than willing to give away their passwords for a cheap pen. The exploit comes from
getting you excited for something valuable that comes with a low investment on
your end. However, the attacker simply takes your data with no reward for you.

EXAMPLE
exploiting a target’s greed, sometimes attackers don’t offer something of extrinsic
value. Rather, they hold victim’s hostage with information.
If an attacker has information on the target or the target’s company, they may
threaten to release it publicly or to the wrong person. Attackers use this tactic to make
demands.
“I have precious company information. Give me your user account information or I’ll
make it publicly available.”
Even if this claim is false, the individual wouldn’t know it, so the hackers usually try
sounding confident and avoid giving out more details than needed.

PHONE-PHISHING
MARYAM KHALIL 01-135202-037 BSIT-4A
Vishing has the same purpose as other types of phishing attacks. The attackers are
still after your sensitive personal or corporate information. This attack is
accomplished through a voice call. Hence the “v” rather than the “ph.” in the name.
A common vishing attack includes a call from someone claiming to be a
representative from Microsoft. This person informs you that they’ve detected a
virus on your computer. You’re then asked to provide credit card details so the
attacker can install an updated version of anti-virus software on your computer.
The attacker now has your credit card information, and you have likely installed
malware on your computer.
The malware could contain anything from a banking Trojan to a bot (short for
robot). The banking Trojan watches your online activity to steal more details from
you – often your bank account information, including your password.
A bot is software designed to perform whatever tasks the hacker wants it to. It is
controlled by command and control (C&C) to mine for bitcoins, send spam, or
launch an attack as part of a distributed denial of service (DDoS) attack.

EXAMPLE
 The Fake Invoice Scam. Let's start with arguably the most popular phishing
template out there - the fake invoice technique.
 Email Account Upgrade Scam.
 Advance-fee Scam.
 Google Docs Scam.
 PayPal Scam.
 Message From HR Scam.
 Dropbox Scam.

EAVESDROPPING
Eavesdropping attacks happen when cyber criminals or attackers listen in to
network traffic traveling over computers, servers, mobile devices, and Internet of
Things (IoT) devices. Network eavesdropping, also known as network snooping or
sniffing, occurs when malicious actors exploit insecure or vulnerable networks to
read or steal data as it travels between two devices. Eavesdropping is most
common for wireless communication.

EXAMPLE
Wi-Fi access points are mostly unsafe and allow un-authorized person to take
advantage of them. The problem is that very few people understand the risk behind
these open networks. So, this technique helps the attackers to receive data packets
that have been transmitted through the Wi-Fi signals.

SPOOFING
Spoofing occurs when a cybercriminal disguises themselves as an individual,
business, or entity to commit malicious acts. Cyber criminals use various tactics to
spoof their identity, ranging from spoofed email addresses, websites, or phone
MARYAM KHALIL 01-135202-037 BSIT-4A
numbers. The goal of a spoofing scam is to steal from victims and damage their
reputation.

EXAMPLE
If the phone number displays without brackets () or dashes -. For example,
4567893543.
The caller ID is your phone number or looks very similar (e.g., one digit may differ).
The phone number or caller’s name are hidden.

DIRECT-ACCESS
Direct-access attack is an attack where a hacker can gain access to a computer and
be able to directly download data from it. They will be able to compromise security
by modifying that software and adding key loggers, worms, etc. Eavesdropping is
listening to a private conversation between hosts and network

EXAMPLE
A direct-access attack is simply gaining physical access to the targeted computer
system. This would enable the attacker to damage the hardware and software, to
install keyloggers, worms, viruses, and covert listening devices or to manually copy
sensitive information and data from the device. Example that deleting all the data
buy having direct access knowing your credentials

IDENTITY THEFT
Identity theft is probably the last thing you’d want to worry about, but perhaps you
should. Each year, millions of people around the world, many of them children and
minors, have their identity stolen. The rise of the internet, the wide distribution of
malicious software, and insufficient cybersecurity practices have all made identity
theft very easy to accomplish.

EXAMPLE
Between May and July 2017, hackers breached Equifax, one of the three major
credit reporting agencies in the United States. During that time, the personal
information of more than 143 million Americans was compromised, with at least a
few hundred thousand identities stolen.

In May 2015, hackers used the vulnerabilities in online software called “Get
Transcript” to breach the Internal Revenue Service (IRS). The IRS developed this
software to give taxpayers easy access to their credit history, but hackers used it to
steal more than 700,000 Social Security numbers.

REPUDIATION ATTACK
MARYAM KHALIL 01-135202-037 BSIT-4A
Repudiation is a process in which one cannot prove that a transaction took place
between two entities. The goal of the malicious attacker is to perform repudiation
when executing session layer attacks.
An attacker typically uses a repudiation attack when users are accessing web
information. Attackers like to use Java or ActiveX scripts, port-scanning utilities,
masquerading, and eavesdropping to carry out their repudiation attack.
It is one of the simplest forms of repudiation attacks is to use public e-mail systems
such as Hotmail, Yahoo, Mail, Gmail, etc. and others to generate garbage mail and
execute a DoS attack against a company's e-mail server.
In repudiation attack system and applications are unable to manage the control
logs properly and allows the malicious attacker to manipulate the identity and
actions of the user. The attacker logins through inappropriate data for accessing log
files by changing the authorized identifications. Thus, system logs need to be
secured effectively for the security of information and to find preceding actions.
In such cases repudiation attack acts as an important aspect where the user claims
that nothing has being done wrong regardless of whether done or not by him/her.
The system needs to ensure that the logs are secure and preserve while addressing
repudiation.

