16February2020

Andaman Chronicle

The Daily Diary of the Islands

Features

Common Security Attacks - Cyber, Mobile, ATMs, Wifi, IOT

 

- Niteen Lall

Juice jacking (Mobile attack)

Juice Jacking – a type of cyber attack which originates from USB charging port installed at public places such as airports, cafes, bus stands, etc. Once the device is plugged-in and connection is established, it either installs malware or secretively copies sensitive data from a smartphone, tablet, or any other computer device. USB port is often used as a medium for data transfer. A regular USB connector has five pins, where only one is needed to charge the device. Two of the other pins are used for data transfers.

Mobile Spoofing Attack (Fake wifi)

Network spoofing is when hackers set up fake access points (connections that look like Wi-Fi networks but are actually traps) in high-traffic public locations such as coffee shops, libraries and airports

SIM hijacking

By getting a mobile phone carrier to transfer a user's phone number to a fraudster's SIM card. Critical information such as OTP used in Multifactor Authentication can be used to initiate fake transactions and Account transfers.

Spyware

In many cases, it’s not malware that users should be worried about, but rather spyware installed by spouses, coworkers or employers to keep track of their whereabouts and use patterns. They have capability to collect your private data,location etc.

Exploiting links in Apps

Fraudsters take advantage of the ‘request money’ option on UPI apps such as Bharat Interface for Money (BHIM), Google Pay, PhonePe, etc. Imposters show interest in buying a product advertised on various online platforms and engage with the seller on a phone call.

Terminal Tampering (Skimming)

This is a type of fraud where a skimming device, usually a tandem of a card reader (skimmer) and keypad overlay or pinhole camera, is introduced to the machine by placing it over the card slot and keypad, respectively. ATMs, point of sale etc are the common vulnerable hot spots.s

Brute force Password attack

An attack that takes advantage of the fact people tend to use common words and short passwords. The hacker uses a list of common words, the dictionary, and tries them, often with numbers before and/or after the words.Using a program to generate likely passwords or even random character sets. These attacks start with commonly used, weak passwords like Password123 and move on from there. The programs running these attacks usually try variations on upper and lowercase characters, as well.

Man-in-the-middle (MitM) attack

Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.

 - Session Hijacking - In this type of MitM attack, an attacker hijacks a session between a trusted client and network server.

 - IP spoofing is used by an attacker to convince a system that it is communicating with a known, trusted entity and provide the attacker with access to the system

Phishing attacks

Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment. Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers

Drive by Download

Drive-by download attacks are a common method of spreading malware. Hackers look for insecure websites and plant a malicious script into HTTP or PHP code on one of the pages. This script might install malware directly onto the computer of someone who visits the site, or it might re-direct the victim to a site controlled by the hackers.

Key logger attack

A cyber criminal manages to install software that tracks the user’s keystrokes, enabling the criminal to gather not only the username and password for an account but exactly which website or app the user was logging into with the credentials. This type of attack generally relies on the user first falling prey to another attack that installs the malicious key logger software on their machine.

Internet of Things (IoT) Attacks

Privilege escalation: Attackers are exploiting IoT device bugs, design flaws and operating-system or software-application-configuration oversights to gain elevated access to resources that are normally protected from an application or user.

Eavesdropping: If a weakened connection between an IoT device and server is found, an attacker might be able to intercept network traffic and steal the possibly sensitive information that IoT devices transmit over enterprise networks.

Brute-force password attacks: Due to the weakness of most IoT device passwords, brute-force attacks can be effectively used to gain access to the device.

Malicious node injection: Using this method, attackers physically deploy malicious nodes in between legitimate nodes in an IoT network. The malicious nodes can then be used to control operations and snoop on the data flowing between linked nodes.

Firmware hijacking: If firmware updates downloaded by an IoT device are not checked to make sure they originate from a legitimate source, it’s possible for an attacker to hijack the device and download malicious software.

Physical tampering: Physical threats exist if devices are deployed in environments where it is difficult for the enterprise to control the device and the people who can access it

Denial of Service (DOS)

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users by flooding it with traffic. A DDoS attack is also an attack on system’s resources, but it is launched from a large number of other host machines that are infected by malicious software controlled by the attacker.

SQL Injections

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.

Cross-site scripting (XSS) attack

XSS attacks use third-party web resources to run scripts in the victim’s web browser or scriptable application. Specifically, the attacker injects a payload with malicious JavaScript into a website’s database. When the victim requests a page from the website, the website transmits the page, with the attacker’s payload as part of the HTML body, to the victim’s browser, which executes the malicious script.Steal cookies,log key strokes, capture screenshots, discover and collect network information, and remotely access and control the victim’s machine are common security threats due to XSS attack.

Trojans attack

A Trojan or a Trojan horse is a program that hides in a useful program and usually has a malicious function. A major difference between viruses and Trojans is that Trojans do not self-replicate. In addition to launching attacks on a system, a Trojan can establish a back door that can be exploited by attackers. For example, a Trojan can be programmed to open a high-numbered port so the hacker can use it to listen and then perform an attack.

Ransomware attack

Ransomware is a type of malware that blocks access to the victim’s data and threatens to publish or delete it unless a ransom is paid. While some simple computer ransomware can lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, which encrypts the victim’s files in a way that makes them nearly impossible to recover without the decryption key.

Advanced persistent threat (APT)

An advanced persistent threat (APT) is a broad term used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive data.

Botnets

Botnets are powerful networks of compromised machines that can be remotely controlled and used to launch attacks of massive scale, sometimes including millions of Zombie computers. Botnets are controlled by Command and Control (C&C) networks, which are run by the hackers. 

* Niteen Lall hails from Andaman & Nicobar Islands and is presently based in Bangalore. He had held the Second position in AISSCE in the year 1995.  He is presently working as Senior Manager Engineering (Head of Engineering for RSA IG&L) at RSA Security National Institute of Technology in Bangalore.

 

  • Written by Denis Giles
  • Hits: 313