Abstract image of a woman sitting on books and studying on a laptop

types of cyber attack by taufiqurrahman.pptx

Download as PPTX, PDF
T
taufiq463421

The document provides an extensive overview of various types of cyber attacks, including malware, social engineering, denial-of-service, man-in-the-middle, password attacks, and advanced persistent threats. It outlines the objectives, methods of delivery, and best practices for prevention of these attacks while emphasizing the importance of cybersecurity awareness and effective defense mechanisms. Additionally, the document discusses protection techniques like network detection and response (NDR) to combat sophisticated threats and highlights the crucial role of regular system updates and strong authentication methods.

Education
1 of 45
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
Most read
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Most read
36
37
38
Most read
39
40
41
42
43
44
45
Types Cyber Attacks Software Development Security
Types of Cyber Attack Malware attack Social engineering attacks(Phishing ) Distributed denial of service (DDoS) Man-in-the- middle attack (MitM) Password attacks Advanced persistent threats (APT)
Malware attack • A malware attack is a common cyberattack where malware (normally malicious software) executes unauthorized actions on the victim’s system. The malicious software (a.k.a. virus) encompasses many specific types of attacks such as ransomware, spyware, command and control, and more.
Three main aspects of Malware • Objective: What the malware is designed to achieve • Delivery: How the malware is delivered to the target • Concealment: How the malware avoids detection
Objectives of Malware • Exfiltrate Information- Stealing data, credentials, payment information, Malware focused on this type of theft can be extremely costly to a person, company, or government target that falls victim. • Disrupt Operations - Actively working to “cause problems” for a target’s operation is another objective seen in malware. • Demand Payment- Some malware is focused on directly extorting money from the target. Ransomware is a type of malware that attempts to prevent a target from accessing their data (usually by encrypting files on the target) until the target “pays up.”
Main types of malware attack vectors • Trojan Horse: This is a program which appears to be one thing (e.g. a game, a useful application, etc.) but is really a delivery mechanism for malware. • Virus: A virus is a type of self-propagating malware which infects other programs/files (or even parts of the operating system and/or hard drive) of a target via code injection. • Worm: Malware designed to propagate itself into other systems is a worm. While virus and trojan horse malware are localized to one infected target system, a worm actively works to infect other targets (sometimes without any interaction on the user’s behalf).
Main types of malware attack vectors • Ransomware Arguably the most common form of malware, ransomware attacks encrypt a device’s data and holds it for ransom. If the ransom isn’t paid by a certain deadline, the threat actor threatens to delete or release the valuable data (often opting to sell it on the dark web). • Spyware Cybercriminals use spyware to monitor the activities of users. By logging the keystrokes a user inputs throughout the day, the malware can provide access to usernames, passwords, and personal data. Spyware often leads to credential theft, which in turn can lead to a devastating data breach. It often originates in corrupt files, or through downloading suspicious files. • Bots is a software program that performs an automated task without requiring any interaction. Bots can execute attacks much faster than humans ever could.
Best practices against malware attacks • Continuous User Education • Use Reputable A/V Software • Ensure Your Network is Secure • Perform Regular Website Security Audits • Create Regular, Verified Backups •
types of cyber attack by taufiqurrahman.pptx
Social engineering attacks(Phishing ) • Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. • Social engineering attacks work by psychologically manipulating users into performing actions desirable to an attacker or divulging sensitive information.
Social engineering attack techniques • Phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. • Spear phishing is a more targeted version of the phishing scam whereby an attacker chooses specific individuals or enterprises. • Baiting attacks use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware. • Scareware involves victims being bombarded with false alarms and fictitious threats. • Piggybacking and tailgating both refer to a type of attack in which an authorized person allows an unauthorized person access to a restricted area.
types of cyber attack by taufiqurrahman.pptx
Common Phishing Technique in Somalia • Voice phishing (vishing) phone calls may be automated message systems recording all your inputs. Sometimes, a live person might speak with you to increase trust and urgency. • SMS phishing (smishing) texts or mobile app messages might include a web link or a prompt to follow-up via a fraudulent email or phone number. • Email phishing is the most traditional means of phishing, using an email urging you to reply or follow-up by other means. Web links, phone numbers, or malware attachments can be used.
Social engineering prevention • Don’t open emails and attachments from suspicious sources. • Use multifactor authentication • Be wary of tempting offers • Keep your antivirus/antimalware software updated
Discussion Is Mobile Begging considered a Scam?
types of cyber attack by taufiqurrahman.pptx
Denial-of- service attack (DoS attack) • A Denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to a network. • Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