EXAMPLE

 Getting a free e-mail account from these systems is usually a simple

process, with little identity proof required.
 This makes it easy for a hacker to get an e-mail account and hide his
activities behind a cloud of anonymity.

MALWARE

Malware (short for “malicious software”) is a file or code, typically delivered over a
network, that infects, explores, steals or conducts virtually any behavior an attacker
wants. Ransomware is software that uses encryption to disable a target’s access
to its data until a ransom is paid. The victim organization is rendered partially or
totally unable to operate until it pays, but there is no guarantee that payment
will result in the necessary decryption key or that the decryption key provided
will function properly.

EXAMPLE

This year, the city of Baltimore was hit by a type of ransomware named  Robbin
Hood, which halted all city activities, including tax collection, property transfers,
and government email for weeks. This attack has cost the city more than $18
million so far, and costs continue to accrue. The same type of malware was used
against the city of Atlanta in 2018, resulting in costs of $17 million.

VIRUS
MARYAM KHALIL 01-135202-037 BSIT-4A
A computer virus is a malicious application or authored code used to perform
destructive activity on a device or local network. The code’s malicious activity could
damage the local file system, steal data, interrupt services, download additional
malware, or any other actions coded into the program by the malware author.
Many viruses pretend to be legitimate programs to trick users into executing them
on their device, delivering the computer virus payload.

EXAMPLE

The Melissa virus infected thousands of computers worldwide by the end of 1999.

The threat was spread by email, using a malicious Word attachment and a catchy
subject: “Important Message from (someone’s name)”.

Melissa is considered one of the earliest cases of social engineering in history. The

virus had the ability to spread automatically via email. Reports from that time say
that it infected many companies and people, causing losses estimated at USD 80
million.

SPYWARE

Spyware is any piece of malicious software that infects your computer and spies on
your personal data. These programs can record a wide range of personal
information – from search and browsing histories to login credentials and credit
card details. Read on to learn about the most famous examples of spyware attacks.

EXAMPLE

Cool Web Search – This program would take advantage of the security
vulnerabilities in Internet Explorer to hijack the browser, change the settings, and
send browsing data to its author. Gator – Usually bundled with file-sharing software
like Kazaa, this program would monitor the victim’s web surfing habits and use the
information to serve them with better-targeted ads.

WORMS

A worm virus is very similar and is often categorized as a sub-class of computer

virus. One main difference between the two is that a user must perform an action
for a virus to keep spreading, whereas a worm does not require human
intervention to spread. Once a worm enters your system, it sort of scouts the
environment looking for opportunities, such as emailing itself to everybody in your
contact list. So, the key differentiating characteristic of a worm virus is that it can
replicate itself, almost as though it were a biological virus.

EXAMPLE

The Morris Worm was launched in 1988 by Robert Morris, an American student
who wanted to discover how big the internet really was. To do this, he launched a
few dozen lines of code, but he didn’t know that the code was riddled with bugs
MARYAM KHALIL 01-135202-037 BSIT-4A
that would cause a variety of problems on affected hosts. The result was thousands
of overloaded computers running on UNIX and a financial damage ranging between
$10 million and $100 million.

The Storm Worm is an email worm launched in 2007. Victims would receive emails
with a fake news report about an unprecedented storm wave that had already
killed hundreds of people across Europe. More than 1.2 billion of these emails were
sent over the course of ten years in order to create a botnet that would target
popular websites. Experts believe that there are still at least a million infected
computers whose owners don’t know that they are part of a botnet.

ADWARE

Adware, also known as advertisement-supported software, generates revenue for

its developers by automatically generating adverts on your screen, usually within a
web browser. Adware is typically created for computers but can also be found on
mobile devices. Some forms of adware are highly manipulative and create an open
door for malicious programs.

EXAMPLE

Fireball made news in 2017 when a study ordered by an Israeli software company
found that more than 250 million computers and one-fifth of corporate networks
around the world were infected with it. Developed by Rotech, a Chinese digital
marketing agency, Fireball is a browser hijacker. It is bundled with other software
created by Rotech – including Mustang Browser and Deal Wi-Fi – and installed along
with these programs unbeknownst to the user. When it affects your computer, it
takes over your browser. It changes your homepage to a fake search engine (Trout)
and inserts obtrusive ads into any webpage you visit. To make matters worse, it
prevents you from modifying your browser settings. There’s still no proof that this
adware example does anything else besides hijacking your browser and flooding it
with ads. However, experts are worried that if Rotech decided to launch a cyber-
attack using Fireball, the consequences would be devastating simply based on the
number of infected systems worldwide.

