Different types of attacks

Different types of attacks

Data has to be kept safe from unauthorised access as it may be sensitive or private information. Data can be accessed locally or online. Unauthorised attempts to access data are called attacks. They can come in different ways:

Screen Shot 2561-10-02 at 8.21.34 PM.png

Malware: Attacks come in the form of a software and is designed to 
steal, delete or corrupt a computer system and its data without 
user’s permission. The software can be downloaded accidentally 
from an email, USB RAM sticks or website. They include: 

-Viruses which are malicious programs that can self-replicate and 
spread by infecting other files or programs.

-Worms don’t delete or corrupt files but they replicate themselves 
until they fill a computer’s storage and cause a computer to run 
slowly or stop running.

-Trojan horse is a malicious program, disguised as other normal
 programs. When they run, they act like any other virus. 

-Spyware is designed to collect personal information and data. 
They observe user’s activity without them knowing.

Keywords:

An attack vector is a method malware can use (how code can access
system)
Payload is the part causing the malicious effect (can ask for bitcoins
or digital currencies)
Crypto mining is a type of malware that takes over a computer's 
resources and uses them for mining cryptocurrency.

Screen Shot 2561-10-02 at 8.22.06 PM.png

Phishing: Phishing attack usually comes in the form of an email but 
can also be through text messages or phone calls. They will ask user
for confirmation of personal data. It is designed to trick users 
into giving personal data and even take passwords and bank account 
details. The data is then used by criminals to steal money. They are 
usually too good to be true e.g. claiming that you’ve won an iPhone. 
They can send hyperlinks or attachments luring the user to click on 
it. 
Pharming: Pharming uses email to help capture data by tricking users 
into visiting a fake website. Once user enters personal data, the 
data is passed to criminals. Pharming can happen when malware 
translate sites into different IP addresses. They can change the 
host file or by exploiting the DNS server.
DOS (denial of service): Attacks are designed to prevent access to 
data. Websites and networks can be accessed through servers, when a
user wants to access data on the server, it sends a request for the
data to be transferred. The server will acknowledge request but the 
server can only handle a request at one time so they are placed in a
queue. DOS attacks try to prevent access to a server by sending it 
many requests that it can’t handle. There may be distributed DOS 
where two or more computers attack a server at the same time. 

DOS attacks try to shut down a machine or network and the victims of 
this are usually banks or other high-profile organisations. They 
cause the victim a great deal of time and money. 
Screen Shot 2561-10-03 at 8.37.24 AM.pngPassword attacks: An attempt to obtain or decrypt a user’s password 
for illegal use. Hackers can use cracking programs, password sniffers
 or dictionary attacks. There are 3 types of password attacks:

-brute force attack where a hacker uses a computer program or script 
to log in with possible password combinations.

-Dictionary attack uses a program or script to log in by cycling 
through different combinations of common words

-Key logger attack where the hacker uses a program to track all of 
user’s keystrokes. So everything the user has entered will have been 
recorded. It doesn’t need a strong password to provide much protection.