Distributed Denial of service (DDoS) • A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. • DDoS attacks don’t attempt to breach your security perimeter. Rather, a DDoS attack aims to make your website and servers unavailable to legitimate users.
DDoS botnets • A botnet is a collection of hijacked connected devices used for cyber attacks that are controlled remotely from a Command & Control Center (C&C). • Attackers use malware and other techniques to compromise a device, turning it into a “zombie” in the attacker’s botnet. • Botnets enable attackers to carry out DDoS attacks by harnessing the power of many machines and obscuring the source of the traffic.
types of cyber attack by taufiqurrahman.pptx
DDoS for hire: • DDoSsers, • booters and • stressers
There are 3 types of DDoS Attacks: • Volume-based attacks, • Protocol attacks, and • Application layer attacks.
DDoS Protection Techniques • Reduce Attack Surface Area -One of the first techniques to mitigate DDoS attacks is to minimize the surface area that can be attacked thereby limiting the options for attackers and allowing you to build protections in a single place. We want to ensure that we do not expose our application or resources to ports, protocols or applications from where they do not expect any communication. • Deploy Firewall and load balancer - A good practice is to use a Web Application Firewall (WAF) against attacks, such as SQL injection or cross-site request forgery, that attempt to exploit a vulnerability in your application itself.
DDoS Protection Techniques • An organization typically has two choices when setting up cloud-based DDoS protection: • On-demand cloud DDoS mitigation: These services activate after the in-house team, or the provider detects a threat. If you suffer a DDoS, the provider diverts all traffic to cloud resources to keep services online. • Always-on cloud DDoS protection: These services route all traffic through a cloud scrubbing center (at the cost of minor latency). This option is best suited for mission-critical apps that cannot afford downtime.
types of cyber attack by taufiqurrahman.pptx
Man-in-the- middle attack (MitM) • A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. • The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required. • Broadly speaking, a MITM attack is the equivalent of a mailman opening your bank statement, writing down your account details and then resealing the envelope and delivering it to your door.
MITM attack progression(Interception) • Interception- The first step intercepts user traffic through the attacker’s network before it reaches its intended destination. 1. IP spoofing involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website. 2. ARP spoofing is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent by the user to the host IP address is instead transmitted to the attacker. 3. DNS spoofing, also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record. As a result, users attempting to access the site are sent by the altered DNS record to the attacker’s site.
MITM attack progression (Decryption) • Decryption- After interception, any two-way SSL traffic needs to be decrypted without alerting the user or application. A number of methods exist to achieve this 1. HTTPS spoofing sends a phony certificate to the victim’s browser once the initial connection request to a secure site is made. 2. SSL BEAST (browser exploit against SSL/TLS) targets a TLS version 1.0 vulnerability in SSL. Here, the victim’s computer is infected with malicious JavaScript that intercepts encrypted cookies sent by a web application. 3. SSL hijacking occurs when an attacker passes forged authentication keys to both the user and application during a TCP handshake. This sets up what appears to be a secure connection when, in fact, the man in the middle controls the entire session.
Man in the middle attack prevention • Avoiding WiFi connections that aren’t password protected. • Paying attention to browser notifications reporting a website as being unsecured. • Immediately logging out of a secure application when it’s not in use. • Not using public networks (e.g., coffee shops, hotels) when conducting sensitive transactions.
types of cyber attack by taufiqurrahman.pptx
Different Types of Password Attacks • Two types of phishing attacks: • Regular Phishing -victims receive a phishing mail asking them to reset passwords due to security reasons. Hackers are successful when targets don’t confirm the sender’s authenticity before changing their passwords. • Spear Phishing – directed victim to click or download a link in an email from a known sender. The link takes you to a malicious look-a-like website where you log in, inadvertently sharing your password with threat actors. •
Different Types of Password Attacks • Brute Force Attacks - In a brute force attack, hackers steal passwords with the hit-and-try method using special software. • Here are two variations of such cyberattacks: • Password Spraying • In a password spray attack, attackers use a selection of common passwords on a massive number of accounts. They attempt to crack passwords of accounts in bulk, reducing the risk of getting traced. • Dictionary Attacks- bad actors use a list of common words and phrases from a dictionary. This is the opposite of a brute force password attack as they don’t use character-by-character attempts.
Different Types of Password Attacks • Credential Stuffing - In credential stuffing, cybercriminals use stolen credentials to break passwords set for cybersecurity. This method is based on simple human psychology: We can’t remember too many passwords; so, let’s use the same password for every account, right? Once hackers succeed in breaching one of your accounts, they use the same passwords on your different accounts. • Keylogger Attacks attackers use malware to attempt keylogger or keystroke logger password attacks. In cybersecurity, These attacks are among the most dangerous as they reveal even the strongest and most secure passwords. Hackers record keystrokes when you enter them.