ROOTKITS

A rootkit is a piece of software, or a collection of programs designed to give hackers

access to and control over a target device. Although most rootkits affect the
software and the operating system, some can also infect your computer’s hardware
and firmware. Read on to learn about the main types of rootkits and the best ways
to remove them.

EXAMPLE

In 2008, organized crime rings from China and Pakistan infected hundreds of credit
card swipers intended for the Western European market with firmware rootkits.
The rootkits were programmed to record the victims’ credit card info and send it all
directly to a server located in Pakistan. On the whole, the hackers behind this plot
MARYAM KHALIL 01-135202-037 BSIT-4A
managed to steal at least 10 million pounds by cloning credit cards and
withdrawing funds from the unsuspecting victims’ accounts.

KEY-LOGGER

A keylogger is a tool that hackers use to monitor and record the keystrokes you
make on your keyboard. Whether they’re installed on your operating system or
embedded into the hardware, some keyloggers can be very difficult to detect. Read
on to learn more about the most common types of keyloggers.

EXAMPLE

In 2016, a major survey conducted by a US-based cybersecurity firm revealed that

businesses from 18 countries were targeted as part of a coordinated campaign that
used the Olympic Vision keylogger to obtain confidential business-related
information. Distributed via fake emails allegedly sent by business associates, this
software-based keylogger logged not only keystrokes but also clipboard images and
texts, saved logins, and instant messaging chat histories.

BACK-DOORS

A computer backdoor allows an unauthorized user easy, high-level access to an

application, network, or device. Cybercriminals can use backdoors to bypass normal
security and authentication processes.

Default or weak passwords are one possible gateway for backdoor attacks. Once a
cybercriminal has access to your device, they can record your keyboard input, copy
sensitive information from your drives, or spy on you using your microphone and
webcam.

EXAMPLE

Not Petya (Petya Family)

Like Dark Side, Not Petya denied the user access to a machine or network and
displayed a ransom message. Users had to pay in cryptocurrency to get a key that
unlocked their system.

The Not Petya attack took place in June 2017 and affected more than 80 companies
across the US, the UK, Germany, Poland, Italy, Russia, and Ukraine. A White House
assessment estimated that Not Petya caused losses exceeding $10 billion.

TORJAN HORSES

A Trojan Horse is a piece of malware disguised as genuine software, that aims to

infect your computer and alter your files and data. Some Trojan Horses may even
give hackers access to your personal information. Read on to learn about the most
common types of Trojan Horses Viruses’.

EXAMPLE
MARYAM KHALIL 01-135202-037 BSIT-4A
In 2011, the computers in the Japanese parliament building were infected with a
Trojan horse allegedly created by the Chinese government. The Trojan was installed
after a member of the parliament opened an infected email, but the extent of the
attack was never disclosed.

In 2010, a Trojan horse also known as Zeus or Bot was used by Eastern European
hackers to attack a number of businesses and municipal officials in the region and
take control of their banking accounts. The creators of this Trojan had stolen a total
of $70 million.

RANSOMEWARE

Ransomware is a malware designed to deny a user or organization access to files

on their computer. By encrypting these files and demanding a ransom payment for
the decryption key, cyberattacks place organizations in a position where paying the
ransom is the easiest and cheapest way to regain access to their files

EXAMPLE

Crypto locker

Crypto locker is one of the ransomware examples that Comodo targets. Comodo
has a unique feature that automatically protects the user from crypto locker if it
reaches the computer. The changes made by crypto locker are reversed real time
and it’s deleted by the ransomware removal tool.

Crypto locker is known for encrypting the user’s files and requires a payment later
to open it. Comodo creates a shadow version of the hard drive to immediately
protect the important files from crypto locker. It tricks the malware that it has
infected the files, when in fact it has only encrypted the shadow version.

PASSWORD-ATTACKS

A password attack refers to any of the various methods used to maliciously

authenticate into password-protected accounts. These attacks are typically
facilitated through the use of software that expedites cracking or guessing
passwords. Among hackers' favorite password attacks are brute force, credential
stuffing and password spray

EXAMPLE

For example, a hacker can use a man-in-the-middle attack in what's called SSL

hijacking. SSL hijacking is when someone tries to connect to a secure website, and
the attacker creates a bridge of sorts between the user and the intended
MARYAM KHALIL 01-135202-037 BSIT-4A
destination and intercepts any information passing between the two, such as
passwords.

BRUTE-FORCE

A brute force attack is a hacking method that uses trial and error to crack
passwords, login credentials, and encryption keys. It is a simple yet reliable tactic
for gaining unauthorized access to individual accounts and organizations’ systems
and networks. The hacker tries multiple usernames and passwords, often using a
computer to test a wide range of combinations, until they find the correct login
information.

The name "brute force" comes from attackers using excessively forceful attempts to
gain access to user accounts. Despite being an old cyberattack method, brute force
attacks are tried and tested and remain a popular tactic with hackers.

