Attack and threat terms

The following are the terms and definitions of different attacks or malevolent cyber threats:

  • Amplification attack: Magnifies the bandwidth sent to a victim. Often an attacker will use a legitimate service such as NTP, Steam, or DNS to reflect the attack upon a victim. NTP can amplify 556x and DNS amplification can escalate the bandwidth by 179x.
  • ARP spoof: A type of attack that sends a falsified ARP message resulting in linking the attacker's MAC address with the IP of a legitimate system.
  • Banner scans: A technique typically used to take inventory of systems on a network that can also be used by an attacker to gain information about a potential attack target by performing HTTP requests and inspecting the returned information of the OS and computer (for example, nc www.target.com 80).
  • Botnets: Internet-connected devices infected and compromised by malware working collectively by common control, mostly used in unison to generate massive DDoS attacks from multiple clients. Other attacks include email spamming and spyware. 
  • Brute force: A trial and error method to gain access to a system or bypass encryption.
  • Buffer overflow: Exploits a bug or defect in running software that simply overruns a buffer or memory block with more data than allocated. This overrun can write over other data in adjacent memory addresses. An attacker can lay malicious code in that area and force the instruction pointer to execute from there. Compiled languages such as C and C++ are particularly susceptible to buffer overflow attacks since they lack internal protection. Most overflow bugs are the result of poorly constructed software that does not check the bounds of input values.
  • C2: Command and control server that marshals commands to botnets.
  • Correlation power analysis attack: Allows one to discover secret encryption keys stored in a device through four steps. First, examine a target's dynamic power consumption and record it for each phase of the normal encryption process. Next, force the target to encrypt several plaintext objects and record their power usage. Next, attack small parts of the key (subkeys) by considering every possible combination and calculating the Pearson correlation coefficient between the modeled and actual power. Finally, put together the best subkey to obtain the full key.
  • Dictionary attack: A method of gaining entry to a network system by systematically entering words from a dictionary file containing the username and password pairs. 
  • Distributed Denial of Service (DDoS): An attack attempting to disrupt or make an online service unavailable by overwhelming it from multiple (distributed) sources. 
  • Fuzzing: A fuzzing attack consists of sending malformed or non-standard data to a device and observing how the device reacts. For example, if a device performs poorly or shows adverse effects, the fuzz attack may have exposed a weakness.
  • Man-in-the-Middle Attack (MITM): A common form of attack that places a device in the middle of a communication stream between two unsuspecting parties. The device listens, filters, and appropriates information from the transmitter and retransmits selected information to the receiver. A MITM may be in the loop acting as a repeater or can be sideband listening to the transmission without intercepting the data.
  • NOP sleds: A sequence of injected NOP assembly instructions used to "slide" a CPU's instruction pointer to the desired area of malicious code. Usually part of a buffer overflow attack.
  • Replay attack (also known as a playback attack): A network attack where data is maliciously repeated or replayed by the originator or an adversary who intercepts the data, stores the data, and transmits it at will. 
  • RCE exploit: Remote code execution that enables an attacker to execute arbitrary code. This usually comes in the form of a buffer overflow attack over HTTP or other network protocols that injects malware code.
  • Return-Oriented Programming (ROP Attack): This is a difficult security exploit an attacker may use to potentially subvert protections with non-executing memory or executing code from read-only memory. If an attacker gains control of a process stack through a buffer overflow or some other means, they may jump to legitimate and unchanged sequences of instructions already present. The attacker looks for sequences of instructions to call gadgets that can be pieced together to form a malevolent attack.
  • Return-to-libc: A type of attack that starts with a buffer overflow where the attacker injects jumps to libc or other popularly used libraries in the processes' memory space in an attempt to call system routines directly. Bypasses the protection offered by non-executable memory and guard bands. This is a specific form of ROP attack.
  • Rootkit: Typically malicious software (although often used to unlock smartphones) used to enable other software payloads to be undetectable. Rootkits use several targeted techniques such as buffer overflows to attack kernel services, hypervisors, and user mode programs.
  • Side Channel Attack: An attack used to gain information from a victim's system by observing the secondary effects of the physical system rather than find runtime exploits or zero-day exploits. Examples of side channel attacks include correlation power analysis, acoustic analysis, and reading data residue after it has been deleted from memory.
  • Spoofing: Malicious party or device impersonates another device or user on a network. 
  • SYN flood: Occurs when a host sends a TCP:SYN packet which a rogue agent will spoof and forge. This will cause the host to create half-open connections to many non-existent addresses causing the host to exhaust all resources.
  • Zero-Day exploits: Security defects or bugs in commercial or production software unknown to the designer or manufacturer.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.220.64.128