This post provides a list of common Cybersecurity Attacks.
List of Common Cybersecurity Attacks
Non-exhaustive list of common cybersecurity attacks:
- Brute-force Attack
- Cross-Site Request Forgery (XSRF)
- Cross-Site Scripting (XSS)
- Cross-Site Tracing (CST)
- Denial of Service (DoS)
- Man-in-the-middle (MITM)
- Rogue access point
- Session hijacking
- Spoofing of data packets
- SQL Injection
- Pharming
- Pass the Hash
- Pass the Key
- TOC/TOU
- Phishing
- Ramsonware
- DNS Spoofing
Brute-force Attack
A brute-force attack (a.k.a. brute force cracking) is the cyberattack equivalent of trying every key on your key ring, and eventually finding the right one.
Cross-Site Request Forgery (XSRF)
A cross-site request forgery (XSRF) attack is a type of web site attack in which unauthorized commands are transmitted to a website from a trusted user.
The attacker tricks the user to send their desired information to the website. The exploit is that the website trusts this user.
It could be done following these steps:
- Attacker sends a phishing e-mail to a victim user that includes a link
- User clicks on the link, and web server validates the user request
- Web server performs the user request, that usually benefits the attacker
XSRF exploits inadequate authentication mechanisms in web applications that rely only on elements such as cookies when performing a transaction.
It is mentioned on CISM Review QA&E Manual 9th Edition, question S3-200.
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
The website is tricked by the attacker to run a script on each of their users locally. The exploit is that the users trust the website.
It could be done following these steps:
- Attacker finds a website with a XSS vulnerability
- Attacker injects a script into the website
- For each user that connect the page, the website run the script for him
Cross Site Tracing (XST)
Cross Site Tracing (XST) exploits the HTTP TRACE method to steal sensitive data.
TRACE method is intended for diagnostic purposes, and allows a client to send a request to a server and receive a mirror of that request in the server’s response.
Preventive measures, including disabling TRACE and implementing robust input validation, are crucial in safeguarding against XST.
XST is less popular or known than XSRF and XSS.
Denial of Service (DoS)
Denial of Service (DoS) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
Packet filtering techniques are the only ones which reduce network congestion caused by a network denial-of-service attack.
Man-in-the-middle
Man-in-the-middle (MitM) is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.
MiTM can be prevented by using trusted paths that secure network traffic from capture and link encryption.
Rogue access point
A rogue access point masquerades as a legitimate access point. The risk is that legitimate users may connect through this access point and have their traffic monitored.
It is a significant risk when using wireless local area network technology.
SQL Injection
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
Methods to avoid SQL injections:
- Input check: limit what can be input by a user
- Escape special characters: makes dangerous characters less likely to be a problem
- Parameterized queries: limit what can be sent in a query
- Stored procedures: limit what can be done via the database server
SQL detection tools on this post.
SQL injection tools on this post.
SQL injection examples on this post.
Pharming
Pharming is a cyberattack intended to redirect a website’s traffic to another, fake site by installing a malicious program on the computer. Pharming can be conducted either by exploitation of a vulnerability in the DNS server software or by changing the hosts file on a victim’s computer.
Session Hijacking
You can find session hijacking tools on this post.
TOC/TOU
Time-of-check to time-of-use (TOC/TOU) attack exploits timing differences between when a system verifies authorization and software uses that authorization to perform an action. It is an example of race condition attack.
By varying the worload on the cpu, attackers may exploit th eamount of time required to process requests and use that variance to effectively schedule the exploit’s execution.
Methods to defend against TOC/TOU are file locking, exception handling and concurrency controls.
Clickjacking
Clickjacking is an attack where the user is tricked into clicking on something different from what the user perceives
User interface redress attack or UI redressing are more general terms to define trickery through the user interface (UI).
Clickjacking can be prevented by applying techniques such as what is called framekiller, framebuster or framebreaker. You can read more about it on this external link.
Frame injection
A Frame Injection is a type of Code Injection vulnerability. It gets to load arbitrary code in the browser through a frame.
The term frame spoofing might be the same as frame injection.
ARP Spoofing
ARP spoofing can be avoided by implementing DHCP spoofing.
[…] You can find a summary of common attacks on this external post. […]