DEV Community: Darshan Sahadev Gawade

Top 10 Common Types of Cyber Security Attacks

Darshan Sahadev Gawade — Fri, 24 Sep 2021 13:33:31 +0000

1. Malware

Malware (short for “malicious software”) is a file or code, typically delivered over a network, that infects, explores, steals or conducts virtually any behavior an attacker wants. And because malware comes in so many variants, there are numerous methods to infect computer systems.

Types of Malware:

Botnets – Short for “robot network,” these are networks of infected computers under the control of single attacking parties using command-and-control servers.
Ransomware – Is a criminal business model that uses malicious software to hold valuable files, data or information for ransom. Spyware – Malware that collects information about the usage of the infected computer and communicates it back to the attacker.
Trojans – Malware disguised in what appears to be legitimate software. Once activated, malware Trojans will conduct whatever action they have been programmed to carry out.
Virus – Programs that copy themselves throughout a computer or network.
Worm – Self-replicating viruses that exploit security vulnerabilities to automatically spread themselves across computers and networks.

2. Phishing

Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. It is usually done through email. The goal is to steal sensitive data like credit card and login information, or to install malware on the victim’s machine.

Types of Phishing:

Deceptive phishing - In this case, an attacker attempts to obtain confidential information from the victims. Attackers use the information to steal money or to launch other attacks.
Spear phishing - Spear phishing targets specific individuals instead of a wide group of people. Attackers often research their victims on social media and other sites.
Whaling - When attackers go after a “big fish” like a CEO, it’s called whaling. These attackers often spend considerable time profiling the target to find the opportune moment and means of stealing login credentials.
Pharming - Similar to phishing, pharming sends users to a fraudulent website that appears to be legitimate. However, in this case, victims do not even have to click a malicious link to be taken to the bogus site

3. Man-in-the-Middle (MitM) Attacks

A man-in-the-middle (MitM) attack is when an attacker intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two. Attackers might use MitM attacks to steal login credentials or personal information, spy on the victim, or sabotage communications or corrupt data.

4. Denial-of-Service (DOS) Attack

A denial-of-service (DoS) attack is a security threat that occurs when an attacker makes it impossible for legitimate users to access computer systems, network, services or other information technology (IT) resources. Attackers in these types of attacks typically flood web servers, systems or networks with traffic that overwhelms the victim's resources and makes it difficult or impossible for anyone else to access them.

Types of DoS attacks:

Application layer - These attacks generate fake traffic to internet application servers, especially domain name system (DNS) servers or Hypertext Transfer Protocol (HTTP) servers. Buffer overflow - This type of attack is one that sends more traffic to a network resource than it was designed to handle.
SYN flood - This attack abuses the TCP handshake protocol by which a client establishes a TCP connection with a server.
Volumetric - These DoS attacks use all the bandwidth available to reach network resources. To do this, attackers must direct a high volume of network traffic at the victim's systems

5. SQL Injections

An SQL injection attack consists of an insertion or injection of a SQL query via the input data from the client to the application. SQL commands are injected into data-plane input that affect the execution of predefined SQL commands. A successful SQL injection exploit can read sensitive data from the database, modify database data (viz., insert, update, or delete), execute administrative operations on the database, recover the content of a file present in the database management system, and even issue commands to the operating system in some instances.

6. Zero-day Exploit

A zero-day vulnerability, at its core, is a flaw. It is an unknown exploit in the wild that exposes a vulnerability in software or hardware and can create complicated problems well before anyone realizes something is wrong. In fact, a zero-day exploit leaves NO opportunity for detection at first.
A zero-day attack happens once that flaw, or software/hardware vulnerability, is exploited and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability—hence “zero-day.”

7. Password Attack

A password attack refers to any of the various methods used to maliciously authenticate into password-protected accounts. These attacks are typically facilitated through the use of software that expedites cracking or guessing passwords.

Types of Password Attacks:

Brute Force Attack - In a brute force attack, a hacker uses a computer program to login to a user’s account with all possible password combinations.
Dictionary Attack - A dictionary attack allows hackers to employ a program that cycles through common words. A brute force attack goes letter by letter, whereas a dictionary attack only tries possibilities most likely to succeed.
Rainbow Table Attack - A rainbow table attack is a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in a database system. A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database.
Credential Stuffing - Credential stuffing is a cyberattack method in which attackers use lists of compromised user credentials to breach into a system.

