PRACTICAL-2

Aim: Choose any 2 real-world examples of security attacks and identify

Types of security attacks:

Security attacks can be divided in to two sub part Active attack and Passive attack.

Active attack:
Active attacks are the type of attacks in which, the attacker efforts to change or modify the
content of messages. Active Attack is danger for Integrity as well as availability. Due to
active attack system is always damaged and System resources can be changed. The most
important thing is that, in active attack, Victim gets informed about the attack. The
example of active attacks is Masquerade, Modification of message, Denial of service etc.

Passive-attack:
Passive Attacks are the type of attacks in which, the attacker observes the content of
messages or copy the content of messages. Passive Attack is danger for Confidentiality.
Due to passive attack, there is no any harm to the system. The most important thing is that
in passive attack, Victim does not get informed about the attack. The example of passive
attacks is Traffic analysing, Foot printing, Spying, etc.
1) Malware

Malware can be described as any malicious software that is installed on your device after a
user may click on a dangerous link inadvertently or open an attachment. There are many
forms that malware can take, with some of the most common being Viruses and Trojans.

2) Ransomware Attacks

Ransomware specific type of malware that gains control of your system and blocks access to
your files. It can infect your computer from an email attachment or through a bad website.
Upon infection, a ‘ransom note’ pops up, offering to restore your system back to normal in
exchange for compensation. With ransomware, we always recommend to never pay the
ransom! Why? There is absolutely no guarantee that you’ll get your files back. You simply
cannot trust a criminal to adhere to their promises. Secondly, you’ll be putting a target on
your back. If you pay the ransom once, you’ll be flagged as a user who pays the ransom, and
the criminals will be back to take advantage of you again.

3) Man in the Middle Attacks

The man in the middle attack is where a cyber-criminal is intercepting your data or
information while it is being sent from one location to another (i.e. communications system to
a server).
This type of attack is very common with vulnerable Wi-Fi connections like at coffee shops,
hotels, and restaurants. While you’re out in public, always be wary of open Wi-Fi networks.
These can be set up as traps by cybercriminals to lure people into accessing websites with
sensitive information, all the while they are snooping on your activity.

4) Distributed Denial of Service (DDoS)

In this cyber-attack, the criminals are basically trying to overload the system you would have
in place, either it be a website, server, etc., with traffic. This will typically cause the system to
crash or shutdown, resulting in downtime.

These types of attacks typically do not result in stolen information. Most of the time, these
attacks are a form of bombardment from the cyber-criminal meant to shut your system down,
resulting in lost revenue from downtime and recovering your files.

5)Password Attacks

This can be described as any attack designed to steal a user’s passwords or credentials.

There are basic techniques that even non-hackers can use like manual guessing. This is
where a bad actor can guess your password based on the information they learn from your
social media. Or even basic shoulder surfing, where someone literally watches you as you
type in your password, or even if you have a sticky note of your password on your desk.

And there are more advanced techniques like a brute force attack. This is where a hacker has
a program that can guess literally millions of passwords at a time. That’s why we say that
having a weak password is like not having a password at all.

6)Drive-By Download Attacks

Drive-by attacks happen when you’re surfing the internet and enter a website that has
malware code on the page, and you inadvertently download the code. It is also one of the
most common ways of spreading malware. All the hacker has to do is to plant code on the
page.
A common example of this is when you’re on a website and an ad pops up that has nothing to
do with the site’s information. Most times, clicking the ad will result in malware being
downloaded onto your computer.

Unlike other cyber-attacks, a drive-by attack does not need you to do anything to enable the
attack on your computing device.

7)Password Attacks SQL Injection Attack:

A Structured Query Language (SQL) injection attack occurs on a database-driven website

8)Phishing

Phishing attacks are extremely common and involve sending mass amounts of fraudulent
emails to unsuspecting users, disguised as coming from a reliable source. The fraudulent
emails often have the appearance of being legitimate, but link the recipient to a malicious file
or script designed to grant attackers access to your device to control it or gather recon, install
malicious scripts/files, or to extract data such as user information, financial info, and more.

Phishing attacks can also take place via social networks and other online communities, via
direct messages from other users with a hidden intent. Phishers often leverage social
engineering and other public information sources to collect info about your work, interests,
and activities—giving attackers an edge in convincing you they’re not who they say.

Example of real world:

1)T-Mobile Hack: T-Mobile hack involved Exposed Router, Specialized Tools and Brute
Force Attacks. CEO of T-Mobile, said that while the company’s investigation into the
incident was “substantially complete,” he could not share too many technical details due to
the criminal investigation conducted by law enforcement.
A 21-year-old man named John Binns, a US citizen living in Turkey, has taken credit for the
attack, a claim that he demonstrated to the news outlet by sending messages from a Telegram
account that had been used to discuss details of the breach before it became widely known.

He claimed that the router provided an entry point to T-Mobile servers in a data centre near
East Wenatchee, Washington, from where he obtained credentials that gave him access to
more than 100 servers. Binns, who described T-Mobile’s security as “terrible,” claimed it
took him roughly a week to breach the servers storing customer data.

The T-Mobile breach came to light earlier this month, when someone offered to sell 100
million customer records on the dark web for roughly $280,000 in bitcoin. However, it’s
unclear if or how much of the data was acquired by others.

T-Mobile has confirmed that the breach impacts more than 54 million current, former and
prospective customers. Compromised data includes names, dates of birth, phone numbers,
addresses, SSNs, driver’s license information, IMEI and IMSI information, and account
PINs. The company highlighted on several occasions, including in Sievert’s statement on
Friday, that customer financial information has not been exposed.

Hence, the attack was done by passive attack technique and used exposed router specialised
tools and brute force technique.

2) Network breached via fake browser update in CAN

"Between March 5 and March 20, 2021, the threat actors conducted reconnaissance within
CNA's IT environment using legitimate tools and credentials to avoid detection and to
establish persistence," the legal notice filed with New Hampshire's Attorney General Office
reveals.

"On March 20 and into March 21, 2021, the Threat Actor disabled monitoring and security
tools; destroyed and disabled certain CNA back-ups; and deployed ransomware onto certain
systems within the environment, leading CNA to proactively disconnect systems globally as
an immediate containment measure."

Sources familiar with the attack told Bleeping Computer that the Phoenix Crypto
Locker encrypted more than 15,000 systems after deploying ransomware payloads on CNA's
network on March 21.
Bleeping Computer also learned that the ransomware operators encrypted remote workers'
devices logged into the company's VPN during the attack

"Prior to deploying the ransomware, the Threat Actor copied, compressed and staged
unstructured data obtained from file shares found on three CNA virtual servers; and used
MEGA sync, a legitimate tool, to copy some of that unstructured data from the CNA
environment directly into the threat actor's cloud-based account hosted by Mega NZ
Limited,"

Hence, in the attack of CNA the type of attack was ransom attack and done by making fake
update of software.

Conclusion:

Cyber security is a big part of our lives today. It is crucial to Protect our device from these
malicious activities of attackers. Active and passive attacks are challenging issues in any
organization or individual.