. . . . . 6. Watering hole attack and how it works Brute force attack and its type How brute force attack works and examples Common types of phishing atatck Eavesdrop attack and its type Eavesdrop methods and prevention techniques iTRODUCTIO! Computer Worm . High Bandwidth is consumed and servers are overloaded with the files that contains the worms and that causes harm to the network, It is also responsible for spreading and destroying the network, the codes written program is also destroyed by worm as it is inside systems. The entire network can be destroying by spam. The codes that are used for program is also called payloads. And this payload will have infected systems which are used to spread spams. Computer worms are replicable in nature hence there is no need of assistance, The infected system sends mail to through other system and these systems are infected by worms by opening those emails. When user open the mail, the worm is automatically gets download and it destroy the program. The gets into known condition only after the system is infected. Worms are responsible for modify or delete the files of the system in the network. Computer worms destroy the data stored in the system. All the Security features are exploited by the worms. The system setting is also change by some worms, Some examples of worms are Morris Worm, Storm Worm, SQL ‘Slammer and so on. 6.2 TYPES OF COMPUTER WORMS, Computer worms are categorized into following types on the basis of distributed systems Email Worms ‘The email box is worked as a client for worm. It has infected link or it contains some attachment in which the worm is present and after its open the worm gets download into the system. The contacts also Trojan and Other Attacks ulthal Hacking 112 search by this worm and infect system and sends links so that those systems are also destroyed. This types of worms may have double extensions like mp4 or video extensions so that the user believes it to be media extensions, This type of worm contains short link to open the mail it does not have a downloadable link. With this link is worm is downloaded, and either it deletes the data or modifies the same and the network is destroyed. A famous example is of ILOVEYOU email ‘worm which infected computers in 2000, Internet Worms In a technological era, everyone knows about Intermet and it is used as a medium to connect with the other machines for vulnerable search and affect them. If the system does not installed antivirus that systems are affected easily with these worms. The local area connection or the internet are used to spread the worm in the network. File-Sharing Network Worms In some cases, user downloads the files from some unknown sources like any link or device such type of files or devices may have the worms which locates a shared folder and destroys other files. The worms are replicated when another system downloads that worm contains file from the same network, And the same process is repeated for all the systems until it reaches to all files or folders in the network. These worms may have the extensions like media files or other hence users attract to download the same thinking that they are an extension of the files. A famous example of this type of worm is worm ‘Phatbot’ which infected computers in 2004 through sharing files. The personal information such as credit card details and destroyed through this ‘worms on an unprecedented scale, Instant Message and Chat Room Worms In this types of worms, the user gets an invitation through some link via email or contact it act like human and chat with the other machine via messages. Afier accepting the invitation and opens the message or link, the system is infected. This worms contains the downloadable attachments or link of any website, User can have easily destroy the worm by changing the security setting or changing the password or simply deleting the messages. IRC Worms The full form of IRC is Internet Relay Chat this was a messaging application that was a created unique trend once. This worms are responsible for destroying the contact list of IRC as this worms worked in the email and Instant, To destroy this worm’s user needs to the system and update the security settings and identify the same. Installation of best antivirus can be a solution to this worms also the application should be always update with its software.6.2.1 How to prevent malware attacks Strong cybersecurity techniques or setting is the best defence against the oms or malware attacks. As we contain personal hygiene in or day to day life like that only we have to maintain cyber hygiene in network also. Some of the following tips on should follow to prevent malware attacks. © Software should always update ‘Always use antivirus and antimalware software into the system and also install firewalls and security software. © User should always follow ethics of email © Maintain email security gateways © Be aware of fake links and attachments, © Do the setting of access control * Always do the multifactor authentication Monitor for abnormal or suspicious activity. 