8. Cross-site Scripting

Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. The actual attack occurs when the victim visits the web page or web application that executes the malicious code. The web page or web application becomes a vehicle to deliver the malicious script to the user’s browser. Vulnerable vehicles that are commonly used for Cross-site Scripting attacks are forums, message boards, and web pages that allow comments.

9. Rootkits

A rootkit is software used by cybercriminals to gain control over a target computer or network. Rootkits can sometimes appear as a single piece of software but are often made up of a collection of tools that allow hackers administrator-level control over the target device.

Types of Rootkits:

Hardware or firmware rootkit - This type of malware could infect your computer’s hard drive or its system BIOS, the software that is installed on a small memory chip in your computer’s motherboard.
Memory rootkit - This type of rootkit hides in your computer’s RAM, or Random Access Memory. These rootkits will carry out harmful activities in the background.
Application rootkit - Application rootkits replace standard files in your computer with rootkit files. They might also change the way standard applications work. These rootkits might infect programs such as Word, Paint, or Notepad.
Kernel mode rootkits - These rootkits target the core of your computer’s operating system. Cybercriminals can use these to change how your operating system functions. They just need to add their own code to it.

10. Internet of Things (IoT) Attacks

IoT attacks happen when bad actors try to compromise the security of an Internet of Things (IoT) device or network. When devices are compromised, attackers can steal or manipulate sensitive data, join IoT devices to a botnet, or take control of a system.

There are billions of IoT devices in the world, which all collect loads of data in real-time. These data, if intercepted, could supply an attacker with information about the environment in which the devices operate, about the user’s interaction with the devices, and even information about the user. Login credentials, health data, location data, and other sensitive personal data can be used for nefarious purposes by bad actors, and all of it could be obtained through IoT attacks.

Ransomware Attacks

Darshan Sahadev Gawade — Wed, 04 Nov 2020 09:24:45 +0000

What is ransomware attack?

Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again. This class of malware is a criminal moneymaking scheme that can be installed through deceptive links in an email message, instant message or website. It has the ability to lock a computer screen or encrypt important, predetermined files with a password.

Types of ransomware attack

1.Scareware

Scareware, as it turns out, is not that scary. You might receive a pop-up message claiming that malware was discovered and the only way to get rid of it is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe.

A legitimate cybersecurity software program would not solicit customers in this way. If you don’t already have this company’s software on your computer, then they would not be monitoring you for ransomware infection. If you do have security software, you wouldn’t need to pay to have the infection removed—you’ve already paid for the software to do that very job.

2.Screen Locker

Screen locker ransomware is a form of malware that restricts login or file access while demanding payment to lift the restriction. It’s typically deployed at the operating system (OS) level, meaning you won’t be able to use an infected computer or device. When attempting to log in or power up the computer or device, screen locker ransomware will display a pop-up demanding payment.

With screen locker ransomware, you won’t be able to use the infected computer or device. It will serve a pop-up message whenever you attempt to log in to the OS. And unlike legitimate pop-ups, you won’t be able to close it.

3.Encrypting ransomware

This is the most common attack. These are the guys who snatch up your files and encrypt them, demanding payment in order to decrypt and redeliver. The reason why this type of ransomware is so dangerous is because once cybercriminals get ahold of your files, no security software or system restore can return them to you. Unless you pay the ransom—for the most part, they’re gone. And even if you do pay up, there’s no guarantee the cybercriminals will give you those files back.

How ransomware attack works?

There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishing spam — attachments that come to the victim in an email, masquerading as a file they should trust. Once they're downloaded and opened, they can take over the victim's computer, especially if they have built-in social engineering tools that trick users into allowing administrative access.

There are several things the malware might do once it’s taken over the victim's computer, but by far the most common action is to encrypt some or all of the user's files. But the most important thing to know is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now are now inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker.

In some forms of malware, the attacker might claim to be a law enforcement agency shutting down the victim's computer due to the presence of pornography or pirated software on it, and demanding the payment of a fine perhaps to make victims less likely to report the attack to authorities. But most attacks don't bother with this pretense. There is also a variation, called leakware or doxware, in which the attacker threatens to publicize sensitive data on the victim's hard drive unless a ransom is paid. But because finding and extracting such information is a very tricky proposition for attackers, encryption ransomware is by far the most common type.

How to prevent ransomware attack?

