Now let's look into internet and cyber attacks.
We're going to start off with phishing.
Hacker phishing around to
obtain resources and information by disguising as a trustworthy entity,
is what we call phishing.
Typically e-mail is used and
the information types that are hunted around are for user names,
passwords, credit card information, and money.
Phishing e-mails commonly contain
attachment files and web links that are infected with malware,
so you have to be very careful.
Spear phishing is one type.
Here, phishing to an individual or a company,
and it uses personal information of the
individual to increase the success probability.
In other words, with personal information about you,
it can fool you.
In addition, most common and successful types of security attacks are phishing,
where it accounts for over 90%,
and I'm sure throughout the process you may
have experienced this as I have several times.
The second type is clone phishing.
Here, legitimate, previously delivered e-mail,
is resent to the receiver,
containing an attachment file or a website link that is infected with malware.
It fools the receiver as if it is an update or a replied e-mail.
Then there is whaling.
This is a phishing attack made on a high-ranked executive of
the company to attack important business files using executive level access.
Because this is a big fish,
we call it whaling.
Link manipulation.
Here, phishing website link that is
infected with malware or connects to a hacker website.
It looks like a popular, legitimate, website link.
The hacker's web address is disguised under text or a tab that is not shown.
The next phishing type is filter evasion.
Here, phishing e-mails that use images instead of
text to avoid anti-phishing filters used in security systems.
The next type is website forgery.
Here, phishing website replaces the user address bar
or web site with the hacker's address bar or website.
The user is fooled into providing important login information,
password information, and account information to the hacker.
The next type is covert redirect.
In this type, this corrupts a website to have
a malicious login pop up
dialogue box that covertly redirects a login to the hacker's website.
So after login, you're giving up your important information,
in addition you're logging into a website that you're not supposed to.
Next is social engineering.
This provokes a user to click on a malicious link or a hacker's website.
In other words, it uses fake news to provoke a user.
Then once you are logged into a hacker website,
basically you are under the hacker's control.
The next type is phone phishing.
Here, a telephone call or
an SMS text message to trick people into giving up personal information,
is a way that the phishing attack is made.
Next we're going to study about DoS and DDoS attacks.
Here, DoS stands for denial of service and this is a very popular type of an attack.
This is a cyber attack that disables a device or a network by
making operational resources unavailable through overloading or malfunctioning.
The next one is a distributed DoS attack which is called a DDoS attack.
Here, the DoS attack is made by using
multiple distributed systems which are botnets or zombie computers,
or other types of computers that are contaminated with malware.
These DoS and DDoS attacks are
enabled by other types of technologies that are combined together,
and I'll explain some of them in the following descriptions.
This is overflow. As you can see,
buffer overflow which is also known as buffer overrun,
is used in DoS and DDoS attacks.
Anomaly program, which is a malware overruns
the buffer boundary and overwrites into adjacent memory locations.
Some of the possible defense schemes that you can have include;
randomizing the layout of your memory,
deliberately leaving space between buffers,
monitor actions that write into adjacent memory spaces.
Two representative types of buffer overflow are stack overflow and heap overflow.
Let's look into these.
Stack buffer overflow is created by
a manipulation of a local variable related to the vulnerable buffer on the stack.
Manipulate the return address in a stack frame,
manipulate the function pointer or exception
handler to create operation malfunction,
or to manipulate the stack frame's local pointer or local variable.
Then there's heat overflow.
This is used in dynamic memory allocation and
the heap is used for applications in runtime.
The heap overflow is a buffer overflow that occurs in the heap data area.
Protection methods to prevent heap overflow
include to separate the code and data to prevent execution of the payload.
In addition, randomize the heap location so
it is not located at a fixed offset position.
In addition, periodically check the condition of the heap.
All of these methods are commonly applied in
operating systems and apps that you have been using.
The next one is about man-in-the middle attack.
A man-in-the-middle attack secretly relays and
manipulates packets between communicating users and servers.
This results in an active eavesdropping and manipulation of the information.
Defense against man-in-the-middle attacks include
enhanced authentication using a certificate authority
based on verified certificates from a trusted third party.
In addition, latency examination based on tamper examination.
This means that if there's a man in the
middle that's taking operation and relaying,
then there should be some extra time delay process
due to the process of the man-in-the- middle,
and if you can detect that,
then maybe you can detect the man-in-the-middle.
In addition, HTTP public key pinning which is also known as certificate pinning,
is another way to do it.
Some extra details are the HHTP server first announces, pins up,
a list of public key hashes that can be used for message and data encryption.
Next is SQL Injection.
Now SQL stands for structured query language and it's pronounced as sequel.
What is it? This is used for RDBMS and RDSMS processing.
RDBMS is Relational Database Management System and
RDSMS stands for Relational Data Stream Management System.
These are database technologies.
SQL injection is a code injection technique
used to attack SQL databases and data driven applications.
Attacker finds security vulnerability in an application and
inserts SQL statements to spoof identity,
tamper with existing data,
voiding or changing transactions, changing account balances,
disclosure of data, destroy of data,
ransom data and applications.
In addition, hijack administrator role of the server or the application.
As you can see, each one of these are very serious.
These are the references that I used,
and I recommend them to you.