IS WEEK2 - LEC#4

Threat Terminology, Types of Attacks,

Spoofing Attacks, Social Engineering
Threats to Information Security
Why need security?
Vulnerability, Treats & Attack:
Passive Attacks: An Exploit of Information
Interception
• A passive attack refers to an unauthorized attempt to access or intercept
information without altering the data stream. In other words, these attacks do not
disrupt the operation of the network or modify the data in transit. Instead, passive
attacks focus on extracting sensitive information, such as passwords, credit card
numbers, or confidential documents, from network traffic.
• Examples of passive attacks include:
• Packet sniffing: Involves capturing and analyzing network packets to extract
sensitive information.
• Man-in-the-middle (MITM) attack: An attacker intercepts communication
between two parties, capturing information without the knowledge of either party.
• Eavesdropping: Listening in to monitor and extract sensitive information being
transmitted over the network.
• Replay attack: Capturing and retransmitting data packets to gain unauthorized
access.
Countermeasures Against Passive Attacks???
Active Attacks: Breaching Network
Security with Malicious Intent
• Active attacks involve network disruptions or intentional modification of
data to compromise network security. Active attacks are carried out by
adversaries with malicious intent, attempting to harm network resources
and disrupt regular operations.
• Examples of active attacks include:
• Distributed Denial of Service (DDoS) attacks: Overwhelming a target
network or server with a flood of traffic, rendering it unavailable to users.
• ARP Spoofing: Manipulating Address Resolution Protocol (ARP) tables to
redirect network traffic for unauthorized access or eavesdropping.
• SQL Injection: Exploiting vulnerabilities in web applications to inject
malicious SQL code and gain unauthorized access to databases.
• Phishing: Manipulating users into providing sensitive information, such as
login credentials or financial data, through deceptive techniques.
Countermeasures Against Active Attacks???
Key Takeaways
• Passive attacks involve eavesdropping on network
communications.
• Active attacks target network systems and disrupt or modify the
data.
• Both passive and active attacks pose significant risks to network
security.
• Examples of passive attacks include sniffing and spoofing.
• Examples of active attacks include denial-of-service (DoS) and
man-in-the-middle (MitM) attacks.
 Frequently Asked Questions
• 1. What are passive attacks in network security?
• Passive attacks in network security refer to unauthorized attempts to gain access to sensitive information without directly
affecting or altering the system. Attackers use various methods such as eavesdropping, monitoring network traffic, or
intercepting data packets to steal information, but they do not directly disrupt the network's operation.
• These attacks can be difficult to detect as the attacker does not actively interact with the network, making it crucial to
implement encryption and strong security measures to protect against passive attacks.
• 2. What are active attacks in network security?
• Active attacks in network security involve deliberate actions taken to disrupt or compromise the network's integrity,
performance, or availability. Unlike passive attacks, active attacks directly interfere with the network and its components.
• Examples of active attacks include malware infections, denial of service (DoS) attacks, and man-in-the-middle attacks. These
attacks can cause significant damage to the network, resulting in data loss, system failures, or unauthorized access to
sensitive information.
• 3. What are the potential impacts of passive attacks?
• Passive attacks can have serious consequences for network security. Some potential impacts include:
• a) Unauthorized access to sensitive information:
• Eavesdropping on network traffic can allow attackers to intercept sensitive data such as passwords, credit card information, or
confidential business data, compromising the privacy and security of individuals or organizations.
• b) Data manipulation:
• If attackers gain access to network traffic, they can manipulate or modify data packets, leading to the alteration of information,
potential data corruption, or misleading results.
• c) Reconnaissance for future attacks:
• Attackers can use passive attacks to gather information and gain insights into the network's vulnerabilities, enabling them to
plan and execute more targeted and effective active attacks in the future.
• 4. How can organizations protect against passive attacks?
• To protect against passive attacks, organizations should consider implementing the
following measures:
• a) Encryption:
• Encrypting sensitive data and communication channels can prevent attackers from
intercepting and understanding the information exchanged. Strong encryption protocols
such as SSL/TLS can ensure secure data transmission.
• b) Network monitoring:
• Regularly monitoring network traffic and implementing intrusion detection systems (IDS) or
intrusion prevention systems (IPS) can help detect any suspicious activities or unauthorized
access attempts.
• c) Access control and authentication:
• Implementing strong access control mechanisms and authentication protocols can ensure
that only authorized individuals or devices can access sensitive information or resources in
the network.
• 5. How can organizations defend against active attacks?
• To defend against active attacks, organizations should consider the following strategies:
• a) Regular patching and updates:
• Keeping software, operating systems, and network devices up to date with the latest security patches
and updates can help mitigate vulnerabilities that attackers may exploit.
• b) Firewalls and intrusion detection systems (IDS):
• Implementing firewalls, both at network and host levels, can help filter and block unauthorized network
traffic.