EXAMPLE

Longer passwords are not always better. What really helps is to require a mix of
upper- and lowercase letters mixed with special characters. Educate users on
best password practices, such as avoiding adding four numbers at the end and
avoiding common numbers, such those beginning with 1 or 2. Provide a
password management tool to prevent users from resorting to easily
remembered passwords and use a discovery tool that exposes default
passwords on devices that haven’t been changed.

DICTIONARY

A dictionary attack is a basic form of brute force hacking in which the attacker
selects a target, then tests possible passwords against that individual’s username.
The attack method itself is not technically considered a brute force attack, but it can
play an important role in a bad actor’s password-cracking process. 

The name "dictionary attack" comes from hackers running through dictionaries and
amending words with special characters and numbers. This type of attack is
typically time-consuming and has a low chance of success compared to newer,
more effective attack methods.

EXAMPLE

In a dictionary attack, the attacker utilizes a wordlist in the hopes that the user’s
password is a commonly used word (or a password seen in previous sites).
Dictionary attacks are optimal for passwords that are based on a simple word (e.g.
'cowboys' or 'longhorns'). Wordlists aren’t restricted to English words; they often
also include common passwords (e.g. 'password,' 'lutein,' or 'I love you,' or
'123456'). But modern systems restrict their users from such simple passwords,
MARYAM KHALIL 01-135202-037 BSIT-4A
requiring users to come up with strong passwords that would hopefully not be
found in a wordlist.

DOS

A DOS, or disk operating system, is an operating system that runs from a disk drive.
The term can also refer to a particular family of disk operating systems, most
commonly MS-DOS, an acronym for Microsoft DOS. A Denial-of-Service (DoS) attack
is an attack meant to shut down a machine or network, making it inaccessible to its
intended users. DoS attacks accomplish this by flooding the target with traffic, or
sending it information that triggers a crash

EXAMPLE

 Buffer overflow attacks – the most common DoS attack. The concept is to
send more traffic to a network address than the programmers have built the
system to handle. It includes the attacks listed below, in addition to others
that are designed to exploit bugs specific to certain applications or networks
 ICMP flood – leverages misconfigured network devices by sending spoofed
packets that ping every computer on the targeted network, instead of just
one specific machine. The network is then triggered to amplify the traffic.
This attack is also known as the attack or ping of death.

DDOS

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the

normal traffic of a targeted server, service or network by overwhelming the target
or its surrounding infrastructure with a flood of Internet traffic.

DDoS attacks achieve effectiveness by utilizing multiple compromised computer

systems as sources of attack traffic. Exploited machines can include computers and
other networked resources such as IoT devices.

From a high level, a DDoS attack is like an unexpected traffic jam clogging up the
highway, preventing regular traffic from arriving at its destination.

EXAMPLE

The February 2018 GitHub DDoS attack

One of the largest verifiable DDoS attacks on record targeted GitHub, a popular

online code management service used by millions of developers. This attack
reached 1.3 Tbsp., sending packets at a rate of 126.9 million per second.
MARYAM KHALIL 01-135202-037 BSIT-4A
The GitHub attack was a  DDoS attack, so there were no botnets involved. Instead
the attackers leveraged the amplification effect of a popular database caching
system known as Memcached. By flooding Memcached servers
with spoofed requests, the attackers were able to amplify their attack by a
magnitude of about 50,000x.

Luckily, GitHub was using a DDoS protection service, which was automatically
alerted within 10 minutes of the start of the attack. This alert triggered the process
of mitigation and GitHub was able to stop the attack quickly. The massive DDoS
attack only ended up lasting about 20 minutes.

BOTNET

A botnet is a group of computers controlled remotely by a hacker who uses their

combined resources to carry out attacks against websites, computer networks, and
internet services. If your computer is infected with malware, it may be part of a
botnet. Read on to learn about the common botnet attack examples.

EXAMPLE

The Mirai botnet was behind a massive, distributed denial of service (DDoS) attack
that left much of the internet inaccessible on the U.S. east coast. But, what made
Mirai most notable was that it was the first major botnet to infect insecure IoT
devices. At its peak, the worm infected over 600,000 devices.

BUFFER-OVERFLOW

Buffers are memory storage regions that temporarily hold data while it is being
transferred from one location to another. A buffer overflow (or buffer overrun)
occurs when the volume of data exceeds the storage capacity of the memory
buffer. As a result, the program attempting to write the data to the buffer
overwrites adjacent memory locations. Attackers exploit buffer overflow issues by
overwriting the memory of an application. This changes the execution path of the
program, triggering a response that damages files or exposes private information.
For example, an attacker may introduce extra code, sending new instructions to the
application to gain access to IT systems.

EXAMPLE

For example, a buffer for log-in credentials may be designed to expect username
and password inputs of 8 bytes, so if a transaction involves an input of 10 bytes
(that is, 2 bytes more than expected), the program may write the excess data past
the buffer boundary.

Buffer overflows can affect all types of software. They typically result from
malformed inputs or failure to allocate enough space for the buffer. If the
MARYAM KHALIL 01-135202-037 BSIT-4A
transaction overwrites executable code, it can cause the program to behave
unpredictably and generate incorrect results, memory access errors, or crashes.

