Shoulder surfing refers to looking over someone’s shoulder in order to obtain credentials like passwords, PINs, or credit card numbers. Dumpster diving means literally going through someone’s trash to find confidential personal information. Piggybacking and tailgating are ways to gain unauthorized physical access to restricted areas.
Other means of deception are sending fake invoices to get money or credentials, watering hole attacks in which popular websites are infected with malware, typo squatting by creating URLs that look very close to popular websites, prepending by removing email external site warnings, and concerted influence campaigns.
Organizations can defend against deception by teaching employees to never provide confidential information to unknown parties, to detect suspicious emails and resist clicking links, to avoid or terminate uninitiated or automatic downloads, and to resist pressure by unknown individuals.
• Cyber Attacks—Malware is software that can steal data, bypass access controls, or cause harm to or compromise a system. Viruses are a type of malware that replicates itself when executed. They can be harmless or destructive. Worms are programs that replicate independently across networks. Trojan horses are malware that masquerade as other software applications or are distributed with legitimate applications. Logic bombs are triggered to act by date and time or other system events. They can damage system hardware and software. Ransomware is a common attack that uses malicious software to encrypt a system hardware drive. Sometimes, but not always, paying a ransom will reverse the damage.
Denial of service (DoS) attacks are a type of network attack that affects the availability of resources. In one type of DoS attack, a network or application is overwhelmed with an enormous amount of data. This can make systems slow or crash. In another DoS attack, maliciously formatted packets are sent to disrupt system operation.
The Domain Name System (DNS) is essential to network operations. Attackers can damage the reputation of a domain by creating bogus similar domains or through false news. In domain spoofing, attackers exploit weaknesses in DNS to map legitimate domain names to the IP addresses of malicious websites. If attackers gain access to a target’s DNS registration information, they can hijack the domain name by changing the domain name-to-IP address mappings.
Two common types of Layer 2 attacks are spoofing and MAC flooding. MAC address spoofing occurs when an attacker disguises their device as a valid one on the network and can therefore bypass the authentication process. ARP spoofing sends spoofed ARP messages across a LAN to link an attacker’s MAC address to the IP address of an authorized device on the network. IP spoofing sends IP packets from a spoofed source address in order to disguise the packet origin. In MAC flooding, an attacker floods the network with fake MAC addresses, compromising the security of the network switch.
Man-in-the-middle (MitM), or on-path, attacks happen when a cybercriminal takes control of an intermediate device in the network, or puts their own device on a path to intercept user data. The attacker can steal information, manipulate data, or relay false information. A man-in-the-mobile (MitMo) attack is a variation of an MitM attack in which a mobile device is infected with malware that steals data from the device.
Zero-day attacks exploit software vulnerabilities before they become widely known to the public. A sophisticated and holistic view of the security infrastructure is required to defend against these attacks.
Keyboard loggers are types of malware that record every keystroke made on a computer. This can reveal confidential information and account credentials.
Several guidelines for defending against attacks are to configure firewalls to filter incoming packets that appear to have originated internally, ensure all software has the most recent updates and patches, distribute workloads between multiple server systems, and block ICMP packets at the network edge.
• Wireless and Mobile Device Attacks—Grayware is an unwanted application that behaves in an annoying or undesirable manner. SMiShing is the use of fake SMS messages to lure the user to visit a malicious website or call a fraudulent phone number.