Lesson 10. Cyber Attack Types and Prevention

Rogue Access Point Attack

This type of attack involves an unauthorized router being placed within a network by an attacker. This rogue access point often lacks the necessary security configurations, providing an easy entry point for malicious activities like data theft or system disruption.

Evil twin

An Evil Twin attack uses a fake wireless access point that mimics a legitimate one, often in public places like coffee shops. Unsuspecting users connect to the fake network, allowing attackers to intercept their credentials and sensitive information.

Interference(Jamming)

This is a denial-of-service attack where devices, such as microwaves or metal objects, are strategically placed to disrupt wireless network signals. By creating noise and signal blockage, attackers can prevent legitimate users from accessing the network.

War driving

War driving is the practice of using wireless detection equipment while driving around to identify vulnerable wireless networks. Attackers often mark the locations of these networks with chalk to return later and attempt an attack based on the network's security level.

Bluesnarfing

Bluesnarfing is a Bluetooth-based attack where unauthorized access is gained to information stored on a wireless device. Attackers can exploit vulnerabilities in Bluetooth connections to steal data like contacts, messages, and calendar entries without the user's knowledge.

Bluejacking

Bluejacking involves sending unsolicited messages, such as texts, images, or sounds, to nearby Bluetooth-enabled devices. While generally more of a nuisance than a serious threat, it can be used for phishing or to spread misinformation.

Bluebugging

This is a more severe Bluetooth attack that allows an attacker to take complete control of a mobile phone. Once compromised, the attacker can listen to calls, forward calls, send messages, and potentially access other sensitive data on the device.

Cross-Site Scripting (XSS)

In an XSS attack, malicious scripts are injected into websites that are then executed by unsuspecting users in their web browsers. These scripts can be used to create backdoors, steal login credentials, redirect users to malicious sites, or deface websites.

Structured Query Language (SQL) Attack

An SQL injection attack exploits vulnerabilities in web applications that interact with databases. Attackers inject malicious SQL code through input fields to manipulate the database, potentially allowing them to view, modify, or delete data, or even execute commands on the database server.

LDAP injection

This type of attack involves inserting malicious code into LDAP queries to gain unauthorized access to sensitive information stored on an LDAP server. Because it operates at the application layer, it can often bypass traditional

network security measures like firewalls.

XML Injection Attack

XML injection attacks target applications that use XML for data transfer or configuration. By injecting malicious XML code, attackers can manipulate the application's behavior, potentially leading to data theft, modification, or denial of service.

Directory Traversal Attacks (Command Injections)

These attacks exploit vulnerabilities in web servers to access restricted directories and execute commands outside the intended server root. Attackers can inject code into file paths or other input fields to navigate the file system and potentially gain control of the server.

Buffer Overflow

A buffer overflow occurs when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory locations. 1 Attackers can exploit this by carefully crafting input that overwrites critical program data or injects malicious code, allowing them to take control of the system.

Zero Day Exploit

A zero-day exploit is an attack that takes advantage of a previously unknown software vulnerability for which no patch or fix exists. Because there is no known defense, these attacks can be particularly dangerous until the vulnerability is discovered and addressed by the software vendor.

Session (TCP) Hijacking

This attack involves an attacker taking control of an established communication session between two parties on a network. By intercepting session tokens or exploiting vulnerabilities in the TCP/IP protocol, the attacker can impersonate one of the parties and carry out malicious activities.

MAC Filtering and Limiting

MAC filtering is a security measure that uses Media Access Control (MAC) addresses to control which devices are allowed to access a wireless network. By creating an allow list of authorized MAC addresses, network administrators can prevent unauthorized devices from connecting.

802.1X

This is a port-based network access control protocol that provides an authentication mechanism for devices attempting to connect to a LAN or WLAN. It ensures that only authenticated and authorized devices can gain access to the network, preventing rogue devices from operating even if they are physically connected.

Port Security

Port security encompasses both physical and logical measures to protect network ports from unauthorized access. Physically, it involves securing devices in locked cabinets or rooms. Logically, it includes disabling unused ports in the BIOS or network device configurations to reduce potential attack vectors.