types of cyber attack by taufiqurrahman.pptx
Advanced persistent threats (APT) • An advanced persistent threat (APT) is a cyber- attack in which the adversary operates undetected inside a compromised network for an extended period of time after gaining unauthorized access. • APT attacks are distinguished by their use of highly sophisticated tools and techniques to evade detection, steal credentials, and move through the network to reach high-value assets. • These tools and techniques require significant financial and human capital to acquire or develop, implying that APT attacks are designed to target the meanest network defenses protecting important organizations and their assets.
APT Attack Stages
APT Attack Stages • Stage 1: Target Selection and External Reconnaissance • An APT attack always begins with identifying targets that satisfy the attacker’s objectives. Once a target has been selected, the attackers will perform a reconnaissance of the target to discover potential points of entry (attack vectors) and gather as much information on the target as possible. • Stage 2: Initial Access • After thorough preparation, the attacker attempts to gain unauthorized access to the target’s network by exploiting one or more viable attack vectors. One of the most common ways this is achieved is through highly deceptive social engineering techniques like spear-phishing emails.
APT Attack Stages • Stage 3: Malware Execution • After gaining access to the victim’s network, the attacker executes the first malware payload on the compromised machine (patient zero). This initial malware payload is used to achieve a variety of broader goals such as internal reconnaissance, defense evasion, and command and control communication. • Stage 4: Privilege Escalation and Lateral Movement • Once the attacker establishes a firm foothold on the compromised system, they begin to harvest access credentials (user, domain admin, and service accounts) to escalate their privileges. Escalated privileges give the attacker greater freedom and cover to operate and move laterally through the network to reach high-value targets that meet their objectives.
APT Attack Stages • Stage 5: Data Exfiltration and Damage Infliction • After reaching the high-value assets, the APT attacker begins exfiltrating the data from the target’s network to their own infrastructure. The data is typically transferred to a central location and packaged into an archive. The archive is encrypted to conceal it from deep packet inspection during exfiltration and compressed and chunked so that the data is exfiltrated in small enough quantities to resemble normal traffic activity, lowering any suspicion.
APT Detection and Protection Using NDR • Many cybersecurity solutions such as firewalls, endpoint security, intrusion detection and prevention systems may no longer offer adequate protection against APT attacks. Essentially, these tools are designed to prevent and detect known threats using known malware signatures, known indicators of compromise (IoC), and known attack patterns. With APT threat actors constantly updating their tools, TTPs, and infrastructure, what is really needed is a solution to detect non-signature-based malware and unknown attack activity and patterns.
What is Network Detection and Response (NDR)? • Network detection and response (NDR) is a security solution that performs real-time monitoring and analysis of network-wide traffic to detect and respond to malware and behavioral-based malicious activity in the network. • The crux of NDR is detecting behavioral-based malicious activity. As stealthy as they are, APT activities generate network traffic in all stages of an attack, and as long as activities generate traffic, they can be detected. NDR leverages the power of machine learning, artificial intelligence, and behavioral analytics to analyze network traffic and detect granular deviations from normal network activity to uncover APT threats.
types of cyber attack by taufiqurrahman.pptx
How to Prevent Cyber Attacks? • Change your passwords regularly and use strong alphanumeric passwords which are difficult to crack. Refrain from using too complicated passwords that you would tend to forget. Do not use the same password twice. • Update both your operating system and applications regularly. This is a primary prevention method for any cyber attack. This will remove vulnerabilities that hackers tend to exploit. Use trusted and legitimate Anti-virus protection software. • Use a firewall and other network security tools such as Intrusion prevention systems, Access control, Application security, etc. • Avoid opening emails from unknown senders. Scrutinize the emails you receive for loopholes and significant errors. • Make use of a VPN. This makes sure that it encrypts the traffic between the VPN server and your device.
How to Prevent Cyber Attacks? • Regularly back up your data. According to many security professionals, it is ideal to have three copies of your data on two different media types and another copy in an off-site location (cloud storage). Hence, even in the course of a cyber attack, you can erase your system’s data and restore it with a recently performed backup. • Employees should be aware of cybersecurity principles. They must know the various types of cyberattacks and ways to tackle them. • Use Two-Factor or Multi-Factor Authentication. With two-factor authentication, it requires users to provide two different authentication factors to verify themselves. When you are asked for over two additional authentication methods apart from your username and password, we term it as multi-factor authentication. This proves to be a vital step to secure your account. • Secure your Wi-Fi networks and avoid using public Wi-Fi without using a VPN. • Safeguard your mobile, as mobiles are also a cyberattack target. Install apps from only legitimate and trusted sources, make sure to keep your device updated.
Discussion Thank you