TEARDROP

A teardrop attack relies on a bug within the code older computer systems use to
handle large amounts of data. Rather than putting together all the bits in the right
order and serving them up as expected, the systems wait for pieces that never
arrive. Eventually, the whole system crashes.

Teardrops are distributed-denial-of-service (DDoS) attacks. About 60 percent of IT

experts worry about hacks like this. They are also a type of IP fragmentation attack, 
where a hacker overwhelms a network using fragmentation mechanisms.

The solution is relatively simple: Update your software and keep it current.

EXAMPLE

By default, F5’s BIG-IP Application Delivery Services protect against teardrop attacks
by checking incoming packets’ frame alignment and discarding improperly
formatted packets. Teardrop packets are therefore dropped, and the attack is
prevented before the packets can pass into the protected network.

SMURF

A Smurf attack is a form of a distributed denial of service (DDoS) attack that renders
computer networks inoperable. The Smurf program accomplishes this by exploiting
vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols
(ICMP). The amplification factor of the Smurf attack correlates to the number of the
hosts on the intermediate network. For example, an IP broadcast network with 500
hosts will produce 500 responses for each fake Echo requests. Typically, each of the
relies is of the same size as the original ping request

EXAMPLE

Distributed denial of service (DDoS) Smurf attack is an example of an amplification

attack where the attacker send packets to a network amplifier with the return
address spoofed to the victim's IP address.

PHYSICAL
MARYAM KHALIL 01-135202-037 BSIT-4A
Cyber-Physical Attack — a security breach in cyber space that impacts on the
physical environment. A malicious user can take control of the computing or
communication components of water pumps, transportation, pipeline valves, etc.,
and cause damage to property and put lives at risk.

EXAMPLE

 An infected USB drive is planted in a parking lot, lobby, etc., which an

employee picks up and loads onto the network.
 An attacker breaks into a server room and installs rogue devices that capture
confidential data.
 The internet drop line is accessible from outside of the building, allowing an
attacker to intercept data or cut the line completely.
 An attacker pretends to be an employee and counts on a real employee’s
courtesy to hold the door for him as they enter together.
 An inside actor looks over the shoulder of a system engineer as they type
administrative credentials into a system.

EXPLOITS

An exploit (in its noun form) is a segment of code or a program that maliciously
takes advantage of vulnerabilities or security flaws in software or hardware to
infiltrate and initiate a denial-of-service (DoS) attack or install malware, such as
spyware, ransomware, Trojan horses, worms, or viruses. So the exploit is not the
malware itself but is used to deliver the malware. To exploit (in its verb form) is to
successfully carry out such an attack.

EXAMPLE

n recent years, there have been many well-known exploits used to initiate malware
attacks and cause huge data breaches. For example, in 2016, Yahoo disclosed that
an exploit had taken place years prior, resulting in a massive data leak that affected
about 1 billion of their users. A weak and out-of-date algorithm had caused a
vulnerability, providing hackers with access to multiple email accounts. 

A recent infamous exploit named "Eternal Blue" takes advantage of a flaw found in
the Windows Server Message Block protocol. Sadly, the exploit was first designed
by the National Security Agency (NSA) but was stolen and publicized by the Shadow
Brokers group. It has since been used in the Not Petya and WannaCry ransomware
attacks. 

More recently, Equifax, a credit reporting firm, suffered a huge breach of data when
hackers exploited a vulnerability found within the Apache Struts framework used in
MARYAM KHALIL 01-135202-037 BSIT-4A
a web application run by the company. A patch was developed, but Equifax failed to
update the compromised web application soon enough to avoid the breach.

PRIVILEGE ESCALATION ATTACK

An exploit is a code that takes advantage of a software vulnerability or security flaw.

It is written either by security researchers as a proof-of-concept threat or by
malicious actors for use in their operations. When used, exploits allow an intruder
to remotely access a network and gain elevated privileges or move deeper into the
network.

EXAMPLE

Linux Password User Enumeration

Attackers often use password user enumeration to perform privilege escalation on

a Linux system. This basic attack identifies all user accounts on a Linux machine,
which requires the attacker first to obtain shell access. Once that step is complete,
the command "cat /etc/passwd | cut -d: -f1" will display a list of all the users on the
machine. Misconfigured FTP servers are one of the most common vulnerabilities
that Linux password user enumeration can exploit.

APT

Advanced Persistent Threat (APT) are compound network attacks that utilize
multiple stages and different attack techniques. APTs are not attacks conceived of
or implemented on the spur-of-the-moment. Read on to learn about APT detection
and protection measures. the goal of an APT attack is to break into the target
network and spend as much time as needed to search the network for sensitive
information. After the attack objectives are accomplished, the attackers disappear
unnoticed.

