Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Phishing Now we look at the Social Engineering Malware type Phishing. This lesson explains in great depth what Phishing is, the various forms it has, how to detect a phishing event, and how effective this type of attack is. We'll break down and thoroughly discuss the Phishing, Spim, and similary phishing type attacks from what happens at the server level, to takes place on the client side and then discuss how phishing attacked can be mitigated. [toggle_content title="Transcript"] Another type of attack we're looking at now is something called, "The Phishing Attack". This is a social engineering attack, via email. A social engineering attack via email. Malicious persons will send an email with the aim of allowing their victims give out confidential information. Credentials, passwords and information like that. A social engineering attack via email, is what we call phishing attack. Next we have Spim. Spim is actually Spam over instant messaging. Usually on a social website or on a social site. Malicious persons will give unsolicited mails, unsolicited requests through instant messengers. That is Spim. Next we have Vishing. This is social engineering attack over telephone or VoIP. That is, Voice over Internet Protocol. The telephone or VoIP. The Malicious persons will call you to deceive you to confuse you. Make you carry out acts you're not usually would carry out. Then, we talk about Spear Phishing. In this type of attack a single person could be targeted or a group of people that have something in common. The malicious person will take out their time to seek out a group of people who have something in common. The attack is fashioned in such a way that these people will be willing to go online to release their credentials give out very personal information. Social security numbers, credit card numbers or information of that matter. That is spear phishing. We also have another type of attack we call the x-mas attack. This is a type of attack in which routers--the malicious persons will try to overwhelm your routers with packets on which every option of the selected protocol is set. Such packets require more processing than normal packets. This could cause routers and host to spend too much time processing these requests. Ultimately this could be a form of denial of service attack. That is the x-mas attack. Some other people would use x-mas attacks to determine the protocol settings by examining the responses to the packets to the target network. This way they can check how the packets are responded to. To know what infrastructure you have on your network. That is x-mas attack. Another type of attack we look at now is the pharming attack. In this attack malicious persons will seek to corrupt the host files on the systems. The systems have the host files which documents-- addresses to web servers or servers on the networks. By corrupting the address, the IPO addresses or the names on the host file, it is possible to redirect the traffic. The objective is to redirect the traffic. However the attack is carried out on the host file, to redirect the traffic. This attack is similar to what we call a DNS Poisoning. The DNS poisoning attack, malicious persons will attack the DNS tables. Change the addresses, the IP addresses on the DNS tables, to point traffic to other sites of interest to them. A user is sat at his computer, types in the URL of a website. However the DNS will resolve that name to different websites because the DNS addresses have been corrupted. Ultimately the traffic is redirected. So rather than you're arriving on the site, you're arriving on some fictitious site or a site of the choice to which the attacker has redirected the traffic. We also have ARP poisoning. In the ARP poisoning attack, the ARP cache is corrupted by malicious persons to redirect your traffic. Ultimately in these three types of attacks the objective is to redirect traffic. But, in the first one, the famine attack, we're attacking the host file, we're corrupting the DNS tables and we are corrupting the ARP cache. So, we attack the host files, corrupt the DNS tables, corrupt the APR cache. These three types of attacks would result in a traffic redirection on the internet. In this type of attack malicious persons will seek to use the flaws that exist within the software escalate their privilege to that of an administrative level. Usually when they attack systems it will be the system of a basic user. A basic user is limited to what they could do. By escalating the flaws, by exploiting the flaws that exist within the software, they're able to escalate their privilege attain a privilege of an administrator. Whereby they can now carry out whatsoever they wish to do on the system or on the network. That is privilege escalation. We also have another attack called the malicious insider thread. The malicious insider thread is a very nasty type of attack in that the people attacking you are already on the inside. Your staff, personnel, your customers, your client, your students. This is a very dangerous attack because you have trusted these people and yet they are now malicious. They have been trusted. They have access to the facility. They have access to the network. They have access to your database. They have access to your resources. Not always when we are attacked should we look outside. The attackers could already be amongst us. We refer to this as malicious insider threads. Another type of attack is something called a client side attack. On our networks we have machines with client operating systems. We have machines with network operating systems. Those are the servers. The clients' operating systems examples like Windows XP, Windows 7, Windows 8. When malicious people seek to use the flaws within the client operating systems, we say this is a client side attack. It registers to administrators where the attack is coming from. Malicious people will seek to attack networks usually through client side flaws. Flaws on the client operating systems. This is what we regard as a client side attack. Finally, for this section, we have the transitive access attack. This is the type of attack that takes advantage of the transitive access given, in order to steal or destroy data on systems. This type of attack exploits the trust relationships by attacking from the client side of a network. The transitive access that is given to access to resources on a network will be exploited to gain unauthorized access to resources on a network. Next, we look at some password attacks. We have several types of password attacks. We have the brute force attack, the dictionary attack, hybrid attack, birthday attack, rainbow tables. These are numerous type of password attacks. We start off with the brute force attack. In this type of attack, a malicious person, is sat at the system guessing character after character. One password after the other hoping to successfully gain the right password to get access to the network, or the system. That is a brute force attack. You are guessing one character after the other or one password after the other, try and miss, try and miss, sort of fashion. Another one is something called a dictionary attack. In this type of attack, a malicious person will gather information about the person. They could that about from a social website. They could do that about from observing an individual. You collect a dictionary of words, have this in a piece of software and you run it against the system. Hopefully seeking to obtain the right password from information about the person. We call this a dictionary attack. We also have hybrid attacks. Hybrid attacks are types of attacks against your passwords that involve one or two, or two or more types of attacks. A hybrid. Multiple attack methods are involved to crack a password. Then there is a birthday attack. These type of attacks exploit weaknesses in mathematical algorithms that are used to generate the hashes. The type of attack takes advantage of the probability of different inputs producing the same encryption output given a large set of input. Malicious persons will seek to randomly generate large inputs into systems hoping to come up with the appropriate password for an account. Then we have rainbow tables. A rainbow table attack. This is a precompiled set of plain text, matching cipher text usually malicious persons have obtained the cipher text from a system. They then try to key in different types of plain text hoping to achieve a cipher text that matches cipher text they capture from the system. This way we now can tell what the password was to generate the cipher text. Another type of attack is something we call Typosquatting or URL hijacking. Typosquatting or URL hijacking. This is a very tricky interesting type of attack. Malicious persons would register names, very similar to some organizational names. Such that when users make a mistake, you are typing out a name to a website you make a mistake. You unsearched a name, simply you miss one character or you put in the wrong character, you are redirected to another website. A website where malicious persons could then infect your systems or also capture your credentials or eavesdrop on your communications. You make a typo while you are typing in the address. Rather than get the error message you're actually led to a real website that has been paid for, created by malicious a person. Essentially your traffic is hijacked to another website. This is what we call typosquatting or URL hijacking. Finally for the 3.2 section we have the Watering Hole Attack. The watering hole attack is a type of attack in which the malicious persons will plant or place their Trojans or malicious software on websites that many people frequently visit. People frequently visit these websites for maybe downloads or drivers or software of that sort. Malicious persons will then plant this malicious software on such sites such that when you get there you probably download their malicious payloads. This is the site a lot of people want to go, hence the name the "Watering Hole". You want to go there to get your updates or you want to go there to get specific drivers. You want to go there to receive help for system information. Malicious persons then put their own malicious software on such sites to infect your systems or corrupt your systems when you arrive at such sites. That is the watering hole attack. Join us in our next video. Thank you. [/toggle_content]