Question

Research the top five most prevalent forms of cyber-attack and provide an explanation for each. [100 marks]

Answer 1

The top five most prevalent forms of cyber-attack are:

1) Cross site scripting (XSS) attack.

2) Denial of service (DOS) attack.

3) Distributed denial of service (DDOS) attack.

4) SQL injections.

5) Cookies poisoning / Hijacking.

XSS attack

In this attack, Attacker try to inject a malicious script called client side script into web pages or server. A client side script is nothing but a java script and since a server is also a web application it is going to run that script and led in some modification at the server.

This attack can be used to by pass access control

Prevention: Install web application firewall which not allow any type of input with <script> or </script> tags.

DOS attack

A denial of service (DOS) attack is a malicious attempt to make a website or server unavailable to users. Some common DOS attacks are:

a) TCP-SYN flooding.

b) Ping Of Death.

Four pillars on which DOS attacks stands are:

1) Using insecure channel of internet.

2) Introducing huge traffic over a network.

3) Destroying the security defense of a victim.

4) Hiding the attacker's ID.

Prevention:

a) Installing firewalls and intrusion prevention system (IPS).

DDOS attack

In DDOS several systems are taken under control by attacker. These systems are called zombie systems or compromised systems. Now the main system through which attack is performed and these zombie send requests at the same time to create huge traffic and making the servers down. This attack is used now a days because identification of the main system is very difficult. The server on which attack is done is called primary victim while the zombie systems are called secondary victims. Systems becomes part of BOTNET.

Prevention:

a) Installing firewalls and intrusion prevention system (IPS). Intrusion prevention system basically analyse the request to check whether it should reach the server or not.

SQL Injections attack

In this attack, Attacker executes a query on the database of the server so as to get all the details of the users stored in that database.

Prevention:

a) Regular auditing of the system to find whether there is any query which is accessing the user credentials.

b) Installing firewall, intrusion prevention system (IPS).

Cookies poisoning / Hijacking

Cookies are basically small files storing a website details user authentication details like user id and password. These files can be accessed by both the user and the server. So if a attacker able to access the cookies on as small modification can authenticate / authorize himself on that website and can steal your information. The modification of cookie is basically called cookie poisoning and access it is hijacking.

Prevention:

a) Avoid signup on website you don't trust.

b) Clear cookies before closing browser.