More Related Content

PPSX
Cyber security awareness for students
Akhil Nadh PC
 
PPTX
Cyber Security Introduction.pptx
ANIKETKUMARSHARMA3
 
PPTX
Cyber attack
Manjushree Mashal
 
PPTX
Dos n d dos
sadhana21297
 
PPTX
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
PPT
Cyber Ethics
WonderingAriana
 
PPTX
Computer ethics and crime
Middle East International School
 
PPTX
Cyber ethics
fifiamalina
 
Cyber security awareness for students
Akhil Nadh PC
 
Cyber Security Introduction.pptx
ANIKETKUMARSHARMA3
 
Cyber attack
Manjushree Mashal
 
Dos n d dos
sadhana21297
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
Cyber Ethics
WonderingAriana
 
Computer ethics and crime
Middle East International School
 
Cyber ethics
fifiamalina
 

What's hot (20)

PPT
Cyber Crime and Security
Dipesh Waghela
 
PPTX
Cyber Security PPT - 2023.pptx
ChandanChandu928137
 
PPTX
Cyber Crime and Security
Chitra Mudunuru
 
PPTX
Cyber crime and security
Sharath Raj
 
PDF
Social engineering
ankushmohanty
 
PPTX
Social engineering
Vishal Kumar
 
PPTX
cyber crime
Mosuud jilani lipon
 
PPTX
Introduction To Dark Web
Adityakumar Yadav
 
PPTX
Cyber Security Awareness
Innocent Korie
 
PPTX
Cyber security system presentation
A.S. Sabuj
 
PPTX
Cyber crime
Harendra Singh
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
PPTX
Phishing ppt
shindept123
 
PPTX
Cyberspace
Utchi
 
PPTX
Cyber crime and its types
DINESH KAMBLE
 
PPTX
Cybersecurity artificial intelligence presentation
ssuserabf73f
 
PPTX
Cyber security
TaimoorArshad5
 
PPTX
Dark web
aakshidhingra
 
PPTX
Cyber Crime
Avinash Rajput
 
PPTX
Cyber security
Sapna Patil
 
Cyber Crime and Security
Dipesh Waghela
 
Cyber Security PPT - 2023.pptx
ChandanChandu928137
 
Cyber Crime and Security
Chitra Mudunuru
 
Cyber crime and security
Sharath Raj
 
Social engineering
ankushmohanty
 
Social engineering
Vishal Kumar
 
cyber crime
Mosuud jilani lipon
 
Introduction To Dark Web
Adityakumar Yadav
 
Cyber Security Awareness
Innocent Korie
 
Cyber security system presentation
A.S. Sabuj
 
Cyber crime
Harendra Singh
 
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Phishing ppt
shindept123
 
Cyberspace
Utchi
 
Cyber crime and its types
DINESH KAMBLE
 
Cybersecurity artificial intelligence presentation
ssuserabf73f
 
Cyber security
TaimoorArshad5
 
Dark web
aakshidhingra
 
Cyber Crime
Avinash Rajput
 
Cyber security
Sapna Patil
 
Ad

Similar to types of cyber attack by taufiqurrahman.pptx (20)

PPTX
week2-cybersecurityOverview of social engineering attacks.pptx
christianaolusegun22
 
PPTX
Malware attack Social engineering attack
taufiq463421
 
PPTX
front_one cyberseuciryt is the protection of something digital from the uneth...
sagarsthakuri188
 
PPTX
Cybersecurity
A. Shamel
 
PPTX
Lec 2- Hardening and whitelisting of devices
BilalMehmood44
 
PPTX
Lecture 3.pptx
MuhammadRehan856177
 
PPTX
basics of hacking- threat basics, types of attack
PILAMPIRAYAsstProfes
 
PPTX
Cyber Attacks and Defences - JNTUH,Cyber Attacks and Defences
NiharikaGuptas
 
PPTX
Cyber crime & security
Avani Patel
 
PDF
Network security
nafisarayhana1
 
PPTX
Cyber security
Sabir Raja
 
PPTX
Protection from hacking attacks
Sugirtha Jasmine M
 
PPT
CyberSecurity presentation for basic knowledge about this topic
piyushkamble6
 
PPTX
Security threats
Qamar Farooq
 
PPTX
Cyber security
ankit yadav
 
PPTX
CYBERSECURITY | Why it is important?
RONIKMEHRA
 
PPT
computer crime
00jitesh00
 
PDF
Cybersecurity Threats & Trends: Key Insights for Businesses
GrapesTech Solutions
 
PPTX
bhumi verma dentition in mammals -aman.pptxhhdbshdbsbdhsdbhdbhs
sarasdivyansh1608
 
PPTX
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
week2-cybersecurityOverview of social engineering attacks.pptx
christianaolusegun22
 
Malware attack Social engineering attack
taufiq463421
 
front_one cyberseuciryt is the protection of something digital from the uneth...
sagarsthakuri188
 