1. Backup Your Systems locally and in The Cloud

The first step to take is to always backup your system. Locally, and offsite.
This is essential. First, it will keep your information backed up in a safe area that hackers cannot easily access. Secondly, it will make it easier for you to wipe your old system and repair it with backup files in case of an attack.
Failure to back up your system can cause irreparable damage.
Use a cloud backup solution to protect your data. By protecting your data in the cloud, you keep it safe from infection by ransomware.

2. Segment Network Access

Limit the data an attacker can access with network segmentation security. With dynamic control access, you help ensure that your entire network security is not compromised in a single attack. Segregate your network into distinct zones, each requiring different credentials.

3. Early Threat Detection Systems

You can install ransomware protection software that will help identify potential attacks. Early unified threat management programs can find intrusions as they happen and prevent them. These programs often offer gateway antivirus software as well.
Use a traditional firewall that will block unauthorized access to your computer or network.

4. Install Anti Malware / Ransomware Software

The security software should consist of antivirus, anti-malware, and anti-ransomware protection. It is also crucial to regularly update your virus definitions.

5. Run Frequent Scheduled Security Scans

All the security software on your system does no good if you aren’t running scans on your computers and mobile devices regularly.
These scans are your second layer of defense in the security software. They detect threats that your real-time checker may not be able to find.

SQL Injection

Darshan Sahadev Gawade — Sun, 04 Oct 2020 14:13:50 +0000

What is SQL Injection ?

SQL injection is one of the most used and most common web based attack. For SQL injection to work , one require a web application that uses a database.

Consider a example, where a web application using a database , this web application might be taken input from the user storing the information onto the database or it may fetching any data from the database and displaying data to the user.In this process a database query is created which is sent to the database and this query get executed on the database and hence any related data is displayed on user side.

In SQL injection, user manipulate this query sent this malicious query to batabase , it execute there and relevant result are displayed.

SQL Injection is a code injection technique used to execute malicious SQL statements.

A successful SQL injection attack is capable of:

Modifying, altering or deleting data from the database
Reading and extracting sensitive and confidential data from the database
Retrieving the content of a specific file present on the database management system (DBMS)

Types of SQL injection attack

1.In-band SQLi (Classic SQLi)
In-band SQL Injection is the classic SQLi technique and is the most common and easy-to-exploit of SQL Injection attacks.This type of attack takes place when an attacker is able to use the same communication channel to both launch the attack and gather results from it.

The types of in-band SQL Injection are Error-based SQLi and Union-based SQLi.

Error-based SQLi
Error-based SQLi is an in-band SQL Injection technique that relies on error messages thrown by the database server to obtain information about the structure of the database. In some cases, error-based SQL injection alone is enough for an attacker to enumerate an entire database.
Union-based SQLi
Union-based SQLi is an in-band SQL injection technique that leverages the UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response.

2.Inferential SQLi (Blind SQLi)
Inferential SQL Injection, may take longer for an attacker to exploit. It is the most dangerous form of SQL Injection. In an inferential SQLi attack, no data is actually transferred via the web application but the attacker is able to reconstruct the database structure by sending payloads, observing the web application’s response and the resulting behavior of the database server.

The types of inferential SQL Injection are Blind-boolean-based SQLi and Blind-time-based SQLi.

Boolean-based Blind SQLi
Boolean-based SQL Injection is an inferential SQL Injection technique that depends on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.
Time-based Blind SQLi
Time-based SQL Injection is an inferential SQL Injection technique that depends on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE.

3.Out-of-band SQLi
Out-of-band SQL Injection occurs when an attacker is not able to use the same channel to launch the attack and gather results from it i.e when two different channel is used.

How SQL injection works ?

In most of the web application ,first page is login page where user has to input their credentials to open it.

SQL query can be written is
select * from database_table
where username=' ' and password=' '

Malicious query is
select * from database_table
where username=''OR 1=1--' and password=' '

In SQL injection 'OR' logic is use. User don't have control over sql query and but have control over input . In above example OR 1=1-- is always return true, first inverted comma ['] is used to close the string parameter, 1=1 is always true and -- is used to comment the remaining sql query
Thus the entire query becomes true and it get executed.

How to use SQL injection ?

GET Method :
In GET method data is sent to database through the url of the request due to which it is visible in the url.

  Example : https://localhost/index.php?username=abc&password=pass123

In the url data can be easily seen , to apply sql injection we insert the above malicious string .

POST Method :
In POST method data which is being sent is not visible in the url.

  Example : https://localhost/index.php

In post method , to use sql injection enter the malicious string into the input box as shown above.