EXAMPLE

 Ghost Net — based in China, attacks were conducted by spear phishing

emails containing malware. The group compromised computers in over 100
countries, focusing on gaining access to networks of government ministries
and embassies. Attackers compromised machines inside these organizations,
turned on their cameras and microphones and turned them into surveillance
devices.
MARYAM KHALIL 01-135202-037 BSIT-4A
 Stuxnet — a worm used to attack Iran’s nuclear program, which was
delivered via an infected USB device, and inflicted damage to centrifuges
used to enrich Uranium. Stuxnet is malware that targets SCADA (industrial
Supervisory Control and Data Acquisition) systems—it was able to disrupt the
activity of machinery in the Iranian nuclear program without the knowledge
of their operators.

HACTIVISM

The term “Hacktivism” was coined in the early 90s by the (in)famous hacker
collective, Cult of the Dead Cow. As the word suggests, Hacktivism is a means of
collective political or social activism manifest through hacking computers and
networks. Hacktivism began as a sub-culture of hacking, gaming and web
communities, and allowed technically inclined individuals to use the connectivity
and anonymity of the web to join together with others and operate towards
common causes. As such, hacktivists were originally mostly young males who
enjoyed surfing the web, visiting forums and newsgroups, sharing information on
illegal download sites, chatting in “private rooms” and colluding with like-minded
drifters of the net.

EXAMPLE

More recently, hacktivist group Lizard Squard were responsible for an attack on the
U.K.’s Labor party during the country’s general election last December. The botnet-
powered DDoS attack targeted the then-leader of the party, Jeremy Corbyn, as well
as his party’s websites. The group promised more attacks on both government and
Labor party websites should Labor win the election (something they failed to do). In
the past, Lizard Squad had claimed responsibility for attacks on Sony, Microsoft
XBox and even Taylor Swift, but this was its first known outing for some years.
According to one report, the group may have turned to financially motivated crime
in the interim, quietly building and hiring out its botnet in a DDoS-for-hire service.

COMMODITY-THREAT

Commodity attacks are attacks that use readily available tools with little or no
customization. Commodity attacks are usually perpetrated by attackers who either
do not have the skills to perform more advanced attacks or who prefer to perform
many, easy attacks and benefit from a low success rate rather than spend a lot of
time to customize a small number of more profitable attacks against specific targets.

EXAMPLE

The Exploit Kit Playbook: Many incident reports show multiple ransomware

campaigns relying on an easy-to-buy RIG exploit kit, and then combining it with
commoditized ransomware like Kerber and Locky. The playbook for creating new
ransomware campaigns has been written and everyone is following it.
MARYAM KHALIL 01-135202-037 BSIT-4A
CYBER ESPIONGE

Cyber espionage is primarily used as a means to gather sensitive or classified

data, trade secrets or other forms of IP that can be used by the aggressor to
create a competitive advantage or sold for financial gain. In some cases, the
breach is simply intended to cause reputational harm to the victim by exposing
private information or questionable business practices.

Cyber espionage attacks can be motivated by monetary gain; they may also be
deployed in conjunction with military operations or as an act of cyber terrorism
or cyber warfare. The impact of cyber espionage, particularly when it is part of a
broader military or political campaign, can lead to disruption of public services
and infrastructure, as well as loss of life.

EXAMPLE

COVID-19 Research

More recently, cyber espionage has focused on research efforts related to the
COVID-19 pandemic. Since April 2020, intrusion activity targeting coronavirus
research has been reported against U.S., U.K., Spanish, South Korean, Japanese
and Australian laboratories; this activity was conducted on the part of Russian,
Iranian, Chinese and North Korean actors.

For example, one cyber espionage breach was discovered by CrowdStrike in the
second half of 2020. Our Falcon Overwatch team uncovered a targeted intrusion
against an academic institution known to be involved in the development of
COVID-19 testing capabilities. The malicious activity in question was attributed
to Chinese hackers, which gained initial access by way of a successful SQL
injection attack against a vulnerable web server. Once inside the victim
environment, the actor compiled and launched a web shell that was used to
perform various malicious activities largely focused on information gathering
and collection.

INDIRECT-ATTACK

the indirect attack the information is received from (or about) the target source
without directly attacking it. Another way of putting it would be like when a
database is tricked into replying to queries for sensitive information because they
(the queries) pose as legitimate ones.

In the real-life example that was mentioned earlier, it would be like the thief
knocking on your door and asking you if you had any old lamps that you would like
to exchange for new ones. You, not knowing the true value of the lamp and thinking
MARYAM KHALIL 01-135202-037 BSIT-4A
he was a true trader – with no ulterior motives regarding the knowledge of the
genie it holds within – would hand your old lamp to him.

EXAMPLE

“Watering hole technique” refers to instigating an attack where the hacker

compromises a target website by inserting an exploit that will result in a malware
malfunction or a Trojan being planted in the system.

What is even more dangerous is that websites that have been infected using this
method can then pass the infection on (or open the doors to) websites that are
connected to or visited from or through them. The efficiency of this attack can be
proven by the fact that large companies like Facebook, Apple and Twitter have all
been hit using this method.