Cybersecurity
A. Shamel
 
Lec 2- Hardening and whitelisting of devices
BilalMehmood44
 
Lecture 3.pptx
MuhammadRehan856177
 
basics of hacking- threat basics, types of attack
PILAMPIRAYAsstProfes
 
Cyber Attacks and Defences - JNTUH,Cyber Attacks and Defences
NiharikaGuptas
 
Cyber crime & security
Avani Patel
 
Network security
nafisarayhana1
 
Cyber security
Sabir Raja
 
Protection from hacking attacks
Sugirtha Jasmine M
 
CyberSecurity presentation for basic knowledge about this topic
piyushkamble6
 
Security threats
Qamar Farooq
 
Cyber security
ankit yadav
 
CYBERSECURITY | Why it is important?
RONIKMEHRA
 
computer crime
00jitesh00
 
Cybersecurity Threats & Trends: Key Insights for Businesses
GrapesTech Solutions
 
bhumi verma dentition in mammals -aman.pptxhhdbshdbsbdhsdbhdbhs
sarasdivyansh1608
 
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
Ad

Recently uploaded (20)

PDF
FYJC - Chemistry textbook - standard 11.
nhunhuq968
 
PPTX
Reproductive system-Human anatomy and physiology
ZenyTilwani1
 
PPTX
UNIT_2-__LIPIDS[1].pptx.................
Akanksha Kotangale
 
PDF
Solved Past paper of Pediatric Health Nursing PHN BS Nursing 5th Semester
shaukatkhan0798
 
PPT
Acidosis in Dairy Herds: Causes, Signs, Management, Prevention and Treatment
khosrowsamiei2001
 
PPTX
Neurology of Systemic disease all systems
BisratAlex2
 
PDF
Hospital Case Study .architecture design
Amlan Priyadarshan
 
PPTX
Theoretical for class.pptxgshdhddhdhdhgd
MoybonKalif
 
PPTX
Key-Features-of-the-SHS-Program-v4-Slides (3) PPT2.pptx
abdurakibtingsonjali
 
PPTX
BSCE 2 NIGHT (CHAPTER 2) just cases.pptx
TristanLimotan
 
PPTX
4. Diagnosis and treatment planning in RPD.pptx
rakshasb
 
PDF
Everyday Spelling and Grammar by Kathi Wyldeck
JohanaWulandari2
 
PDF
Lecture on Viruses: Structure, Classification, Replication, Effects on Cells,...
Miraj Khan
 
PDF
Nurlina - Urban Planner Portfolio (english ver)
Nurlina Y.
 
PPTX
PLASMA AND ITS CONSTITUENTS 123.pptx
sweet2th18
 
PDF
fundamentals-of-heat-and-mass-transfer-6th-edition_incropera.pdf
gloryjsingh
 
PPTX
Integrated Management of Neonatal and Childhood Illnesses (IMNCI) – Unit IV |...
RAKESH SAJJAN
 
PDF
CAT 2024 VARC One - Shot Revision Marathon by Shabana.pptx.pdf
VaibhavBhardwaj394603
 
PDF
Disorder of Endocrine system (1).pdfyyhyyyy
[email protected]
 
PPTX
Power Point PR B.Inggris 12 Ed. 2019.pptx
FirdaFauziah14
 
FYJC - Chemistry textbook - standard 11.
nhunhuq968
 
Reproductive system-Human anatomy and physiology
ZenyTilwani1
 
UNIT_2-__LIPIDS[1].pptx.................
Akanksha Kotangale
 
Solved Past paper of Pediatric Health Nursing PHN BS Nursing 5th Semester
shaukatkhan0798
 
Acidosis in Dairy Herds: Causes, Signs, Management, Prevention and Treatment
khosrowsamiei2001
 
Neurology of Systemic disease all systems
BisratAlex2
 
Hospital Case Study .architecture design
Amlan Priyadarshan
 
Theoretical for class.pptxgshdhddhdhdhgd
MoybonKalif
 
Key-Features-of-the-SHS-Program-v4-Slides (3) PPT2.pptx
abdurakibtingsonjali
 
BSCE 2 NIGHT (CHAPTER 2) just cases.pptx
TristanLimotan
 
4. Diagnosis and treatment planning in RPD.pptx
rakshasb
 
Everyday Spelling and Grammar by Kathi Wyldeck
JohanaWulandari2
 
Lecture on Viruses: Structure, Classification, Replication, Effects on Cells,...
Miraj Khan
 
Nurlina - Urban Planner Portfolio (english ver)
Nurlina Y.
 
