Security+ Objectives 1.2

1.2 Compare and contrast types of attacks.

Social Engineering — The practice of using social tactics to gain information. Social engineers attempt to gain information from people, or get people to do things they wouldn’t normally do.

• Phishing — The practice of sending email to users with the purpose of tricking them into revealing personal information or clicking on a link.
• Spear Phishing — A targeted for of phishing. Spear phishing attacks attempt to target specific groups of users, such as those within a specific organization or even a single user.
• Whaling — A form of spear phishing that attempts to target high-level executives. When successful, attackers gain confidential company information that they might not be able to get anywhere else.
• Vishing — Phone v ersion of email phishing. Uses automated messages to steal personal information.
• Tailgating — A social engineering attack where one person follows behind another person without using credentials. Mantraps help prevent tailgating.
• Mantrap — A physical security mechanism designed to control access to a secure area. A mantrap prevents tailgating.
• Impersonation — emails that attempt to impersonate a trusted individual or company in an attempt to gain access to corporate finances or data.
• Dumpster Diving — The practice of searching through trash looking to gain information from discarded documents. Shredding or burning papers helps prevent the success of dumpster diving.
• Shoulder Surfing — The practice of looking over someone’s shoulder to obtain information, such as on a computer screen. A screen filter places over a monitor helps reduce the success of shoulder surfing.
• Hoax — A message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist.
• Watering hole attack — An attack method that infects web sites that a group is likely to trust and visit.

Social Engineering Principles (Reasons for effectiveness)

• Authority
• Intimidation
• Consensus
• Scarcity
• Familiarity
• Trust
• Urgency

Application/ Service attack — An attack that works by exploiting a known bug in one of the applications running on a server

• DoS — Denial of Service. An attack meant to shut down a machine or network, making it inaccessible to its intended users. This is done by flooding the target with traffic, or sending it information that triggers a crash.
• DDoS — Distributed denial-of-service. An attack on a system launched from multiple sources intended to make a computer’s resources or services unavailable to users. DDoS attacks typically include sustained, abnormally high traffic.
• Man-in-the-middle — MITM — An attack using active interception or eavesdropping. It uses a third computer to capture traffic sent between two other systems.
• Buffer overflow — An error that occurs when an application receives more input, or different input, than it expects. It exposes system memory that is normally inaccessible.
• Injection — An attack that injects code or commands. Common injection attacks are Dynamic Link Library (DLL) injections, command injection, and SQL injection attacks.
• Cross-site scripting — XSS — A web application vulnerability. Attackers embed malicious HTML or JavaScript code into a web site’s code, which executes when a user visits the site.
• Cross-site request forgery — XSRF — A web application attack, XSRF attacks trick users into performing actions on web sites, such as making purchases, without their knowledge.
• Privilege escalation — The process of gaining elevated rights and permissions. Malware typically uses a variety of techniques to gain elevated privileges.
• ARP poisoning — Address Resolution Protocol Poisoning — An attack that misleads systems about the actual MAC address of a system
• Amplification — An attack that increases the amount of bandwidth sent to a victim.
• DNS poisoning — Domain Name System Poisoning — An attack that modifies or corrupts DNS results.
• Domain hijacking — An attack that changes the registration information of a domain name without permissions from the owner of the domain.
• Man-in-the-browser — An attack that injects vulnerable web browsers. It can allow the attacker to capture browser session data which can include keystrokes.
• Zero day attack — Attacks that take advantage of zero-day vulnerabilities.
• Zero-day vulnerabilities- A vulnerability or bug that is unknown to trusted sources but can be exploited by attackers.
• Replay — An attack where the data is captured and replayed. Attackers can modify the data before replaying it.
• Pass the hash — A password attack that captures and uses the hash of a password. It attempt to log on as the user with the hash and is often associated with the Microsoft NTLM (New Technology LAN Manager protocol.

Hijacking and related attacks

• Clickjacking — An attack that tricks users into clicking something other than what they think they’re clicking.
• Session hijacking — An attack that attempt to impersonate a user by capturing and using a session ID which is stored in cookies.
• URL Hijacking — The purchase of a domain name that is close to a legitimate domain name. Attackers often try to trick users who inadvertently use the wrong domain name. Also called type squatting.
• Typo Squatting — The purchase of a domain name that is close to a legitimate domain name. Often attackers trick users when they use the misspelled domain name.
• MAC Spoofing — An attack that changes the source MAC address
• IP Spoofing — An attack that changes the source IP address.

Driver Manipulation

• Shimming — A driver manipulation method. It uses additional code to modify the behavior of a driver.
• Refactoring — A driver manipulation method. Developers rewrite the code without changing the driver’s behavior.

Wireless Attacks

• Replay — An attack where the data is captured and replayed via a wireless connection. Often the data is altered before it is replayed.
• IV — Initialization Vector Attack — A wireless attack that attempts to discover the IV. Legacy wireless security protocols are susceptible to IV attacks
• Evil Twin — A type of rogue Access Point (AP). An evil twin has the same SSID (Service Set Identifier) as a legitimate AP.
• Rogue AP — An unauthorized access point. It can be placed by an attacker or an person who hasn’t obtained permission to do so.
• Jamming — A DoS (Denial of service) attack against wireless networks. It transmits noise on the same frequency used by a wireless network.
• WPS — Wi-Fi Protected Setup. A method that allows users to easily configure a wireless network, often by using only a PIN. WPS brute force attack can discover the PIN.
• Bluejacking — An attack against bluetooth devices. It is the practice of sending unsolicited messages to nearby Bluetooth devices.
• Bluesnarfing — An attack against Bluetooth devices. Attackers gain unauthorized access to Bluetooh devices and can access all the data on the device.
• RFID — Radio-Frequency Identification — Attacks against radio-frequency identification systems. Some common RFID attacks are eavesdropping, replay, and DoS.
• NFC — Near Field Communication — An attack againist mobile devices that use near field communication (NFC). NFC is a group of standards that allow mobile devices to communicate with nearby mobile devices.
• Disassociation — An attack that removes wireless clients from a wireless network.

Cryptographic attacks

• Birthday — a password attack named after the birthday paradox in probability theory. The paradox stats that for any random group of 23 people, there is a 50 percent chance that 2 of them have the same birthday.
• Known plain-text/ cipher text — A cryptographic attack that decrypts encrypted data. In this attack, the attacker know the plain-text used to create cipher-text
• Rainbow Tables — A file containing precomputed hashes for character combinations. Rainbow table can not be used if the hash is salted.
• Dictionary — A password attack that uses a file of words and character combinations. The attack tries every entry within the file when trying to guess a password.
• Brute Force — A password attack that attempts to guess a password.
• Brute Force Online — Brute force attacks that guess passwords of online systems
• Brute Force Offline — Brute force attacks that guess passwords contained in a file or database
• Collision — A hash collision occurs when two different passwords create the same hash.
• Downgrade — A type of attack that forces a system to downgrade its security. The attack then exploits the lesser security control.
• Weak implementations — An attack that targets the vulnerability of weak encryption.