MOBILE ADHOC NETWORK BASED

MANET stands for Mobile Ad hoc Network also called a wireless Ad hoc network or
Ad hoc wireless network that usually has a routable networking environment on
top of a Link Layer ad hoc network. They consist of a set of mobile nodes
connected wirelessly in a self-configured, self-healing network without having a
fixed infrastructure. MANET nodes are free to move randomly as the network
topology changes frequently. Each node behaves as a router as they forward
traffic to other specified nodes in the network.

Mobile ad hoc networks are self-configuring, dynamic networks in which nodes are
free to move. They do not rely on a pre-existing infrastructure such as routers or
access points. The challenge is equipping each device to maintain the information
required to properly route traffic.

EXAMPLE

Examples include pressure, temperature, toxins, pollutions, etc. An ad-hoc network

is a collection of wireless mobile hosts forming a temporary network without the
aid of any stand- alone infrastructure or centralized administration

CYBER-PHYSICAL SYSTEMS

Cyber-Physical Attack — a security breach in cyber space that impacts on the
physical environment. A malicious user can take control of the computing or
communication components of water pumps, transportation, pipeline valves, etc.,
and cause damage to property and put lives at risk.

Recent advancement of cyber physical systems open doors to various safety

measures, threats, attacks and vulnerabilities are such major key challenges.
Comparison of various cyber physical attacks and analysis on several parameters
MARYAM KHALIL 01-135202-037 BSIT-4A
has been done. Key noted issues are results of cyber-attacks, CPS attack traceability
and the review on communication security architecture.

EXAMPLE

An infected USB drive is planted in a parking lot, lobby, etc., which an employee
picks up and loads onto the network. infected an attacker breaks into a server
room and installs rogue devices that capture confidential data

SQL INJECTION

SQL injection, also known as SQLI, is a common attack vector that uses malicious
SQL code for backend database manipulation to access information that was not
intended to be displayed. This information may include any number of items,
including sensitive company data, user lists or private customer details.

EXAMPLE

An attacker wishing to execute SQL injection manipulates a standard SQL query to

exploit non-validated input vulnerabilities in a database. There are many ways that
this attack vector can be executed, several of which will be shown here to provide
you with a general idea about how SQLI works.

LOGIC BOMB

A logic bomb is a malicious piece of code that’s secretly inserted into a computer
network, operating system, or software application. It lies dormant until a specific
condition occurs. When this condition is met, the logic bomb is triggered —
devastating a system by corrupting data, deleting files, or clearing hard drives.

EXAMPLE

An incident in 1982, during the Cold War between the US and the Soviet Union, is
considered the original logic bomb attack. The CIA was supposedly informed that a
KGB operative had stolen the plans for an advanced control system along with its
software from a Canadian company, to be used on a Siberian pipeline. The CIA
apparently had a logic bomb coded in the system to sabotage the enemy.
Since then, like after the birth of the computer virus itself, logic bomb attacks have
become frequent in real life as well as in movies and television.

MAN IN THE MIDDLE ATTACK

A man-in-the-middle attack represents a cyberattack in which a malicious player

inserts himself into a conversation between two parties, impersonates both of
them, and gains access to the information that the two parties were trying to share.
The malicious player intercepts, sends, and receives data meant for someone else –
or not meant to be sent at all, without either outside party knowing until it’s already
too late.

EXAMPLE

The Marconi Case The first recorded man-in-the-middle attack in history took place
long before the Internet was even invented and it involves Guglielmo Marconi, a
MARYAM KHALIL 01-135202-037 BSIT-4A
Nobel prize winner considered to be the inventor of the radio. What happened?
When a legal advisor to Marconi, Professor Fleming, was making a demonstration
of wireless transmission from one location to another, a Mr. Maskelyne, with his
own receiver, intercepted the message that was supposed to be sent from Cornwall
to the Royal Institute and then transmitted his own message.

TAMPERING

Data tampering is the act of deliberately modifying (destroying, manipulating, or

editing) data through unauthorized channels. Data exists in two states: in transit or
at rest. In both instances, data could be intercepted and tampered with. Digital
communications are all about data transmission.

EXAMPLE

A classic example of parameter tampering is changing parameters in form fields.

When a user makes selections on an HTML page, they are usually stored as form
field values and sent to the Web application as an HTTP request. These values can
be pre-selected (combo box, check box, radio button, etc.), free text or hidden.

BYZANTINE ATTACK

The Byzantine attack in cooperative spectrum sensing (CSS), also known as the
spectrum sensing data falsification (SSDF) attack in the literature, is one of the key
adversaries to the success of cognitive radio networks (CRNs)

EXAMPLE

A Byzantine fault (also Byzantine generals’ problem, interactive consistency, source

congruency, error avalanche, Byzantine agreement problem, and Byzantine failure)
is a condition of a computer system, particularly distributed computing systems,
where components may fail and there is imperfect information

BLACK HOLE ATTACK

Black-hole attacks occur when a router deletes all messages it is supposed to

forward. From time to time, a router is misconfigured to offer a zero-cost route to
every destination in the Internet. This causes all traffic to be sent to this router.
Since no device can sustain such a load, the router fails.

