Cyber attacks come in many different forms, mainly involving denial of service and spoofing. Alex Mayne explains the types of attack that security devices such as firewalls actually protect us from.
This week I’m considering the different kinds of attacks that security devices, such as firewalls, actually protect us from. I’ll also be looking at the growing market of cyber security, which is leading to an increased demand for security engineers by telecommunications companies.
Common types of cyber attack include denial of service (DOS) and spoofing. When successful, a DOS attack results in a machine or network becoming unavailable to its intended users. This was seen in the attack on the South Korean TV broadcast stations and banks.
A person or program falsifies information to masquerade as someone else or another application. An example is email address spoofing whereby the sender information, i.e. the ‘From’ field, is spoofed to hide the true origins of the email, whilst also imitating another email address. Email address spoofing is widely used in phishing attacks whereby someone fraudulently sends out an email to acquire sensitive information, such as usernames, passwords and credit card details, by impersonating a trustworthy entity, i.e. a bank.
Man in the middle
An attacker manages to infiltrate a communication system to impersonate each endpoint to the satisfaction of each other. This can be done very easily if an attacker connects to an unencrypted wireless access point. The attacker can then intercept the information sent from an unsuspecting victim as well as the information they would be expecting to receive. This can be particularly critical should the unsuspecting victim be using online banking. Not only could the attacker view all the information being transferred to and from you and your bank they could spoof the bank website to siphon your private details or to divert all payments made to their own account.
Spyware/viruses and trojans
These are malicious programs that attackers will bundle into other legitimate programs, or will try and trick their target into running. Spyware, when run, will spy on you to track predetermined bits of information, i.e. your keystrokes or websites visited.
A trojan is a piece of software that can have similar functionality to spyware, however, it gives the attacker more control, i.e. remote access or control of the victim’s system.
A virus is similar to a trojan with the added functionality that, when run on your system, it will try and autonomously proliferate and infect other systems.
Some applications, when improperly programmed, can be vulnerable to what is known as a buffer overflow exploit. This is where an application is expecting a maximum amount of information. Should an attacker subsequently input a larger than expected piece of information, the application will malfunction in such a way as to allow an arbitrary piece of any code of the attacker’s choice to be executed.
Depending on the severity of the vulnerability this can result in a DOS of the application or of the whole computer, plus privilege escalation, a means of illicitly obtaining permissions not granted by the system administrator. In the worst case scenario, full unadulterated control of the computer can be obtained. If a buffer overflow exploit can be executed over a network then the vulnerable computer can potentially be remotely taken control of, giving the attacker full access to do as they please.
The above are some common means and methods in the arsenal of a cyber attacker. To keep yourself protected make sure you are running a good firewall and heuristic anti-virus. Make sure all permissions and databases are fully up to date and don’t run any programs that you aren’t 100% sure are legitimate.