PLASMA AND ITS CONSTITUENTS 123.pptx
sweet2th18
 
fundamentals-of-heat-and-mass-transfer-6th-edition_incropera.pdf
gloryjsingh
 
Integrated Management of Neonatal and Childhood Illnesses (IMNCI) – Unit IV |...
RAKESH SAJJAN
 
CAT 2024 VARC One - Shot Revision Marathon by Shabana.pptx.pdf
VaibhavBhardwaj394603
 
Disorder of Endocrine system (1).pdfyyhyyyy
[email protected]
 
Power Point PR B.Inggris 12 Ed. 2019.pptx
FirdaFauziah14
 

types of cyber attack by taufiqurrahman.pptx

  • 1. Types Cyber Attacks Software Development Security
  • 2. Types of Cyber Attack Malware attack Social engineering attacks(Phishing ) Distributed denial of service (DDoS) Man-in-the- middle attack (MitM) Password attacks Advanced persistent threats (APT)
  • 3. Malware attack • A malware attack is a common cyberattack where malware (normally malicious software) executes unauthorized actions on the victim’s system. The malicious software (a.k.a. virus) encompasses many specific types of attacks such as ransomware, spyware, command and control, and more.
  • 4. Three main aspects of Malware • Objective: What the malware is designed to achieve • Delivery: How the malware is delivered to the target • Concealment: How the malware avoids detection
  • 5. Objectives of Malware • Exfiltrate Information- Stealing data, credentials, payment information, Malware focused on this type of theft can be extremely costly to a person, company, or government target that falls victim. • Disrupt Operations - Actively working to “cause problems” for a target’s operation is another objective seen in malware. • Demand Payment- Some malware is focused on directly extorting money from the target. Ransomware is a type of malware that attempts to prevent a target from accessing their data (usually by encrypting files on the target) until the target “pays up.”
  • 6. Main types of malware attack vectors • Trojan Horse: This is a program which appears to be one thing (e.g. a game, a useful application, etc.) but is really a delivery mechanism for malware. • Virus: A virus is a type of self-propagating malware which infects other programs/files (or even parts of the operating system and/or hard drive) of a target via code injection. • Worm: Malware designed to propagate itself into other systems is a worm. While virus and trojan horse malware are localized to one infected target system, a worm actively works to infect other targets (sometimes without any interaction on the user’s behalf).
  • 7. Main types of malware attack vectors • Ransomware Arguably the most common form of malware, ransomware attacks encrypt a device’s data and holds it for ransom. If the ransom isn’t paid by a certain deadline, the threat actor threatens to delete or release the valuable data (often opting to sell it on the dark web). • Spyware Cybercriminals use spyware to monitor the activities of users. By logging the keystrokes a user inputs throughout the day, the malware can provide access to usernames, passwords, and personal data. Spyware often leads to credential theft, which in turn can lead to a devastating data breach. It often originates in corrupt files, or through downloading suspicious files. • Bots is a software program that performs an automated task without requiring any interaction. Bots can execute attacks much faster than humans ever could.
  • 8. Best practices against malware attacks • Continuous User Education • Use Reputable A/V Software • Ensure Your Network is Secure • Perform Regular Website Security Audits • Create Regular, Verified Backups •
  • 10. Social engineering attacks(Phishing ) • Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. • Social engineering attacks work by psychologically manipulating users into performing actions desirable to an attacker or divulging sensitive information.
  • 11. Social engineering attack techniques • Phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. • Spear phishing is a more targeted version of the phishing scam whereby an attacker chooses specific individuals or enterprises. • Baiting attacks use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware. • Scareware involves victims being bombarded with false alarms and fictitious threats. • Piggybacking and tailgating both refer to a type of attack in which an authorized person allows an unauthorized person access to a restricted area.
  • 13. Common Phishing Technique in Somalia • Voice phishing (vishing) phone calls may be automated message systems recording all your inputs. Sometimes, a live person might speak with you to increase trust and urgency. • SMS phishing (smishing) texts or mobile app messages might include a web link or a prompt to follow-up via a fraudulent email or phone number. • Email phishing is the most traditional means of phishing, using an email urging you to reply or follow-up by other means. Web links, phone numbers, or malware attachments can be used.
  • 14. Social engineering prevention • Don’t open emails and attachments from suspicious sources. • Use multifactor authentication • Be wary of tempting offers • Keep your antivirus/antimalware software updated
  • 15. Discussion Is Mobile Begging considered a Scam?
  • 17. Denial-of- service attack (DoS attack) • A Denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to a network. • Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
  • 18. Distributed Denial of service (DDoS) • A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. • DDoS attacks don’t attempt to breach your security perimeter. Rather, a DDoS attack aims to make your website and servers unavailable to legitimate users.
  • 19. DDoS botnets • A botnet is a collection of hijacked connected devices used for cyber attacks that are controlled remotely from a Command & Control Center (C&C). • Attackers use malware and other techniques to compromise a device, turning it into a “zombie” in the attacker’s botnet. • Botnets enable attackers to carry out DDoS attacks by harnessing the power of many machines and obscuring the source of the traffic.
  • 21. DDoS for hire: • DDoSsers, • booters and • stressers