6.3 DIFFERENCE BETWEEN DOS AND DDOS ATTACK What Is the Difference Between DoS and DDoS Attacks? The main important difference between a DoS and a DDoS is that the former is a system-on-system attack, while it also involves many systems attacking a single system. There are other differences too based on involving their nature or detection, including: 1. _ Ease of detection/mitigation: DoS is a single located, hence it makes easy to detect its origin and sever the connection. This is the responsibility of proficient firewall. On the other hand, a DDoS attack are coming from multiple remote locations 2, Speed of attack: the speed of DoS attack id higher as compare to the DDos as it comes from multiple locations, and DoS is come from single location. Hence the difficulties findings are less in DoS. Traffic volume: traffic on DoS is very less as compare to DDoS attack because it is coming from multiple location so it sends large volume of data and traffic from multiple resources simultaneously. 4, Manner of execution: DoS attack typically uses a script or a tool to carry out the attack from a single machine where as a DDoS infects multiple systems at one time with malware (bots), creating a botnet managed by a command-and-control (C&C) server. In contrast, 5, Tracing of source(s): The use of a botnet in a DDoS attack means that tracing the actual origin is much more complicated than tracing the origin of a DoS attack Trojan and Other Attacks 13thal Hacking 14 6.3.1 Types of DoS and DDoS Attacks 1 Teardrop Attack Countless Intemet Protocol (IP) data fragments sends in a to a teardrop attack which is also a DoS attack. Hence the original packets are unable to recompile the fragments. For example, in this type of attack the attacker will break down the large packets in to the small multiple fragments and all fragments send to the targeted machine to reassemble. However, the attacker changes the sequence of the packets to confuse the targeted system, which is then unable to reassemble the fragments into the original packets. Flooding Attack A flooding attack is a DoS attack that’s believe in sending multiple connection requests to a server but not waiting for the response to complete the handshake. For example, in this type the attacker always sends multiple requests to connect as a client, to verify the request if server tries to communicate with the client, the attacker refuses to respond. This process is repeated for many times hence the server gets exhausted with countless pending request and among that request the server is not able to verify the genuine client and in result it becomes “busy” or even crashes. IP Fragmentation Attack Itis type of DoS attack which known as an IP fragmentation attack in which it delivers altered or modified network packets to the receiving network that cannot reassemble. In result the network becomes crashed with bulky unassembled packets, using up all its resources. Volumetric Attack Type of DDoS attack is a volumetric attack. It used to target bandwidth resources. An instance, the botnet is used are used to send k a high volume of request to a network, Protocol Atta This attack is a type of DDoS attack. In that it exploits weaknesses in 3rd and 4th Layers of OSI model. For example, in this attack the TCP connection is exploit by the attacker, he is sending requests but either not answering as expected or responding with another request using a spoofed source IP address. until the resources being available the unanswered requests use up the resources of the network. Application-based Attack It is DDoS type of attack which is known as an application-based attack. It argets 7th Layer of the OSI model. For example, the attacker sends partial Hypertext Transfer Protocol (HTTP) requests but doesnot complete them. HTTP headers are periodically sent for each request, resulting in the network resources becoming tied up. Up to the new connection made by sever the attacker continues the onslaught. The detection of this type of attack is very difficult as they sending corrupted partial packets, and it uses little to no bandwidth. 6.3.2 How to Improve DoS and DDoS Attack Protection: The following are Tips for DoS and DDoS protection: 1, Monitor your network continually: always try to monitor the usual traffic pattern so that moderate to critical stage is early detected and mitigated. 2. Run tests to simulate DoS attacks: The assessment of the risk, expose vulnerabilities, and train employees in cybersecurity is done here. 3. Create a protection plan: checklists, form a response team, define response parameters, and deploy protection circulate among the employees. 4, — Identify critical systems and normal traffic patterns: The early detection is made with the former help of planning protection, and later it helps in the early detection of threats. 5. Provision extra bandwidth: It may not stop the attack, but it will help the network deal with spikes in traffic and lessen the impact of any attack. 6.4 WATERING HOLE ATTACK A watering hole attack is a type of eyber-attack which is specifically design to the target a special group of users who are usually visited the websit and that website will infect by this or by luring t users to a malicious site. It is also known as strategic website compromise attack, in this attack the main aim is to infect the systems of the targeted users to gain unauthorized access to their organization's network. In case of spear phishing the user infected are less in count while in Watering hole attacks it seems to trap more victims at once than spear phishing does. This type of attack is done by creating the fake sites compromise legitimate applications and websites using difficult and zero- day exploits with no antivirus signatures, ensuring a high attack succe: rate, The most prominent highlight of watering hole attacks is the user will later know about the site compromise the early known is not at all present in the watering hole attack. Trojan and Other Attacks us