Methods Hackers Use to Attack a Network can include software-based attacks like cross-site scripting (XSS) and buffer overflows, infrastructure attacks such as denial-of-service (DOS) attacks and viruses, and physical attacks involving theft of hardware, information, or other resources. Software attacks target application vulnerabilities, infrastructure attacks compromise network resources, and physical attacks involve directly accessing systems or stealing equipment. Defenses include keeping software updated, using firewalls and antivirus software, and protecting physical access to systems and sensitive data.
3. Software-Based Attacks
Cross Site Scripting (XSS):
What is it:
Cross-site scripting (XSS) occurs when malicious scripts are
introduced in a dynamic form that can allow the attacker to gain
sensitive information.
Defense:
Disable scripting, do not click links that are not trusted, avoid
links taking you to sites requesting sensitive information, and
always go to a sites main page directly if you need to access it.
Example:
Facebook suffered from an XSS attack from a feature their
“Instant Personalization Feature.” Profile information, and emails
of associated people were capable of being seen. Facebook
temporarily removed this feature from the site.
Reference: http://www.ibm.com/developerworks/web/library/wa-
secxss/, http://www.pcworld.com/article/198805/crosssite_scripting_an_old_problem_returns.html
4. Software-Based Attacks
Buffer Overflow:
What is it:
A buffer overflow condition exists when a program tries to put too
much data into a buffer that does not have room or the overflowing
data is tried to be written outside the buffer. Overloading the block of
allocated memory, the memory can become corrupt, cause programs
to crash, or allow for malicious code to execute.
Defense:
Use a different language, canary-based defenses, non-executing stack
defenses, split-stack approaches, etc.
Example:
An exploit found in Microsoft Visual Basic for applications has the
potential for a remote buffer overflow attack due to searching for
ActiveX embedded in Microsoft Office documents. An attacker could
abuse the privileges of the logged in user by executing code, and
applications could even crash.
Reference: http://www.owasp.org/index.php/Buffer_Overflow, http://www.ibm.com/developerworks/linux/library/l-
sp4.html, http://us.norton.com/security_response/vulnerability.jsp?bid=39931
5. Software-Based Attacks
SQL Injection:
What is it:
SQL injection is an attack in which malicious code is inserted in
strings to be executed by SQL server. Anything involving SQL
statements should be checked for any vulnerabilities because SQL
Server will execute all valid queries.
Defense:
Validate user input, do not use dynamic SQL, execute with a least
privilege account, encryption, and error messages that do not show
much information.
Example:
Mysql.com and Sun.com became targets of a SQL injection attack
from poor coding and lack of proper testing. Account information
such as email addresses, and username/password tables were made
viewable.
Reference: http://msdn.microsoft.com/en-us/library/ms161953.aspx, http://msdn.microsoft.com/en-
us/magazine/cc163917.aspx, http://www.theinquirer.net/inquirer/news/2037717/suncom-mysqlcom-succumb-sql-
injection-attack
6. Software-Based Attacks
Logic Bomb:
What is it:
A logic bomb is set to execute when certain conditions are met, or a
specific time approaches, so either time-related or action-related.
Logic bombs can delete critical files, prevent backups from
occurring, and many other things.
Defense:
Restrict access, do not allow one person to have too much
responsibility, it is best to split up privileges amongst several
people, manage account information, perform audits, and use
controls that will monitor for any changes that could lead to a logic
bomb.
Example:
UBS had to pay more than $3 million in repairs of lost data, lost
business, and more due to a disgruntled employees logic bomb. He felt
that he deserved more money from his bonus, so he retaliated.
Reference: http://antivirus.about.com/b/2006/06/08/ubs-logic-bomb-a-grudge-
attack.htm, http://www.ehow.com/how_7565078_prevent-logic-bombs.html
7. Software-Based Attacks
Back Door:
What is it:
A back door is access to a program by avoiding security measures. A
programmer, for the better, can install this to help with
troubleshooting. Attacks normally use a back door to help with their
malicious exploits.
Defense:
Make sure that your operating system, and other software are up to
date. Only download software that you trust.
Example:
OSX.HellRTS.D is a back door targeting Mac computers that can take
full control of a compromised system by sending emails, downloading
software, screen sharing, file access, etc. The coding was being passed
around on forums for hackers to use.
Reference:
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci962304,00.html, http://www.pcworld.com/article/194462/
9. Infrastructure-Based Attacks
Denial of Service (DOS):
What is it:
In a denial-of-service (DoS) attack, an attacker tries to prevent a user
from having access to the computer. An attacker may prevent you
from accessing files on your computer, accessing particular web
sites, preventing you from making changes on your computer, and
many more.
Defense:
Use an anti-virus, and make sure that it is up to date, use a firewall to
prevent unwanted traffic, do not open emails from people you do not
know, and use filters to manage your email.
Example:
Twitter was a target of a DOS attack that left users unable to connect
for at least three hours. 44 million users were unable to connect, and
any applications relying off Twitter servers were unable to be used.
