Attack, Attackers and Network Vulnerabilities - CSU1899 - Shoolini U

FL13: Types of Attack and Attackers in the Context of Network Vulnerabilities

Definition: In network security, attacks are attempts to breach the security policies of a network system, gaining unauthorized access or causing damage. These attacks exploit vulnerabilities such as software flaws, human errors, or weak configurations. Attackers can be categorized based on their intent and methods.

1. Types of Attacks

1.1 Denial of Service (DoS)

Description: Attackers overload a network or server with excessive requests, making it unavailable to legitimate users.

Example: A famous case is the attack on the Estonian government websites in 2007, which disrupted services for days.

Indian Case Study: In 2020, Indian banking websites faced DoS attacks from international sources, disrupting digital transactions.

1.2 Man-in-the-Middle (MITM)

Description: The attacker intercepts communication between two parties, gaining access to sensitive data like login credentials.

Example: Eavesdropping on unencrypted Wi-Fi networks to steal banking information.

1.3 Phishing

Description: Attackers trick users into giving up sensitive information by posing as a trusted entity.

Example: In 2018, Indian users were targeted by phishing emails appearing to be from banks, asking for login details.

1.4 SQL Injection

Description: Attackers inject malicious SQL queries into web forms to exploit database vulnerabilities.

Example: Exploiting poorly coded web forms to retrieve or modify database information.

SELECT * FROM users WHERE username = 'admin' --;

1.5 Cross-Site Scripting (XSS)

Description: Attackers inject malicious scripts into websites, targeting users to steal session data or deface websites.

Example: If a user clicks on a malicious link, they may unknowingly send their session cookies to the attacker.

1.6 Ransomware

Description: Malware that encrypts a victim’s files, demanding payment (usually in cryptocurrency) to decrypt them.

Indian Case Study: In 2020, the Indian IT firm Cognizant was hit by a ransomware attack, disrupting business operations.

2. Types of Attackers

2.1 Script Kiddies

Description: Inexperienced attackers using pre-built tools or scripts to launch attacks without deep technical knowledge.

Example: They may use DoS tools without understanding the underlying mechanics.

2.2 Hacktivists

Description: Attackers driven by social or political motives, often defacing websites or leaking sensitive data to make a statement.

Example: In 2019, Indian hackers defaced Pakistani government websites after a political dispute.

2.3 State-Sponsored Attackers

Description: Attackers working for a nation-state, targeting other nations' government or infrastructure networks for espionage or sabotage.

Indian Case Study: In 2018, Indian government institutions were targeted by Chinese state-sponsored groups for intelligence gathering.

2.4 Insiders

Description: Employees or contractors with authorized access who exploit their privileges to attack the network from within.

Example: A disgruntled employee leaking sensitive information or disabling security protocols.

2.5 Cybercriminals

Description: Individuals or organized groups whose motive is financial gain through hacking activities.

Example: Cybercriminals may target financial institutions to steal funds or personal data.

3. Physical Security in the Context of Ethical Hacking

Definition: Physical security refers to the protection of hardware, networks, and data from physical actions or events that could cause damage or loss. Despite the rise of cyberattacks, physical breaches can still lead to significant data loss and system compromise.

3.1 Key Elements of Physical Security

3.1.1 Access Control

Description: Ensuring that only authorized personnel have access to critical areas where hardware is stored.

Example: Using key cards, biometric scans, or security personnel to control access to data centers.

3.1.2 Surveillance and Monitoring

Description: Continuous monitoring of sensitive areas using CCTV cameras, sensors, or alarm systems.

Example: Banks and data centers implement surveillance systems to detect unauthorized access attempts.

3.1.3 Environmental Controls

Description: Preventing environmental damage such as fire, flooding, or power outages.

Example: Installing fire suppression systems and backup power supplies in data centers.

3.1.4 Device Security

Description: Protecting physical devices like laptops, servers, and routers from theft or damage.

Example: Encrypting portable storage devices and securing laptops when not in use.

3.2 Importance in Ethical Hacking

Threat Scenario: Physical access to servers or networking hardware by an attacker can allow them to install malware or gain access to data.

Case Study: In 2019, an employee at a Mumbai-based IT firm was caught trying to steal company data by physically accessing the servers after working hours.

4. Physical Attacks on Network Devices

4.1 Tampering

Description: Physically altering network devices like routers or switches to install malicious hardware or modify functionality.

Example: Installing hardware keyloggers to intercept sensitive data.

4.2 Dumpster Diving

Description: Searching through discarded documents, devices, or media to retrieve confidential information.

Example: Recovering passwords or sensitive configuration details from discarded equipment.

4.3 Mitigation Strategies