3. Introduction
Security is simply the freedom from risk or danger when you create systems that store and
retrieve data, it is important to protect the data from unauthorized use, disclosure, modification or
destruction. Ensuring that users have the proper authority to see the data, load new data, or update
existing data is an important aspect of application development.
If you know what types of cyberattacks then you can know what you’re up against and it’s will be
easier to implement a comprehensive security strategy.
we will discuss most common security attacks and how they work. Then we’ll share some tips and
tools to help protect against them
Availability
4. What is Cybersecurity
Cybersecurity is a practice of protecting through implementing effective cybersecurity measures
which is particularly challenging today because there are devices more than people, and attackers
are becoming more innovative.
1. Cybercrime includes single actors or groups targeting systems for financial gain or to cause
disruption.
2. Cyberattack often involves politically motivated information gathering.
3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.
Types Cybersecurity Threats
5. Types of cyberattack
Most common types of cyberattack :
1. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
2. Man-in-the-middle (MitM) attack
3. Password attack
4. Phishing and spear phishing attacks
5. Eavesdropping attack
6. Birthday attack
7. Malware attack
6. It overwhelms a system’s
resources by flooding the system
with fake requests until it cannot
respond to service requests.
1. Denial-of-service (DoS),
distributed denial-of-service
(DDoS) attacks
7. 2. Man-in-the-middle
(MitM) attack
Hacker inserts itself between the
communications of a client and a
server,some common types of man-in-
the-middle attacks:
In a MITM attack, the two parties
involved feel like they are
communicating as they normally do.
What they do not know is that the person
actually sending the message illicitly
modifies or accesses the message before
it reaches its destination. Some ways to
protect yourself and your organization
from MITM attacks is by using strong
encryption on access points or to use a
virtual private network (VPN).
8. 3. Password attack
passwords are the most commonly used mechanism to authenticate users to an information system,
obtaining passwords is a common and effective attack approach through outright guessing which can be done
using either a random or systematic manner:
• Brute-force password guessing means using a random approach by trying different passwords and hoping
that one work Some logic can be applied by trying passwords related to the person’s name, job title,
hobbies or similar items.
• Dictionary attack, a dictionary of common passwords is used to attempt to gain access to a user’s
computer and network. One approach is to copy an encrypted file that contains the passwords, apply the
same encryption to a dictionary of commonly used passwords, and compare the results.
In order to protect yourself from dictionary or brute-force attacks, you need to implement an account
lockout policy that will lock the account after a few invalid password attempts
9. 4. Phishing and spear
phishing attacks
Phishing is when cybercriminals
target victims with emails that appear to be from
a legitimate company asking for sensitive
information. Phishing attacks are often used to
dupe people into handing over credit card data
and other personal information.
• Whale-phishing Attacks
A whale-phishing attack is so-named because it
goes after the “big fish” or whales of an
organization who can be valuable to attackers,
which typically include those in the C-suite or
others in charge of the organization.
• Spear-phishing Attacks
The attacker takes the time to research their
intended targets and then write messages the
target is likely to find personally relevant. These
types of attacks are aptly called “spear” phishing
because of the way the attacker hones in on one
specific target. The message will seem
legitimate, which is why it can be difficult to spot
a spear-phishing attack.
10. 5. Eavesdropping attack
Eavesdropping attacks involve
the bad actor intercepting traffic as it is
sent through the network. In this way, an
attacker can collect usernames,
passwords, and other confidential
information like credit cards.
Eavesdropping can be active or passive.
1. Passive eavesdropping — A hacker
detects the information by listening to
the message transmission in the
network.
2. Active eavesdropping — A hacker
actively grabs the information by
disguising himself as friendly unit and
by sending queries to transmitters. This
is called probing, scanning or
tampering.
11. 6. Birthday Attack
In a birthday attack, an attacker abuses a security feature: hash algorithms, which are used to
verify the authenticity of messages. The hash algorithm is a digital signature, and the receiver of the
message checks it before accepting the message as authentic. If a hacker can create a hash that is
identical to what the sender has appended to their message, the hacker can simply replace the
sender’s message with their own. The receiving device will accept it because it has the right hash.
7. Malware Attack
Malicious software can be described as unwanted software that is installed in your system
without your consent. It can attach itself to legitimate code and propagate; it can lurk in useful
applications or replicate itself across the Internet. Here are some of the most common types of
malware:
• The Virus — A computer virus is a type of malware. Much like a biological virus, it is a program
that can replicate itself and spread from one computer to another. It is a process of replication that
gave this type of program its name.
12. • Trojans — A Trojan or a Trojan horse is a program that hides in a useful program and usually has
a malicious function. A major difference between viruses and Trojans is that Trojans do not self-
replicate.
• Worms — Worms differ from viruses in that they do not attach to a host file, but are self-contained
programs that propagate across networks and computers. Worms are commonly spread through
email attachments; opening the attachment activates the worm program.
• Logic bombs — A logic bomb is a type of malicious software that is appended to an application
and is triggered by a specific occurrence, such as a logical condition or a specific date and time.
• Stealth viruses — Stealth viruses take over system functions to conceal themselves. They do this
by compromising malware detection software so that the software will report an infected area as
being uninfected.
• System or boot-record infectors — A boot-record virus attaches to the master boot record on
hard disks. When the system is started, it will look at the boot sector and load the virus into
memory, where it can propagate to other disks and computers.
13.
14. Conclusion
Implementing effective cybersecurity measures is
particularly challenging today because there are more
devices than people, and attackers are becoming more
innovative.
Overall, the awareness and alertness of end-user to
discover the suspicious activity make the best and
strongest protection style.
15. Resources
Stallings, W (2016). Cryptography and Network Security Principles and Practice.
6th Edition on 20 Aug 2016, United States of America, Prentice Hall.
Sikorski M. and Honig, A. (2012). Practical Malware Analysis, William Pollock. 2012,
United States of America, San Francisco.