How to prevent SQL injection ?

In the database prepare and bind parameter is used.bind parameter holds malicious string as a single string

select * from database_table
where username=''OR 1=1--' and password=''OR 1=1--'

when bind parameter is used 'OR 1=1-- is considered as single string and this statement becomes false as inverted comma is not closing, thus string is logically incorrect.
Therefore bind parameter is used to prevent SQL injection . This is a one method of SQL injection.

Monoalphabetic Cipher

Darshan Sahadev Gawade — Sun, 04 Oct 2020 10:24:56 +0000

Monoalphabetic cipher is one where each character of a plain text is mapped to a fixed other character of cipher text. The relationship between a character in the plain text and the characters in the cipher text is one-to-one.

Example : if a plain text has a character ‘a’ and any key then if it convert into other character say ‘t’ so wherever there is ‘a’ character in plain text it will be mapped to character ‘t’ ,Therefore it is called as monoalphabetic cipher.

It is a simple type of substitution cipher. Monoalphabetic ciphers are not that stronger as compared to polyalphabetic cipher.

Types of monoalphabetic cipher are

Additive Cipher
Caesar Cipher
Multiplicative Cipher
Affine Cipher

Additive cipher

Additive cipher is the type of monoalphabetic substitution cipher, in which the each character of a plain text is mapped by some other character depending upon the value of key.

Example: If the plain text contain alphabet 'B' and the value of key is '4', then the alphabet 'B' will be replaced by the alphabet 'F' i.e the 4th alphabet after 'B' .

Mathematical Representation is

Encryption process :
C=( P + k) mod 26 where, 'P' is the character in plain text, 'K' is the key and 'C' is the required cipher

Decryption process :
P=( C - k) mod 26

Python program for Encryption and Decryption process :



# Encryption part
def encrypt(message, key):
    cipher = ""
    for i in message:
        if i.isupper():
            cipher += chr((ord(i) + key - 65) % 26 + 65)
        elif i.islower():
            cipher += chr((ord(i) + key - 97) % 26 + 97)
        else:
            cipher+=" "

    return cipher

message = input("Enter the message:")
key = input("Enter the key numeric value or any alphabet:")
if key.isupper():
    key = ord(key) - 65
elif key.islower():
    key = ord(key) - 97
else:
    key = int(key)
print("Cipher:", encrypt(message, key))

# Decryption part
def decrypt(cipher, key):
    message = ""
    for i in cipher:
        if i.isupper():
            message += chr((ord(i) - key - 65) % 26 + 65)
        elif i.islower():
            message += chr((ord(i) - key - 97) % 26 + 97)
        else:
            message+=" "
    return message


cipher = input("Enter the cipher:")
key = input("Enter the key numeric value or any alphabet:")
if key.isupper():
    key = ord(key) - 65
elif key.islower():
    key = ord(key) - 97
else:
    key = int(key)
print("Message", decrypt(cipher, key))

OUTPUT :
Enter the message:hello everyone
Enter the key numeric value or any alphabet:19
Cipher: axeeh xoxkrhgx
Enter the cipher:axeeh xoxkrhgx
Enter the key numeric value or any alphabet:19
Message: hello everyone

Caesar Cipher

Caesar cipher is the most simplest form of cipher, it is similar to additive cipher .In caesar cipher the value of key is always '3'.

Mathematical Expression is

Encryption process
C=(P + K) mod 26 where, 'P' is the character in plain text, 'K' is the key (k=3) and 'C' is the required cipher

Decryption process
P=(C - K) mod 26

Python program for Caesar Cipher



#Additive cipher is similar to caesar cipher ,in caesar cipher key is always '3'
# Encryption part
def encrypt(message, key):
    cipher = ""
    for i in message:
        if i.isupper():
            cipher += chr((ord(i) + key - 65) % 26 + 65)
        elif i.islower():
            cipher += chr((ord(i) + key - 97) % 26 + 97)
        else:
            cipher+=" "

    return cipher

message = input("Enter the message:")
print("Cipher:", encrypt(message, 3))

# Decryption part
def decrypt(cipher, key):
    message = ""
    for i in cipher:
        if i.isupper():
            message += chr((ord(i) - key - 65) % 26 + 65)
        elif i.islower():
            message += chr((ord(i) - key - 97) % 26 + 97)
        else:
            message+=" "
    return message

cipher = input("Enter the cipher:")
print("Message: ", decrypt(cipher, 3))

OUTPUT:
Enter the message:hello everyone
Cipher: khoor hyhubrqh
Enter the cipher:khoor hyhubrqh
Message: hello everyone

Multiplicative Cipher

In multiplicative cipher, character of a plain text is multiplied with the key and then modulus function is applied on it. It is a type of monoalphabetic substitution cipher hence it is not a stronger cipher.