•
In conclusion, passive and active attacks are two types of threats that can compromise network
security. Passive attacks involve unauthorized monitoring or eavesdropping on network
communications, while active attacks involve intentional manipulation or disruption of network traffic.
• Passive attacks, such as sniffing and data interception, aim to gain unauthorized access to sensitive
information without alerting the victim. On the other hand, active attacks, like denial of service (DoS)
and man-in-the-middle (MitM) attacks, aim to disrupt normal network operations or manipulate data for
malicious purposes.
What is spoofing? Spoofing definition
Spoofing, as it pertains to cybersecurity, is when someone or something
pretends to be something else in an attempt to gain our confidence, get
access to our systems, steal data, steal money, or spread malware.
Spoofing attacks come in many forms, including:
1. Email spoofing
2. Website and/or URL spoofing.
There are other attacks but we will mainly discuss the above.
1. Email spoofing
Email spoofing is the act of sending emails with false sender addresses, usually as part of
a phishing attack designed to steal your information, infect your computer with malware or
just ask for money. Typical payloads for malicious emails
include ransomware, adware, cryptojackers, Trojans (like Emotet), or malware that
enslaves your computer in a botnet (see DDoS).
But a spoofed email address isn’t always enough to fool the average person. Imagine
getting a phishing email with what looks like a Facebook address in the sender field, but
the body of the email is written in basic text, no design or HTML to speak of—not even a
logo. That’s not something we’re accustomed to receiving from Facebook, and it should
raise some red flags.
Accordingly, phishing emails will typically include a combination of deceptive features:
False sender address
Spear phishing
2. Website spoofing
• Website spoofing is all about making a malicious website look like a legitimate
one. The spoofed site will look like the login page for a website you
frequent—down to the branding, user interface, and even a spoofed domain name
that looks the same at first glance. Cybercriminals use spoofed websites to capture
your username and password (aka login spoofing) or drop malware onto your
computer (a drive-by download). A spoofed website will generally be used in
conjunction with an email spoof, in which the email will link to the website.
Social Engineering Attacks in Information
Security:
• Social engineering is the tactic of manipulating, influencing, or
deceiving a victim in order to gain control over a computer
system, or to steal personal and financial information.
Example:
Phishing. As one of the most popular social engineering attack
types, phishing scams are email and text message campaigns
aimed at creating a sense of urgency, curiosity or fear in victims.
Social Engineering Attack Types
1. Phishing: is a social engineering technique in which an attacker sends fraudulent emails, claiming to be from a
reputable and trusted source.

2. Vishing and Smishing: Vishing (short for voice phishing) occurs when a fraudster attempts to trick a victim into
disclosing sensitive information or giving them access to the victim's computer over the telephone. The caller often
threatens or tries to scare the victim into giving them personal information or compensation. Smishing (short for SMS
phishing) is similar to and incorporates the same social engineering techniques as email phishing and vishing, but it is
done through SMS/text messaging.

3. Pretexting: Pretexting is a type of social engineering technique where the attacker creates a scenario where the victim feels
compelled to comply under false pretenses.
4. Baiting: puts something enticing or curious in front of the victim to lure them into
the social engineering trap. A baiting scheme could offer a free music download or
gift card in an attempt to trick the user into providing credentials.

5. Tailgating and Piggybacking: Tailgating is a simplistic social engineering attack

used to gain physical access to access to an unauthorized location. Piggybacking is
similar to tailgating; but in a piggybacking scenario, the authorized user is aware
and allows the other individual to "piggyback" off their credentials.

6. Quid Pro Quo: Quid pro quo (Latin for “something for something”) is a type of
social engineering tactic in which the attacker attempts a trade of service for
information.