What is cyber attack?|Types of attacks

Hello Readers ,How are you all here we are going to learn about ,what is cyber attack and types of cyber attack in depth.

INTRODUCTION TO CYBER ATTACK

What is cyber attack?

Here Cyber means anything which is related to computer information technology and virtual reality. And Attack means these thing is attacked by hacker.

Cyberattack refers to the attack that is forced and enhanced on any computer system such as hardware, software by an unauthorized user for doing unauthorized work.

Cyber attack refers to a set of techniques that is used to hack the integrity of networks, programs and data and to damage the computer system.

It refers to the body of technologies processes, and practices designed or used to enhance or force an attack to our networks, devices (internal or external) programs by an unauthorized user after using and accessing the file and data by an authorized user.

Types of attack

There are mainly two types of attacks

  • 1.Active attack
  • 2.Passive attack

Active attack

Active attack

This is a type of attack in which ,the attacker cam make changes in the target system or target data.For example now a days every one is using WhatsApp ,so when a attacker, attack on your Whatsapp in active mode then the attacker can make changes to your two conversations .Like you are sending…. Hi!!! to your friend but when the attacker attack then he/she can change it from hi!!! to hello .That is know as active attack.

Types of active attacks:-

  1. Denial of service attack
  2. Phishing
  3. Man in the middle
  4. Man in the browser
  5. Exploit
  6. Buffer overflows
  7. Email spoofing

1.Denial of service attack(Dos)

It means, preventing the giving service to particular user or computer known as Dos attack. For e.g. We have a website for student and have a server which give service and the limit of server is (100).At this time attacker send a fake request of 100 to server i.e. known as IP bot. Due to this server not give service to actual student.

When a DOS attack is attacked on a website then number of useless traffic is send as like data request signal is send on a website like flood and this traffic is not handle by website then website becomes slow due to this the user of affected website not access properly.

How to prevent from DoS attack?

  • Buy more bandwidth
  • Build redundancy into your infrastructure
  • Configure your network hardware against DDoS attacks
  • Deploy anti-DDoS hardware and software modules
  • Protect your DNS servers
  • Maintain Strong Network Architecture
  •  Leverage the Cloud
  • Understand the Warning Signs

2.Phishing

In this attack ,it uses disguised email as a weapon. The goal is to convince the email recipient that the message is something they want or need – a request from their bank, for example, or a note from someone in their company – and clicking on the link or downloading the attachment to do.

Phishing is what really sets it apart is the form that carries the message: attackers pose as a credible entity in the rough, often a genuine or admirable real person, or may trade with a victim company. It is one of the oldest types of cyberattacks, dating back to the 1990s, and is still one of the most widespread and dangerous, with phishing messages and technology becoming increasingly sophisticated.

How to prevent from Phishing attack?

  • Prevent phishing emails from reaching users.
  • Safely handle emails that do manage to reach users.
  • Be wary of threats and urgent deadlines.
  • Browse securely with HTTPs.
  • Investigate every link’s final destination

3.Man in the middle attack(MITM)

Middle (MITM) is a generic term for a person in an attack when a criminal appoints himself to a conversation between a user and an application – either favoring or impersonating one of the parties, it appears as if General exchange of information. Its going on.

The attack aims to steal personal information, such as login credentials, account details, and credit card numbers. The targets are usually users of financial applications, SaaS businesses, e-commerce sites and other websites where it is necessary to enter.

How to prevent from MITM?

  • Avoid connecting to public Wi-Fi routers directly.
  • Be cautious of phishing emails.
  • Keep your system protected at all times.
  • Use the virtual private network (VPN).
  • Ensure sensitive online transactions/logins are secure with HTTPs.
  • Use the latest version of high-security web browsers .

4.Man in the browser attack

Man in Browser is a security attack where the attackers interact with the target PCs and install a types of malware or we can say a Tarjan horse on a victim’s computer that is able to modify that user’s web transactions as they occur in real-time.

According to security expert Philippe Guhring, the technology to launch a man in a browser attack is both high-tech and high-priced. Due to the necessary resources, the use of strategy has been limited to financial fraud in most cases. Both Firefox and Internet Explorer have been targeted successfully on Windows.

A man in a browser attack is similar to a man in the middle strategy, in which an attacker accepts messages in a public key exchange. The attacker then sends them back, substituting fake public keys for the requested ones.

In a browser attack it is more difficult to intercept and disinfect a person, however, because instead of being in a public exchange, there is activity between the user and the security mechanisms within the user’s browser.

How to prevent from man in a browser cyber attack ?

In addition to using up-to-date OS and a good update security software, security is just common knowledge at the moment of writing this article. You have to be careful on the Internet. You do not easily give credit card or social security information to anyone in real life, so why should you do this in the online world?

Be on the lookout for what all the information asks you when logging in or during registration. If nothing is added, skip and notify webmasters.Just close the browser and reopen it and start a new session and see if the same field appear again.

Apart from the above, you also have to keep extensions etc. in mind to prevent a man in the browser attack. Use only reputable extensions and try to use the minimum of them. If you still find anything wrong, contact the webmasters of the said website.

5.Exploit attack

A computer exploit, or exploit, is a cyber attack on a computer system, particularly one that takes advantage of a particular vulnerability that the system provides to intruders.

How to prevent from Exploit attack?

  • Keep All Software Up to Date.
  • Determine the Severity of Vulnerabilities and Prioritize.
  • Only Use Trusted Software.
  • Minimize the Impact of Zero-Day Attacks.
  • Install a Powerful Antivirus.

6.Buffer overflow attack

Stack-based buffer overflow exploitation is the most common and most commonly exploited possibility to take the code execution of a process remotely.