Mathematical Expression

Encryption process
C=(P * K) mod 26 where, 'P' is the character in plain text, 'K' is the key and 'C' is the required cipher

Python program for Multiplicative Cipher



#Encryption
def check(c):
        if c.isupper():
                c=ord(c)-65
        elif c.islower():
                c=ord(c)-97
        else:
                c=int(c)
        return c

def encrypt(message,k):
        cipher=""
        for i in message:
                if i.isupper():
                        cipher+=chr(((ord(i)-65)*k)%26+65)
                elif i.islower():
                        cipher+=chr(((ord(i)-97)*k)%26+97)
                else:
                        cipher+=" "
        return cipher

message=input("Enter the message:")
k=input("Enter the keys, numeric value or any alphabet:")
k=check(k)

print("Cipher:",encrypt(message,k))

#Decryption part
def getCoeff(d):
        for i in range(1,26):
                j=int(1)
                eqn=int(1)
                while(eqn>=1):
                        eqn=26*i-d*j
                        if eqn==1:
                                return -j
                        j=j+1

def decrypt(cipher,k):
        message=""
        k=getCoeff(k)
        for i in cipher:
                if i.isupper():
                        message+=chr(((ord(i)-65)*k)%26+65)
                elif i.islower():
                        message+=chr(((ord(i)-97)*k)%26+97)
                else:
                        message+=" "
        return message

cipher=input("Enter the cipher:")
k=input("Enter the key, numeric value or any alphabet :")
k=check(k)

print("Message:",decrypt(cipher,k))

OUTPUT :
Enter the message:hello everyone
Enter the keys, numeric value or any alphabet:3
Cipher: vmhhq mlmzuqnm
Enter the cipher:vmhhq mlmzuqnm
Enter the key, numeric value or any alphabet :3
Message: hello everyone

Affine Cipher

Affine cipher is the stronger cipher among the additive and multiplicative cipher. Affine cipher consists of two keys as it a combination of additive and multiplicative cipher .

Mathematical Expression is

Encryption process
C=( P *k1 + k2) mod 26 where, P is the character in plain text, K1 is multiplicative key ,K2 is additive key ,C is the character in cipher.

Decryption process
P=( (C- k2 ) / k1 ) mod 26

Python program for Affine Cipher .



#Encryption
def check(c):
        if c.isupper():
                c=ord(c)-65
        elif c.islower():
                c=ord(c)-97
        else:
                c=int(c)
        return c

def encrypt(message,a,b):
        cipher=""
        for i in message:
                if i.isupper():
                        cipher+=chr(((ord(i)-65)*a+b)%26+65)
                elif i.islower():
                        cipher+=chr(((ord(i)-97)*a+b)%26+97)
                else:
                        cipher+=" "
        return cipher

message=input("Enter the message:")
#’a’ is multiplicative key
#’b’ is additive key
a,b=input("Enter the two keys, numeric value or any alphabet separated spaces:").split()
a=check(a)
b=check(b)

print("Cipher:",encrypt(message,a,b))

#Decryption part
def getCoeff(a):
        for i in range(1,26):
                j=int(1)
                eqn=int(1)
                while(eqn>=1):
                        eqn=26*i-a*j
                        if eqn==1:
                                return -j
                        j=j+1

def decrypt(cipher,a,b):
        message=""
        a=getCoeff(a)
        for i in cipher:
                if i.isupper():
                        message+=chr(((ord(i)-65-b)*a)%26+65)
                elif i.islower():
                        message+=chr(((ord(i)-97-b)*a)%26+97)
                else:
                        message+=" "
        return message

cipher=input("Enter the cipher:")
a,b=input("Enter the two keys, numeric value or any alphabet seperated by spaces:").split()
a=check(a)
b=check(b)

print("Message:",decrypt(cipher,a,b))

OUTPUT :
Enter the message: hello everyone
Enter the two keys, numeric value or any alphabet separated spaces:3 5
Cipher: armmv rqrezvsr
Enter the cipher: armmv rqrezvsr
Enter the two keys, numeric value or any alphabet seperated by spaces:3 5
Message: hello everyone