2. 2
• Web-based attacks
• These are the attacks on a website or web application
• System-based attacks
• Attacks that are intended to compromise a computer or a
computer network
Types of cyber attacks
• Cyber attack is an illegal attempt to gain something or hacked
computer system
• These can be classified into :-
3. 3
o In this type of attacks, some data will be injected into a web applications to manipulate
the application and get required information.
o Ex: SQL Injection, Code Injection, Log Injection, XMIL Injection etc.,
o SQL injection (SQLi) is most common type of injection attack
o In SQLi, customized string will be passed to web application further manipulating query
interpreter and gaining access to unauthorized information
o SQLi can be prevented upto some extent by proper validation of data and by enforcing
least privilege principle
Web-based attacks
• Injection attacks
4. 4
A file inclusion vulnerability allows an attacker to access unauthorized or
sensitive file available on web server or to execute malicious file on the web
server by making use of the include functionality
It can be further classified into
◦ Local file inclusion
Including local files available on the server
◦ Remote file inclusion
Includes and executes malicious code on a remotely hosted file
.
• File inclusion attack
5. 5
• This can be done by editing javascript in a webpage such that it will be
executed in client browser
• It can be classified into
• Reflected XSS attack
• Stored XSS attack
• DOM-based XSS attack
.
• Cross-Site Scripting (XSS)
6. 6
◦ DNS spoofing ( or DNS cache poisoning )is a computer hacking
attack, whereby data is introduced into a Domain Name System
(DNS) resolver cache, causing the name server to return an
incorrect IP address, diverting traffic to the attackers computer (
or any other computer).
.
• DNS Spoofing
7. 7
◦ DoS attack is an attempt to make a server or network resource unavailable users
◦ This is generally done by flooding the server with communication requests
◦ DoS uses single system and single internet connections to attack a server
◦ Distributed Dos (DDoS) uses multiple system and internet connections to flood a
server with requests, making it harder to counteract
◦ DoS can be classified into:-
Volume based attacks
◦ Goal is to saturate the bandwidth of the attacked site, and is measured in bits per second
Protocal attacks
◦ Consumes actual server resources, and is measured in packets per second
Application layer attacks
◦ Goal of these attacks is to crash the web server, and is measured in requests per second
.
• Denial of Service (DoS)
8. 8
◦ It is a trial and error method
◦ Generates large number of guesses and validate them to obtain actual data (password
in general)
• Dictionary attack
• Contains a list of commonly used password and validate them to get original
password
• Brute force
9. 9
◦ Occurs when a program or process tries to store more data in a buffer (temporary data
storage area) than it was intended to hold
• Session hijacking
o Web application uses cookies to store state and details of user sessions
o By stealing the cookies, and attacker can have access to all of user data
.
• Buffer overflow
10. 10
◦ By changing certain parts of a URL, one can make a web server to deliver web pages
for which he is not authorized to browse
• Social engineering
o It is a non-technical method that relies heavily on human interaction and often
involves tricking people into breaking normal security procedures
.
• URL interpretation
11. 11
• Worm
◦ It works same as a computer virus
◦ But it can spread into other system in the network by exploiting the vulnerabilities
automatically
System-based attacks
• Virus
• A computer virus is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed
• It can also execute instruction that cause harm to system
12. 12
• Backdoors
• Backdoor is a method of bypassing normal authentication process
• The backdoor is written by the programmer who creates the code for the program
• It is often only known by the programmer
.
• Trojan horse
• It appears to be a normal application, but when opened/executed some malicious
code will run in bacckground
• These are generally spread by some form of social engineering
13. 13
.
Methods to assist in cyber attacks
• Spoofing
• In spoofing, one person successfully impersonates as another by falsifying the data
• Ex: IP spoofing, email spoofing etc.,
• Sniffing
• Sniffing a process of capturing and analyzing the traffic in a network
• Port scanning
• It is a method to probe a system for open ports
• Intruder can exploit the vulnerabilities of open ports