These exploits were extremely common 20 years ago, but since then, a large amount of effort by operating system developers, application developers, and hardware manufacturers to reduce stack-based overflow attacks has also been used with changes made by developers of standard libraries has been done.

How to prevent from Buffer overflow attack?

  • Address space randomization (ASLR).
  • Structured exception handler overwrite protection.
  • Web Application Firewall.
  • API Security.

7.Email spoofing attack

Email spoofing is a type of fake emailing process in which the attacker will send you a fake email.And when you grant or click on any link in that email that attacker will access all your information.

Email spoofing is a popular strategy that is used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate or familiar source. The goal of email spoofing is to get recipients to open up, and possibly even respond to a solicitation.

How to prevent from Email spoofing attack?

  • Keep your software which are anti malware up to date.
  • Do not share private or financial information through email.
  • Turn spam filters on to the strongest settings, or use tools like Gmail’s Priority Inbox.
  • Avoid clicking suspicious links or downloading suspicious attachments.
  • Never enter sensitive information into links that are not secure.
  • Learn how to open and read email headers for signs of email spoofing.

Passive Attack

Passive Attack

In this attack, a person only read your message nothing else.This attack may learn or make use of message and data from the system but not affect the system resource.

For example

Suppose two people are chatting on whatsapp ,while the attacker will attack in passive mode the he/she might can only see your conversations ,what you are texting to each other .

But he/she might can not make any changes to the text ,while in active attack can.

Here are some example of Passive Cyber Attack

  1. 1. Computer surveillance
  2. 2.Fiber tapping
  3. 3.Port scanning
  4. 4.Backdoor
  5. 5.Vulnerabilities
  6. 6.Data scraping

1. Computer surveillance

Computer surveillance refer to monitor computer activity from home or workplace. It mean keeping eye on every activity and task done by a computer you choose.

Computer surveillance can be done into different ways like IP surveillance ,Hard Drive surveillance ,Network surveillance, software surveillance ,etc.

The most important question is, why computer surveillance is important?.

So ,computer surveillance is important because you will able to know what your kids and employee doing with the computer .Are the not doing any illegal activities.

2.Fiber tapping

Fiber tapping uses a network tap method that extracts signals from an optical fiber without breaking the connection. Tapping optical fibers allows diverting signals to be transmitted to another fiber or to a detector in the fiber’s core.

3.Port scanning

A port scanning is a type of attack in which the attacker sends client a request to a range of server and post address or host,for searching the active port from where the attacker can get a Vulnerabilities .

4.Backdoor

A backdoor refers to a type of cyber attack from where the attacker create a type of path ,and can easily access all the information and data of a client system.A developer may create backdoor so the application might be accessed while the troubleshooting .

A backdoor is a means for an attacker to easily get into windows workstation, often, the initial attack on a workstation is difficult and potentially detectable by a firewall or IOS device. So the attacker will install an application that will allow to get back into the workstation quickly and easily. These backdoors are often stealthy and difficult to detect.

5.Vulnerabilities

A vulnerability is a weak point of any system from where the attacker might can access all the data and information and so many things.

A vulnerability can give access to a attacker to run code and install malware to a system and steal modify or destroyed a sensitive data.

6.Data scraping

Data scrapping is a type of web scraping from where we can easily import website information into our computer system.

The main things which may be compromise in terms of cyber attack

  • 1.Confidentiality
  • 2.Integrity
  • 3.Availability

1.Confidentiality

When two system is connected with one another and one system sends message to other system without accessing this message from an unauthorized person. This process is known as confidentiality.

In this process,  when a user send message to other at this time this message is access by only those who are allowed by the user to see this and who are disallowed by the user to see the message not able to see this and read the content of this message.

2.Integrity

When one system send a message to another system and this message reached to another system and this message reached to another system without any change in their content. This process is known as integrity.

3.Availability

Availability ensures that once the user captures the data in a computer system, it must make the data available to the user when they request it.

How to overcome Cyberattack?

  1. System Security
  2. Cyber Security

1. System Security

System Security
  • Basically system security provide protection to our computer system and information from the hacker and the unauthorized user.
  • Computer security provide protection to our system when we communicate over the computer   network.
  • Computer security also provide protection to our data which is stored in memory for future use.
  • It also protects our personal data and important information from unauthorized user and hacker.
  • It gives protects from viruses which is harmful for our system and data which is stored in memory for future use.
  • With the help of computer system security user can run programs in quicker and smoother way.
  • It maintain our systems health.

2. Cyber Security

Cyber Security

It refers to the protection of our computer system such as hardware and networks from attacks, damages that is done by unauthorized user or a hacker.

Cyber security alludes to a lot of strategies used to ensure the trustworthiness of systems, projects and information from assault, harm or unapproved get to.

Some important tips for how to be safe from cyber attack?

  1. Don’t download any unknown file, email and also don’t download .exe file from any source on internet because there is exactly a virus inside these file.
  2. First off all take the backup of all the data and file which is stored in your computer system daily and use any external hard dirk or use cloud storage.
  3. And always your window firewall or to install a very useful antivirus in your system and switch off the app remote sharing option in window computer.
  4. If we use any pen-drive then switch off the auto play option of pen-drive and scan these pen-drive.
  5. And if we fell that attack countered on your system then disable the internet from your computer system.

How to see cyberattack live?

We can see the live cyber attack by using various sites. By using this site we see how an attack is forced or enhanced in computer system over a country.

  1. www.map.norsecorp.com
  2. www.digitalattackmap.com
  3. www.fireeye.com
  4. www.threatmap.checkpoint.com

Final words

Hope you like this article. May i can full fill requirement of your knowledge.So if you like this article then give your valuable feedback in comment section and share with your friends:)

Leave a Reply

avatar
  Subscribe  
Notify of