Common network based attacks (4)
- Eavesdropping
- Denial of Service attack (and DDoS)
- Port scanning
- Man in the Middle attack
What is an eavesdropping attack?
An eavesdropping attack, also known as network sniffing, occurs when a hacker captures network packets that workstations connected to your network send and receive.
Eavesdropping attacks can compromise your organization’s sensitive data, such as passwords, which can lead to other, more damaging attacks.
What is a denial of service (DoS) attack?
This is a type of attack that limits the function of a network app, or renders an app or network resource unavailable.
Hackers can initiate a DoS attack in several ways, and often are aware of vulnerabilities in the target app that they can exploit to render it unavailable. Hackers typically perform Dos attacks by overloading a service that replies to network requests, such as Domain Name System (DNS), with a large number of fake requests in an attempt to overload and shut down a service or the server that hosts the service. A distributed denial of service (DDoS) attack is a version of a DoS attack.
How can you tell if an email is legitimate?
- Hover over links to uncover the URL
- Check for poor grammar and spelling errors
- Look for company contact information and brand accuracy
What are some examples of cyberattacks?
- Malware
- Distributed Denial-of-Service (DDoS) attack
- Phishing
- SQL injection attacks
- Cross-site scripting (XSS)
- Botnets
- Ransomware
What’s is a Port scanning attack?
This is an attack where hackers exploit a network to query hosts for open ports on which they listen for client requests and use other attack techniques to access the services that are running on the computer.
What is a Man-in-the-middle (MITM) attack?
This is an attack where the attacker uses a computer to impersonate a legitimate host on the network with which your computers are communicating.
Notes:
The attacker intercepts all of the communications that are intended for a destination host. The attacker might wish to view the data in transit between the two hosts, but also can modify that data before forwarding the packets to the destination host.
What are some of the types of malware
- Viruses
- Worms
- Adware
- Trojans
- Spyware
What are some of the ways to help prevent cyberattacks?
- Investing in a reliable cybersecurity system.
- Hiring IT administrators that will keep a close watch on all networks within a business
- Using a Two-Factor or Multi-Factor Authentication system.
- Educate your employees through ongoing internal training on cyberattacks and cybersecurity, and what steps to take if a data breach was to occur.
- Hire a third-party security team to assist your internal IT department with monitoring business networks and systems.
How can a hacker get someone’s password?
- Data breaches
- Brute force
- Phishing
What is a strong password?
- Uses at least 12 characters. 14 or more is better.
- Uses a combination of upper and lowercase letters.
- Uses a combination of numbers and symbols.
- Does not use a word that can be found in a dictionary, or the name of a person, character, product, or organization.
- Is different from your other passwords.
- Does not include your name, a family member’s name, or a pet’s name. These are too easy to guess.
- Does not include phone numbers, birthdays, addresses, or Social Security numbers.
- Is not a popular password like “123456”, “qwerty”, “password”, “111111”, or “password123”
- Is updated regularly. Cybersecurity experts recommend creating a new password every three months.
Name the types of cyber security threats (MAPRIS)
- Malware
- Social Engineering Attacks
- Phishing
- Ransomware
- Insider Threats
- Advanced persistent threats