Reference: http://www.us-cert.gov/cas/tips/ST04-015.html, http://www.wired.com/epicenter/2009/08/twitter-
apparently-down/
10. Infrastructure-Based Attacks
Virus:
What is it:
Viruses replicate infecting your files, alters the way your computer
operates, and even can stop the computer from working.
Defense:
Make sure your anti-virus and operating are up to date, use a
firewall, back up your system, and you could use additional
scanners to be safe.
Example:
Geinimi is a virus circulating around on the Android Market
packaged in some downloadable games and applications that
infects the phone into dialing into a remote computer every five
minutes looking for instructions on what to do next. So far, no bot
net attacks have been used, just gathered information.
Reference: http://www.webroot.com/En_US/csc/computer-security-threats-computer-
viruses.html, http://www.ehow.com/how_5870201_prevent-computer-virus-
infection.html, http://www.msnbc.msn.com/id/40857219/ns/technology_and_science-wireless/
11. Infrastructure-Based Attacks
Worm:
What is it:
A computer worm is a program that will replicate itself, and
spread to others. Worms can destroys files and data, using
bandwidth, and taking up memory.
Defense:
Use a firewall, make sure your anti-virus operating system are up
to date, do not open attachments from email.
Example:
The Conficker worm was estimated to have infected 10+ million
computers in 2009. This virus was shared through files, removable
devices, computers that were not up to date, and continued to
spread out to others who were vulnerable.
Reference: http://www.ehow.com/facts_6045759_computer-
worm_.html?ref=Track2&utm_source=ask, http://www.webroot.com/En_US/csc/computer-security-threats-computer-
12. Infrastructure-Based Attacks
Trojan:
What is it:
A trojan horse is a two part problem consisting of a client: software,
and server: attacker. The client is an appealing download or link that
installs on your computer, and once you execute what you have
downloaded, the attacker can gain access to your computer, and do
damage.
Defense:
Do not open email from someone you do not know, do not click links
in emails, do not download from a site you do not trust, unless you
fully trust it, use a firewall and keep your anti-virus updated,
especially when you are connected to internet.
Example:
Bankash-A was a trojan targeting Windows Anti-spyware that was still
in beta stages. This trojan attacked United Kindgom bankers by trying
to steal sensitive information by installing a fall named ASH.DLL onto
the compromised computer.
Reference: http://www.tech-faq.com/trojan-virus.html, http://www.ehow.com/how_6821559_prevent-trojan-
viruses.html, http://news.cnet.com/Trojan-attacks-Microsofts-anti-spyware/2100-7349_3-5569429.html
13. Infrastructure-Based Attacks
Spyware:
What is it:
Spyware is usually unintentionally downloaded software that records
where you visiting on the Internet. The intentionally downloaded
variety help employers watch what their employees are doing, let
parents watch what their kids are doing, and allows the law to find
criminals.
Defense:
Do not download from a site you do not trust, do not download free
software from sites, even trusted , do not download anything from
email links, download an anti-spyware program, such as: Spybot
Search and Destroy.
Example:
Spyware.Phonecreeper is spyware on a compromised phone running
Windows Mobile that can steal information.
Reference:
http://www.ehow.com/about_5164255_spyware.html?ref=Track2&utm_source=ask, http://www.ehow.com/how_459717
9_prevent-spyware-installation.html, http://us.norton.com/security_response/writeup.jsp?docid=2010-102005-1128-99
14. Infrastructure-Based Attacks
Adware:
What is it:
Adware is unintentionally downloaded software that will display
advertisements. RAM and CPU cycles can be affected by adware causing
performance issues. Internet may become slow by connecting to sites for
advertisements. They are poorly coded, and may cause other performance
issues with your computer.
Defense:
Most software which removes spyware will also remove adware. Some adware
removal tools include: AdAware, Spybot Search & Destroy, and SpySweeper.
Example:
Facebook was a target of an adware attack where an ad showed a woman in
little clothing on an exercise bike titled “Sexiest Video Ever.” Several people
interested in this clicked the link, but were prompted to download the proper
software to view the video. Unfortunately, they just downloaded malware
called Hotbar. This would connect users to servers to pop up
advertisements, and potentially steal personal information.
Reference: http://www.tech-faq.com/adware.html
16. Physical Attacks
Stealing Hardware
What is it:
A person physically steals your hard drive, USB, or other devices
to maliciously steal information you may have saved on them.
Defense:
Make sure hardware that may have sensitive information is
properly protected. Any information on a hard drive or any other
device should be encrypted or password protected to make it
harder for a hacker to access if your hardware is stolen from
another source.
Example:
An attacker stealing a removable device or even a computer to try
to gain access to sensitive data that is stored on the device.
17. Physical Attacks
Stealing Information:
What is it:
Hackers who may steal information through an Internet connection
from your computer or someone who accesses your computer
physically that could compromise sensitive information.
Defense:
Digitally, password protect all information that is sensitive. If
possible, encrypt anything that is considered sensitive information.
Physically, make sure to shred, and properly dispose of any
paperwork/devices that are no longer needed that may contain
sensitive information.
Example:
An employee steps away from the computer while remaining logged in
to sensitive applications, as another employee with malicious intent
walks by, and accessing information you have revealed on your
computer.