By: Nihad Hassan
March 15, 2021
Top 3 Common Network Attack Types
By: Nihad Hassan
March 15, 2021
A cyberattack is a term used to describe any attack against a computerized system, networks, or personal computing devices. A cyberattack aims to gain unauthorized access to, shut down, or damage sensitive resources and computing systems.
As the digital transformation moves at a steady pace, organizations' dependence on technology will increase. Most data are now stored digitally in so-called data centers and accessed via computer networks. Without a network, users can not reach data stored in a central location. However, computer networks are not only used for data sharing. For instance, the following are benefits of computer networks:
- Collaboration and communication with other users.
- Share programs and printing service across the network.
- Enhance data protection by storing an organization sensitive files and backup in one location.
- Allow remote access to stored data and digital work environment, and this function becomes very important for remote workforce during the ongoing COVID19 pandemic.
Cyberattacks are increasing and becoming more sophisticated every day. According to Cybersecurity Ventures1, cybercrime damages will reach $6 Trillion by 2021. Security experts predict the trending cyber threats in 2021 will be impacted by the COVID19 crisis and become focused on attacking remote employees' endpoints devices and expecting a spike in spear-phishing and other social engineering attacks.
This article will talk about the three most common types of cyberattacks that target computer networks.
First: Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
A DoS attack overwhelms target system resources (e.g., a server or network resources) with false traffic intending to shut down the target device or network to prevent it from responding to legitimate traffic. DoS attacks are commonly launched against high-profile entities' websites such as banks, online merchants, government agencies, money transfer companies, and even gaming websites. Although most DoS attacks do not lead-or executed with the aim- of data theft, the disruption caused by such attacks will cease target organization work operations, which can sometimes result in a substantial loss of revenue.
DoS attack can be executed using two methods:
- The most common type works by flooding target resources with false traffic and requests. This attack is executed using three techniques: Buffer overflow attacks, ICMP flood, and SYN flood.
- The second type works by exploiting a vulnerability in the target server or resources, causing them to crash.
Another variant of the DoS attack is the Distributed Denial of Service Attack (DDoS) attack. This one uses a large number of computing devices to execute an attack against a single target. The DDoS attack is commonly performed by using botnets. A botnet (see Figure 1) is a compromised device infected with malware controlled by a botmaster. The botmaster instructs botnets devices to send traffic simultaneously to the target system to make it unresponsive and cause a DoS condition.
DDoS is more dangerous than DoS because of the large number of devices participating in the attack. Knowing who is behind a DDoS attack is also very difficult. For instance, the army of infected devices used to launch the DDoS is spread worldwide, and most compromised device owners do not know that their devices were a part of the DDoS attack.
Cisco predicats the number of DDoS attacks will increase to reach something over 15 million by 2023.
Second: Reconnaissance Attacks
Reconnaissance attacks, also known as information gathering, are concerned with collecting intelligence about the target system or network before launching the actual attack. Reconnaissance can be either passive or active. With active reconnaissance, the adversary interacts directly with the target (e.g., port scanning). Passive reconnaissance involves collecting publicly available information from public free sources without interacting directly with the target. Open Source Intelligence (OSINT) is mainly utilized to collect information about the target online passively.
We also have physical reconnaissance, which is used to gain useful intelligence about physical security controls implemented in the target organization (e.g., security controls implemented in the server room), potentially compromising the target network.
A reconnaissance attack aims to gather as much information as possible about the target organization's IT systems and networks, organization structure, third-party providers (e.g., VPN and MSP providers), and business partners. We can differentiate between two types of information gathered during this attack: 1) human information related to target organization employees and the people they interact with, and 2) technical information about the target organization. Human intelligence can be gathered by inspecting social media sites and checking target entity public posts everywhere online. Gathering technical information about the target is commonly known as footprinting. Footprinting is used to reveal technical details like DNS, IP address ranges of the target, hosting provider, content management system used, email service provider name, and the technologies used within the target's IT infrastructures, such as security solutions, firewalls, and IDS systems.
A plethora of tools, online services, and search techniques are utilized during the reconnaissance attack. OSINT.link website categorizes hundreds of free tools and online search services that can be used to gather intelligence from online public sources (see Figure 2).
Third: Access Attacks
Access attacks can be broadly categorized into two types: Logical and Physical access attacks.
In a logical access attack, adversaries try to steal users' credentials to gain unauthorized access to the account and, consequently, the network. Brute-force and Man-in-the-Middle attacks fall under the logical attack category.
In a Physical attack, the intruder tries to gain direct access to a target computing device. Gaining such access is dangerous. The malicious actor can copy sensitive data from the target device to his/her USB device or install malware into the target system to compromise and infect the entire network.
Some social engineering attacks are used to gain sensitive information about the target. For example, dumpster diving is useful in locating important information left undestroyed and in the garbage, such as user lists and security access codes registered on non-shredded written papers.
Attacks against computer networks are a daily event. Implementing a good defense strategy requires understanding attackers' most common ways to gain unauthorized access to critical infrastructures and sensitive data. This article sheds light on the top three attack types that threat actors use to infiltrate computer networks.