  • 22. There are 3 types of DDoS Attacks: • Volume-based attacks, • Protocol attacks, and • Application layer attacks.
  • 23. DDoS Protection Techniques • Reduce Attack Surface Area -One of the first techniques to mitigate DDoS attacks is to minimize the surface area that can be attacked thereby limiting the options for attackers and allowing you to build protections in a single place. We want to ensure that we do not expose our application or resources to ports, protocols or applications from where they do not expect any communication. • Deploy Firewall and load balancer - A good practice is to use a Web Application Firewall (WAF) against attacks, such as SQL injection or cross-site request forgery, that attempt to exploit a vulnerability in your application itself.
  • 24. DDoS Protection Techniques • An organization typically has two choices when setting up cloud-based DDoS protection: • On-demand cloud DDoS mitigation: These services activate after the in-house team, or the provider detects a threat. If you suffer a DDoS, the provider diverts all traffic to cloud resources to keep services online. • Always-on cloud DDoS protection: These services route all traffic through a cloud scrubbing center (at the cost of minor latency). This option is best suited for mission-critical apps that cannot afford downtime.
  • 26. Man-in-the- middle attack (MitM) • A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. • The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required. • Broadly speaking, a MITM attack is the equivalent of a mailman opening your bank statement, writing down your account details and then resealing the envelope and delivering it to your door.
  • 27. MITM attack progression(Interception) • Interception- The first step intercepts user traffic through the attacker’s network before it reaches its intended destination. 1. IP spoofing involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website. 2. ARP spoofing is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent by the user to the host IP address is instead transmitted to the attacker. 3. DNS spoofing, also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record. As a result, users attempting to access the site are sent by the altered DNS record to the attacker’s site.
  • 28. MITM attack progression (Decryption) • Decryption- After interception, any two-way SSL traffic needs to be decrypted without alerting the user or application. A number of methods exist to achieve this 1. HTTPS spoofing sends a phony certificate to the victim’s browser once the initial connection request to a secure site is made. 2. SSL BEAST (browser exploit against SSL/TLS) targets a TLS version 1.0 vulnerability in SSL. Here, the victim’s computer is infected with malicious JavaScript that intercepts encrypted cookies sent by a web application. 3. SSL hijacking occurs when an attacker passes forged authentication keys to both the user and application during a TCP handshake. This sets up what appears to be a secure connection when, in fact, the man in the middle controls the entire session.
  • 29. Man in the middle attack prevention • Avoiding WiFi connections that aren’t password protected. • Paying attention to browser notifications reporting a website as being unsecured. • Immediately logging out of a secure application when it’s not in use. • Not using public networks (e.g., coffee shops, hotels) when conducting sensitive transactions.
  • 31. Different Types of Password Attacks • Two types of phishing attacks: • Regular Phishing -victims receive a phishing mail asking them to reset passwords due to security reasons. Hackers are successful when targets don’t confirm the sender’s authenticity before changing their passwords. • Spear Phishing – directed victim to click or download a link in an email from a known sender. The link takes you to a malicious look-a-like website where you log in, inadvertently sharing your password with threat actors. •
  • 32. Different Types of Password Attacks • Brute Force Attacks - In a brute force attack, hackers steal passwords with the hit-and-try method using special software. • Here are two variations of such cyberattacks: • Password Spraying • In a password spray attack, attackers use a selection of common passwords on a massive number of accounts. They attempt to crack passwords of accounts in bulk, reducing the risk of getting traced. • Dictionary Attacks- bad actors use a list of common words and phrases from a dictionary. This is the opposite of a brute force password attack as they don’t use character-by-character attempts.
  • 33. Different Types of Password Attacks • Credential Stuffing - In credential stuffing, cybercriminals use stolen credentials to break passwords set for cybersecurity. This method is based on simple human psychology: We can’t remember too many passwords; so, let’s use the same password for every account, right? Once hackers succeed in breaching one of your accounts, they use the same passwords on your different accounts. • Keylogger Attacks attackers use malware to attempt keylogger or keystroke logger password attacks. In cybersecurity, These attacks are among the most dangerous as they reveal even the strongest and most secure passwords. Hackers record keystrokes when you enter them.
  • 35. Advanced persistent threats (APT) • An advanced persistent threat (APT) is a cyber- attack in which the adversary operates undetected inside a compromised network for an extended period of time after gaining unauthorized access. • APT attacks are distinguished by their use of highly sophisticated tools and techniques to evade detection, steal credentials, and move through the network to reach high-value assets. • These tools and techniques require significant financial and human capital to acquire or develop, implying that APT attacks are designed to target the meanest network defenses protecting important organizations and their assets.