EXAMPLE

Wireless Sensor Network Security

Some examples of Byzantine attacks are black holes, flood rushing, wormholes, and
overlay network wormholes: Black-hole attack: In this type of attack, the attacker
drops packets selectively, or all control and data packets that are routed through
him.

FLOOD RUSHING ATTACK

Rushing attack is one of the network layer attacks in MANET. In this attack, when
the attacker node receives the route request packet, it immediately forwards the
route request packet to its neighbors without processing the packet. Threshold-
based approach is used to detect rushing attack in MANET.
MARYAM KHALIL 01-135202-037 BSIT-4A
EXAMPLE

In a flood attack, attackers send a very high volume of traffic to a system so that it
cannot examine and allow permitted network traffic. For example, an ICMP flood
attack occurs when a system receives too many ICMP ping commands and must
use all its resources to send reply to commands. f you set the Drop UDP Flood
Attack threshold to 1000, the device starts to drop UDP packets from an interface
that receives more than 1000 UDP packets per second. The device does not drop
other types of traffic or traffic received on other interfaces.

BLUE JACKING ATTACK

Bluejacking is a hacking method that allows an individual to send anonymous

messages to Bluetooth-enabled devices within a certain radius. First, the hacker
scans his surroundings with a Bluetooth-enabled device, searching for other
devices. The hacker then sends an unsolicited message to the detected devices.
Bluejacking is a hacking method that lets a person send unsolicited messages
(typically flirtatious but can also be malicious) to any Bluetooth-enabled device
within his own device’s range. Also known as “blue hacking,” the process begins by
scanning one’s surroundings for discoverable Bluetooth-capable devices.

Bluejacking is much like doorbell ditching, wherein a person rings someone’s

doorbell and disappears before the homeowner can answer the door.

EXAMPLE

 Online adverts are everywhere these days, and some of them can be more
than just annoying and distracting. Malicious advertising, or Malwaretising
involves hackers sneaking ads onto legitimate websites. If you click on them,
intentionally or by accident, you run the risk of downloading malware and
viruses onto your device.
 Phishing emails are a classic but effective way to spread malware. Phishing is
the act of sending a message, usually an email, in which the sender pretends
to be a legitimate figure like a bank or a recognizable business. They then ask
the target to follow a link. Clicking the link will either infect your device with
malware or trick you into exposing login details for various accounts.

COVERT ATTACK

physically covert attacks are attacks that cause physical. effects that cannot be

easily noticed or identified by a human observer pone of the most sophisticated
attacks on these systems is the covert attack, where an attacker changes the
system inputs and disguises his influence on the system outputs by changing them
accordingly.

EXAMPLE
MARYAM KHALIL 01-135202-037 BSIT-4A
Covert channels are frequently classified as either storage or timing channels.
Examples would include using a file intended to hold only audit information to
convey user passwords--using the name of a file or perhaps status bits associated
with it that can be read by all users to signal the contents of the file

Historic examples of covert action include the CIA's orchestration of the 1953 coup
in Iran; the 1961 Bay of Pigs invasion of Cuba; the Vietnam-era secret war in Laos;
and support to both the Polish Solidarity labour union in the 1970s and 1980s and
to the Mujahidin in Afghanistan during the 1980s

RESISTENT CONTROL PROBLEM

The resistance strategy is to make it as difficult as possible for attacks to progress
after the initial access, without the necessity of knowledge of the attacks. While this
often requires substantial effort, it reduces the damage that would otherwise incur
from the attacks. The resistance strategy is to make it as difficult as possible for
attacks to progress after the initial access, without the necessity of knowledge of
the attacks. While this often requires substantial effort, it reduces the damage that
would otherwise incur from the attacks. Sun Tzu supports this strategy via the
principle that “The art of war teaches us to rely not on the likelihood of the enemy’s
not coming, but on our own readiness to receive him” [13]. Many of the methods
that support the frustration controls will also support the resistance strategy.

EXAMPLE

For example, Black Friday sales, when thousands of users are clamoring for a
bargain, often cause a denial of service. But they can also be malicious. In this case,
an attacker purposefully tries to exhaust the site's resources, denying legitimate
users access.

REPLAY ATATCK

Replay Attack is a type of security attack to the data sent over a network. In this
attack, the hacker, or any person with unauthorized access, captures the traffic and
sends communication to its original destination, acting as the original sender. The
receiver feels that it is an authenticated message, but it is actually the message sent
by the attacker. The main feature of the Replay Attack is that the client would
receive the message twice, hence the name, Replay Attack.

EXAMPLE

Real world example

A staff member at a company asks for a financial transfer by sending an encrypted

message to the company's financial administrator. An attacker eavesdrops on this
message, captures it, and is now able to resend it.

Suppose in the communication of two parties A and B; A is sharing his key to B to

prove his identity but in the meanwhile Attacker C eavesdrop the conversation
between them and keeps the information which are needed to prove his identity to
B. Later C contacts to B and prove its authenticity.
MARYAM KHALIL 01-135202-037 BSIT-4A