MOUNTAINS OF THE MOON UNIVERSITY

FACULTY OF SCIENCE TECHNOLOGY AND INNOVATION

DEPARTMENT OF COMPUTER SCINCE

MUMBERE DERIC

2021/U/MMU/BIT/021

INDIVIDUAL ASSIGNMENT 1

SOCIAL AND PROFESSIONAL ISSUES IN COMPUTING

FACILITATOR: MR. BUKENYA MOSES

6th October 2024

What is a Cyber Attack?

A cyber-attack refers to an action designed to target a computer or any element of a

computerized information system to change, destroy, or steal data, as well as exploit or harm a
network. Cyber-attacks have been on the rise, in sync with the digitization of business that has
become more and more popular in recent years.

While there are dozens of different types of attacks, the list of cyber-attacks includes the 20 most
common examples.

Top 20 Most Common Types of Cyber security Attacks

DoS and DDoS Attacks

A Denial of Service (DoS) attack is aimed at overwhelming a system's resources, rendering it

incapable of handling legitimate service requests. A Distributed Denial of Service (DDoS)
attack operates similarly but uses multiple infected hosts to flood the system. The goal isn’t to
steal information but to disrupt services, which can lead to financial losses or open the system to
other attacks. An example is the February 2020 DDoS attack on Amazon Web Services (AWS).

MITM Attacks

Man-in-the-middle (MITM) attacks occur when a hacker intercepts communications between

two parties without their knowledge. By positioning themselves in the "middle," the attacker can
monitor, alter, or steal the information being shared. Strong encryption and VPNs are essential to
protect against this kind of attack.

Phishing Attacks

Phishing combines social engineering and technology, where attackers send emails that appear
to be from trusted sources. The goal is to trick recipients into clicking on malicious links,
downloading malware, or sharing sensitive information. The danger lies in the fact that users
may not realize they’ve been compromised, allowing the attacker to target others within the same
organization.
Whale-phishing Attacks

Whale phishing targets high-level executives or “big fish” within an organization. These
individuals are often targeted due to their access to sensitive information. If they fall victim to
ransomware or another attack, they may pay the ransom to avoid public embarrassment. To
avoid whale phishing, organizations should adopt the same best practices used to avoid regular
phishing.

Spear-phishing Attacks

This is a more personalized version of phishing, where the attacker researches their target to craft
a message that seems relevant to the individual. Often using spoofed emails and cloned websites,
these attacks are difficult to detect. To guard against spear phishing, recipients must carefully
scrutinize email details and avoid clicking on unfamiliar links.

Ransomware

Ransomware is malware that locks or encrypts a user’s system, demanding a ransom in exchange
for restoring access. It often exploits unpatched vulnerabilities and can spread across networks,
encrypting multiple devices. Preventing ransomware involves regularly updating systems,
employing strong firewalls, and avoiding suspicious websites or emails.

Password Attacks

These attacks aim to gain access to a system by figuring out a user’s password. Attackers may
use brute-force attacks, social engineering, or intercept unencrypted network transmissions.
Weak passwords or default credentials (like “1234567” or “admin”) are especially vulnerable.
To protect against these attacks, organizations should enforce strong password policies and
implement account lock-out mechanisms after failed attempts.

SQL Injection Attacks

SQL injection attacks exploit vulnerabilities in web applications that use databases. The attacker
injects malicious code into the database query to access, modify, or delete data. Limiting
database access to only those who need it (following the least-privileged model) and sanitizing
inputs can prevent SQL injection attacks.
URL Interpretation

In this attack, hackers manipulate URLs to gain unauthorized access to systems. By altering parts
of a website’s URL, they can potentially reach administrative sections or other restricted areas.
Secure authentication mechanisms, such as multi-factor authentication and secure passwords, are
crucial to preventing URL interpretation attacks.

DNS Spoofing

Also known as DNS poisoning, this attack involves altering the DNS records to redirect users to
malicious websites. Users might unknowingly enter personal information on a fake site, which
the attacker can then use or sell. Keeping DNS servers up-to-date and secure helps protect
against these attacks.

Session Hijacking

An attacker takes control of an active session between a user and a server by substituting their IP
address for the client’s. Using VPNs can prevent this by encrypting communications.

Brute Force Attacks

Attackers attempt to guess login credentials by systematically trying combinations. Bots often
automate this process. Lockout policies and strong, random passwords can help prevent these
attacks.

Web Attacks

Exploit vulnerabilities in web applications. Common forms include SQL injection, cross-site
scripting (XSS), and cross-site request forgery (CSRF). Web applications should be regularly
inspected and protected using anti-CSRF tokens and SameSite flags.

Insider Threats

Employees or insiders with access to critical systems can misuse their knowledge. Limiting
access and using multi-factor authentication (MFA) are effective preventive measures.
Trojan Horses

Malicious software is disguised as legitimate. When executed, it opens a backdoor for attackers.
To avoid this, users should only download from trusted sources and use Next-Generation
Firewalls (NGFWs) for inspection.

Drive-by Attacks

Malicious code is embedded in insecure websites, automatically infecting visitors. Regular

software updates and web-filtering software can protect against such attacks.

XSS (Cross-Site Scripting)

Attackers inject malicious scripts into a web page, executed when clicked by a user. Using
whitelists and sanitizing inputs can help defend against XSS.

Eavesdropping

Attackers intercept network traffic to steal sensitive information like passwords or credit card
details. Encrypting data can prevent both active and passive eavesdropping.

Birthday Attack

Exploits hash algorithms by creating matching hashes to replace legitimate messages. Using
longer hashes for verification significantly reduces risk.

Malware Attack

General term for malicious software designed to harm or spy on devices. Preventive measures
include educating users, using firewalls, and being cautious with software downloads and email
links.
REFERENCES

 "Computer Security: Principles and Practice" by William Stallings and Lawrie

Brown
 National Institute of Standards and Technology (NIST) - NIST Special
Publication 800-30: Guide for Conducting Risk Assessments
 OWASP Foundation - OWASP Top Ten Web Application Security Risks
 SANS Institute - SANS Cyber Security Resources
 MITRE ATT&CK Framework - MITRE ATT&CK
 "The Web Application Hacker’s Handbook" by Dafydd Stuttard and Marcus Pinto
 https://www.fortinet.com/resources/cyberglossary/types-of-cyber-attacks