Common computer attack types defined
Access Attacks– the attacker’s goal is to gain unauthorized access to information or services.
Dumpster Diving Literally picking the corporate dumpster for information. Also called Information Diving
Eavesdropping Simply listening in in an effort to gain knowledge.
Snooping Peeking around for information.
Interception The attacker positions himself covertly, either physically or in a digital sense, in the middle of a transaction or conversation.
Modification Attacks The attacker’s goal is to alter information for gain.
Repudiation Attacks Modifying with the purpose of discrediting or invalidating information.
Back Doors by design or surreptiously inserted, allows the attacker a ‘back door’ into a system or application for purposes of control
Denial Of Service Attacks
DOS Denial of Service
DDOS Distributed Denial of Service
A DOS or DDOS attack seeks to deny legitimate users access to information, applications or services. A DDOS is distributed, meaning that multiple hosts participate in the attack. Reactive defense methods include “walking the path” back to the source up to the border router and working with that router’s owner, filtering, which may or may not be effective, and scaling up bandwidth and hardware in response to the attack. Unplugging is the option of last resort. Proactive defense can be provided in hardware and planning (such as having a backup range of IP addresses that can be cut over to.)
Common Types of DOS attacks
SYN Flood attempting to tie up resources with incomplete TCP connections
Smurf Attack A broadcast is sent to multiple machines with a forged source request – all the machines reply to the victim host, inundating it with responses.
Ping Flood The victim host is sent an overwhelming amount of ping traffic
Fraggle Attack A flood of UDP traffic is sent to a victim host.
Application Flood The attacker leverages a weakness in at the application level – IRC floods are a common example.
Spoofing The attacker attempts to appear to be someone else, usually a legitimate user.
Man In The Middle This interception attack relays communications between hosts who have a legitimate connection. The attacker may insert, delete or gather information. Wireless access is a common vector for this attack.
Replay Attack The attacker attempts to capture packets on its way from one host to another, and then replay them to a targeted host in an attempt to impersonate a legitimate user or system.
Password Cracking Attempting to gain a valid credential given a login prompt. Defense is to use account lockout, expiring passwords and to protect password hashes.
Brute Force trying a large amount of character combinations to break a password scheme.
Dictionary Attack Attempting to crack a password scheme using wordlists.
Guessing The attacker simply tries to guess a password, either using inside knowledge or commonly used passwords.
Virus Attack Malicious code designed to further the attacker’s goals. May be custom written for the target. Antivirus software is the commonly employed defense.
Polymorphic Viruses The code can change to avoid signature based detection
Stealth Virus Code may attach itself to legitimate code in order to hide
Retrovirus Code attacks antivirus defense software
Multiparite Virus Code is designed to use multiple techniques to cause its havoc
Armored Virus Code is designed to stop the removal of the virus by stealth, encryption or obfuscation.
Companion Virus Code attaches itself to legitimate applications.
Phage Virus – This virus attempts to change other programs.
Macro Virus This code is written in Macro programming, common in Microsoft Office-like applications.
Trojan Horse A malicious program that misrepresents its true intentions, and attempts to trick the user as to its purpose.
Logic Bomb Malicious code that executes when a criteria is met, such as a date or a specified action is performed.
Worm Self replicating virus – the goal is to propagate.
Social Engineering The attacker attempts to con the victim into belief. The goal may be to obtain information or access to further the attacker’s cause. May occur over the Internet, email, phone or even in person. Almost impossible to defend against given the salesmanship of the perpetrator. Education of users is the most commonly cited defense strategy for Social Engineering attacks.
Phishing Type of social engineering that attempts to ruse the target by presenting a false link to a compromised or bogus login.
Spearphishing Using a Phishing attack on a very specific target.
Joe Job Spamming using a forged email address, that of the target. Spam recipients are fooled by the forgery and either target or discredit the victim.