#attack vectors

Introduction to threats:

What are cyber threats? How do these threats affect us and our lives? 

These are some very simple questions that we always overlook. In the generation of the internet the most important thing is data. Data is easily available all over the internet. Breaches in data can cost big MNC millions in loss. 

Data security is an umbrella term in the field of cyber security. Data security is the process of safeguarding digital information throughout its entire life cycle to protect it from corruption, theft, or unauthorized access. It covers everything—hardware, software, storage devices, and user devices; access and administrative controls; and organizations' policies and procedures. The main goal of data security is to maintain confidentiality, integrity and availability of data.

Even though we have information about data security we still haven’t understood the concepts of cyber threats and how it affects us. Just knowing data security cannot help you protect your device. In our growing community of cybersecurity every day new vulnerabilities and loop holes are discovered which can be exploited fairly easily to breach data. A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include computer viruses, data breaches, Denial of Service (DoS) attacks, and other attack vectors.

Now you must wonder what are these different attacks specified and what's the terms attack vectors. Lets learn these topics and understand how they work.

Attack Vectors:

Attack vectors are pathways or methodologies used by attackers to exploit vulnerabilities on system networks, applications, even devices to gain access, breach data, disrupt services, etc. These attacks compromise your security for the attackers personal gain. Let's learn some common attack vectors:

Phishing: Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The recipient is tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information. Phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack.

Types of phishing:

Email Phishing: Usually appear to come from a well-known organization and ask for your personal information — such as credit card number, social security number, account number or password

Smishing: When someone tries to trick you into giving them your private information via a text or SMS message

Vishing: It is the telephone equivalent of phishing. It is described as the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft.

Spear phishing: The fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information

Whaling: A method to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization, with the aim of stealing money or sensitive information or gaining access to their computer systems for criminal purposes.

Malware: Malware, which is short for "malicious software," is any software specifically designed to harm, disrupt, or gain unauthorized access to computer systems, networks, or user data. It can take various forms and serve different purposes, including stealing sensitive information, causing damage to systems, or enabling remote control of compromised devices. There are several common attack vectors through which malware can be introduced into a target system:

1. Email Attachments: Malware can be distributed through email attachments, where users unknowingly open files attached to seemingly harmless emails, allowing the malware to execute and infect their system.

2. Malicious Downloads: Malware can be bundled with seemingly legitimate downloads, such as software installers or free content available on the internet. Users unknowingly download and install the malware-infected files, enabling the malware to take hold.

3. Infected Websites: Malware can be hosted on compromised or malicious websites. When users visit these websites, their systems can become infected through drive-by downloads, where the malware is automatically downloaded and executed without their knowledge.

4. Removable Media: Malware can spread through infected USB drives, external hard drives, or other removable media. When users connect these devices to their computers, the malware can be automatically transferred.

5. Drive-by Downloads: These occur when users visit compromised websites that exploit vulnerabilities in their web browsers, plugins, or operating systems to automatically download and install malware onto their devices.

6. Social Engineering: Malware can also be delivered through social engineering tactics, where attackers manipulate users into willingly executing or installing malicious software. This can involve convincing users to click on fake links, open infected attachments, or interact with malicious content.

7. Software Vulnerabilities: Malware can exploit known vulnerabilities in software applications or operating systems. Attackers create malware that specifically targets these vulnerabilities, allowing the malware to enter and compromise the system.

8. Malvertising: Malicious advertising, or malvertising, involves spreading malware through online advertisements. Attackers embed malware in ads displayed on legitimate websites, redirecting users to malicious websites or prompting them to download infected files when clicked.

9. File Sharing Networks: Malware can be distributed through peer-to-peer (P2P) file sharing networks, where users unknowingly download infected files while attempting to download legitimate content.

To protect against malware attacks, it is important to regularly update software and operating systems, use reputable antivirus and anti-malware tools, exercise caution when opening email attachments or clicking on links, avoid downloading files from untrusted sources, and maintain awareness of potential social engineering tactics. 

Man-in-the middle attack: It's an attack vector where an attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. In a MITM attack, the attacker positions themselves between the legitimate sender and receiver, allowing them to eavesdrop on the communication or manipulate the data being transmitted without the parties' knowledge.

Here's how a MITM attack works and its attack vector:

1. Attack Process:

   - Alice wants to communicate with Bob.

   - The attacker secretly positions themselves between Alice and Bob's communication channel.

   - Alice sends a message, thinking it's going directly to Bob.

   - The attacker intercepts the message before it reaches Bob.

   - The attacker can then choose to either pass the original message to Bob after reading it or alter the message before sending it to Bob.

   - Bob receives the message, unaware that an attacker has intercepted it.

2. Attack Vector:

   The attack vector for a MITM attack can involve various methods, including:

   - Unsecured Wi-Fi Networks: Attackers can exploit public Wi-Fi networks that lack proper security measures. They can use tools to intercept traffic between users and the network, making it easy to perform MITM attacks.

   - ARP Spoofing: Attackers can manipulate the Address Resolution Protocol (ARP) tables on a local network, redirecting traffic meant for one device to their own machine.

   - DNS Spoofing: By altering the Domain Name System (DNS) records, attackers can redirect users to malicious websites without their knowledge.

   - BGP Hijacking: In more advanced attacks, attackers can manipulate Border Gateway Protocol (BGP) routes to reroute traffic through their own systems.

   - Compromised Routers: If an attacker gains control of a router, they can intercept and manipulate traffic passing through it.

   - Malicious Software: Malware that's installed on a user's device can manipulate their network traffic and intercept communications.

A New Academic Paper Describes 3 Attack Methods Against an Ethereum PoS Chain

Following the Altair upgrade on the Ethereum network, the protocol’s native cryptocurrency reached a new all-time price high. Altair is the next step for the Ethereum’s network’s proof-of-stake (PoS) transition. However, a recently submitted white paper explains that a group of computer scientists from Stanford University and the Ethereum Foundation believe there are three attack vectors “on [a]…

What Meltdown and Spectre Flaws Mean for Crypto

Recently leaked computer vulnerabilities Meltdown and Spectre offer yet another reminder of how hard the digital age makes it to keep private information – even cryptocurrency private keys – safe.

Unveiled Wednesday, the widespread hardware vulnerabilities simultaneously impact Intel, ARM and AMD computer chips, which power the vast majority of the…

Oracle pulls plug on Java browser plugin

“Come September 2016, the perennial threat vector otherwise known as the Java plugin will be deprecated and well on its way to being dead, decreased, and thankfully, an ex-plugin,” Chris Duckett reports for ZDNet.

“Oracle has announced that the days of the Java browser plugin are numbered, with its deprecation set for the upcoming Java Development Kit 9 release and its removal slated…

Analysis of Black Friday Data Reveals Shift in Attack Vectors

 Akamai can see and analyze enormous amounts of attack data during events such as Black Friday. This year they tracked requests coming into dozens of online retailers over 24 hour periods for each of the 5 Fridays leading up to Black Friday. During that period we analyzed 4.2 billion HTTP requests directed at dynamic application pages (not including requests for media files, JavaScript or other…