  • 37. APT Attack Stages • Stage 1: Target Selection and External Reconnaissance • An APT attack always begins with identifying targets that satisfy the attacker’s objectives. Once a target has been selected, the attackers will perform a reconnaissance of the target to discover potential points of entry (attack vectors) and gather as much information on the target as possible. • Stage 2: Initial Access • After thorough preparation, the attacker attempts to gain unauthorized access to the target’s network by exploiting one or more viable attack vectors. One of the most common ways this is achieved is through highly deceptive social engineering techniques like spear-phishing emails.
  • 38. APT Attack Stages • Stage 3: Malware Execution • After gaining access to the victim’s network, the attacker executes the first malware payload on the compromised machine (patient zero). This initial malware payload is used to achieve a variety of broader goals such as internal reconnaissance, defense evasion, and command and control communication. • Stage 4: Privilege Escalation and Lateral Movement • Once the attacker establishes a firm foothold on the compromised system, they begin to harvest access credentials (user, domain admin, and service accounts) to escalate their privileges. Escalated privileges give the attacker greater freedom and cover to operate and move laterally through the network to reach high-value targets that meet their objectives.
  • 39. APT Attack Stages • Stage 5: Data Exfiltration and Damage Infliction • After reaching the high-value assets, the APT attacker begins exfiltrating the data from the target’s network to their own infrastructure. The data is typically transferred to a central location and packaged into an archive. The archive is encrypted to conceal it from deep packet inspection during exfiltration and compressed and chunked so that the data is exfiltrated in small enough quantities to resemble normal traffic activity, lowering any suspicion.
  • 40. APT Detection and Protection Using NDR • Many cybersecurity solutions such as firewalls, endpoint security, intrusion detection and prevention systems may no longer offer adequate protection against APT attacks. Essentially, these tools are designed to prevent and detect known threats using known malware signatures, known indicators of compromise (IoC), and known attack patterns. With APT threat actors constantly updating their tools, TTPs, and infrastructure, what is really needed is a solution to detect non-signature-based malware and unknown attack activity and patterns.
  • 41. What is Network Detection and Response (NDR)? • Network detection and response (NDR) is a security solution that performs real-time monitoring and analysis of network-wide traffic to detect and respond to malware and behavioral-based malicious activity in the network. • The crux of NDR is detecting behavioral-based malicious activity. As stealthy as they are, APT activities generate network traffic in all stages of an attack, and as long as activities generate traffic, they can be detected. NDR leverages the power of machine learning, artificial intelligence, and behavioral analytics to analyze network traffic and detect granular deviations from normal network activity to uncover APT threats.
  • 43. How to Prevent Cyber Attacks? • Change your passwords regularly and use strong alphanumeric passwords which are difficult to crack. Refrain from using too complicated passwords that you would tend to forget. Do not use the same password twice. • Update both your operating system and applications regularly. This is a primary prevention method for any cyber attack. This will remove vulnerabilities that hackers tend to exploit. Use trusted and legitimate Anti-virus protection software. • Use a firewall and other network security tools such as Intrusion prevention systems, Access control, Application security, etc. • Avoid opening emails from unknown senders. Scrutinize the emails you receive for loopholes and significant errors. • Make use of a VPN. This makes sure that it encrypts the traffic between the VPN server and your device.
  • 44. How to Prevent Cyber Attacks? • Regularly back up your data. According to many security professionals, it is ideal to have three copies of your data on two different media types and another copy in an off-site location (cloud storage). Hence, even in the course of a cyber attack, you can erase your system’s data and restore it with a recently performed backup. • Employees should be aware of cybersecurity principles. They must know the various types of cyberattacks and ways to tackle them. • Use Two-Factor or Multi-Factor Authentication. With two-factor authentication, it requires users to provide two different authentication factors to verify themselves. When you are asked for over two additional authentication methods apart from your username and password, we term it as multi-factor authentication. This proves to be a vital step to secure your account. • Secure your Wi-Fi networks and avoid using public Wi-Fi without using a VPN. • Safeguard your mobile, as mobiles are also a cyberattack target. Install apps from only legitimate and trusted sources, make sure to keep your device updated.

Editor's Notes

  • #6: Scareware uses empty threats
  • #7: Pegasus spyware Spyware.Pony
  • #8: Pegasus spyware Spyware.Pony In the beginning of 2022, the Costa Rican government was attacked by ransomware, affecting finance and other government services to such a degree that a state of emergency was declared.  Keyloggers are a common kind of spyware that monitors and records users’ keystrokes. With this kind of spyware, hackers can steal credentials as well as credit card numbers and other data that may be entered into a system through typing. 
  • #12: Use USB flashes to demonstrate attackers leave the bait—typically malware-infected flash drives Scareware- Your computer may be infected with harmful spyware programs.
  • #13: Play defcon
  • #40: SolarWinds Supply Chain Attack A list of prominent APT attacks is incomplete without mentioning the SolarWinds supply chain attack. “From a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen,” said Microsoft President Brad Smith.