Common types of cyber attacks

Cyber attacks come in many different forms, mainly involving denial of service and spoofing. Alex Mayne explains the types of attack that security devices such as firewalls actually protect us from.

computer virus

This week I’m considering the different kinds of attacks that security devices, such as firewalls, actually protect us from. I’ll also be looking at the growing market of cyber security, which is leading to an increased demand for security engineers by telecommunications companies.

Common types of cyber attack include denial of service (DOS) and spoofing. When successful, a DOS attack results in a machine or network becoming unavailable to its intended users. This was seen in the attack on the South Korean TV broadcast stations and banks.

Spoofing

A person or program falsifies information to masquerade as someone else or another application. An example is email address spoofing whereby the sender information, i.e. the ‘From’ field, is spoofed to hide the true origins of the email, whilst also imitating another email address. Email address spoofing is widely used in phishing attacks whereby someone fraudulently sends out an email to acquire sensitive information, such as usernames, passwords and credit card details, by impersonating a trustworthy entity, i.e. a bank.

Man in the middle

An attacker manages to infiltrate a communication system to impersonate each endpoint to the satisfaction of each other. This can be done very easily if an attacker connects to an unencrypted wireless access point. The attacker can then intercept the information sent from an unsuspecting victim as well as the information they would be expecting to receive. This can be particularly critical should the unsuspecting victim be using online banking. Not only could the attacker view all the information being transferred to and from you and your bank they could spoof the bank website to siphon your private details or to divert all payments made to their own account.

Spyware/viruses and trojans

These are malicious programs that attackers will bundle into other legitimate programs, or will try and trick their target into running. Spyware, when run, will spy on you to track predetermined bits of information, i.e. your keystrokes or websites visited.

A trojan is a piece of software that can have similar functionality to spyware, however, it gives the attacker more control, i.e. remote access or control of the victim’s system.

A virus is similar to a trojan with the added functionality that, when run on your system, it will try and autonomously proliferate and infect other systems.

Buffer overflow

Some applications, when improperly programmed, can be vulnerable to what is known as a buffer overflow exploit. This is where an application is expecting a maximum amount of information. Should an attacker subsequently input a larger than expected piece of information, the application will malfunction in such a way as to allow an arbitrary piece of any code of the attacker’s choice to be executed.

Depending on the severity of the vulnerability this can result in a DOS of the application or of the whole computer, plus privilege escalation, a means of illicitly obtaining permissions not granted by the system administrator. In the worst case scenario, full unadulterated control of the computer can be obtained. If a buffer overflow exploit can be executed over a network then the vulnerable computer can potentially be remotely taken control of, giving the attacker full access to do as they please.

 

The above are some common means and methods in the arsenal of a cyber attacker. To keep yourself protected make sure you are running a good firewall and heuristic anti-virus. Make sure all permissions and databases are fully up to date and don’t run any programs that you aren’t 100% sure are legitimate.

 

Register for Updates

Register to receive news updates straight to your inbox.
  • We will only send you marketing information using the details you have provided to deliver, develop and promote our products and services if you give us consent to do so. Please use the options below to indicate if you consent to us using your information for this purpose. For further information please read our privacy notice.
  • This field is for validation purposes and should be left unchanged.

Newsletter

Sign up to our newsletter
  • We will only send you marketing information using the details you have provided to deliver, develop and promote our products and services if you give us consent to do so. Please use the options below to indicate if you consent to us using your information for this purpose. For further information please read our privacy notice.
  • This field is for validation purposes and should be left unchanged.

Technology Form

  • We will only send you marketing information using the details you have provided to deliver, develop and promote our products and services if you give us consent to do so. Please use the options below to indicate if you consent to us using your information for this purpose. For further information please read our privacy notice.

Get in touch with us

We're ready to show you the future of consulting. Just fill out the form below!
  • We will only send you marketing information using the details you have provided to deliver, develop and promote our products and services if you give us consent to do so. Please use the options below to indicate if you consent to us using your information for this purpose. For further information please read our privacy notice.

PPI Case Handler Profile

Complete your details below to receive our PPI Case Handler profile.
  • We will only send you marketing information using the details you have provided to deliver, develop and promote our products and services if you give us consent to do so. Please use the options below to indicate if you consent to us using your information for this purpose. For further information please read our privacy notice.
  • This field is for validation purposes and should be left unchanged.

Subject Access Request

    We require basic personal details to locate you on our records.

Request to Delete your Personal Data

    We require basic personal details to locate you on our records so we can delete your information.

Request to Withdraw Opt-In

    We require basic personal details to locate you on our records.