Skip to content

Types of Attack

In this article we look at the types of attack that can take place.

Malware

Malware is an umbrella term defining any software that is harmful to computers. It's a very broad brush term that covers a wide range of threats, including viruses, spyware, and other exploits.

Generally, malware involves installing some software onto a computer; this may be initiated by the user (i.e. the user installs a compromised version of a legitimate program), or through some other exploit (for example, a worm virus that infects computers over the network).

Below we discuss the common ways security threats such as Malware occur.

Phishing and Social Engineering

Hackers are like Vampires, and are usually need to be invited into our systems.

Having a user install the malware for us is the most common attack vector. Techniques such as Phishing try to trick a user into installing the rogue program. Phishing is a form of social engineering where we try to convince the target we are a legitimate account, service or person, and install the Malware onto their system for us.

It is claimed that around 90% of malware installations are due to Phishing. Personally I take this to include a broad definition of phishing including setting up fake websites or app-stores in the hope of luring people into installing software, rather than the more targeted approach.

Web Based attacks

Are the second most common vector (after Phishing) for installing malware. Web based exploits can also be an attack vector outside of directly attacking websites.

For example, browser based attacks such as clickjacking (injecting software into a website that affects a browsers behaviour), and cryptojacking (installing bitcoin mining software on vulnerable computers that visit a website) are common. Additionally, malware can be installed though malicious browser plugins, or making use of vulnerabilities in the browser itself.

One recent example of malware installed via a browser plugin comes from the "web development toolbar". The toolbar is a very well respected extension, that allows you to examine, and test the functionality on web pages. The author of the toolbar was the victim of a Phishing attack, which compromised his email account, and a malicious version of the toolbar was released[^webDevHack].

Other web based vectors include Man In The Middle (MITM) attacks, where the network traffic is intercepted by a third party. This means that "secure" information you send to a site could be seen by a 3rd party. We will discuss methods of protecting against MITM, and eavesdropping in the cryptography section of the course.

Web Application Attacks

Previously we explored web application attacks, with the OWASP top 10. These attacks may not directly affect users of a website, but give the potential for information about users to be revealed though data breaches.

Web application attacks affect the operation of a website and can lead to exploitation or a data breach. Around 30% of data breaches involve vulnerabilities in web applications. Issues with Web applications that allow an attacker to compromise can involve:

  • SQL (Structured Query Language) injection. Rated the Number 1 threat by OWSAP (51%)
  • File Includes vulnerabilities (35%)
  • XSS (Cross Site Scripting). Places malicious code on the site itself. (9%)
  • Content Management Systems (CMS). Such as WordPress
  • Newly discovered vulnerability affected ~2million sites.

Each of these attacks can lead either to a data breach, where information such as user details is revealed, or a full compromise of the server, allowing the attacker to take control.

Another interesting trend in web application attacks is through Phishing. Compromised versions of software plugins have been used to gather information about a sites users. Two examples of organisations that have been exploited through the use of an insecure 3rd party plugin include: - British Airways - Ticketmaster

The Insider Threat

While not a direct threat for exploitation, the insider threat is still the 2nd most common cause of an incident within an organisation. This occurs when an employee uses their authorised access to harm the security of an organisation. While the majority of cases are unwilling (employees being Phished etc), there are still a number of cases when the employee maliciously exploits the systems.

Analysis shows that the majority of insiders tend to ignore security policies to speed productivity. For example they may: - Send files to personal accounts - Writing down passwords - Store data on media external to the organisation

Hardware issues

Security issues with hardware design have always been present, but came to prominence in 2018 with Spectre and Meltdown. These exploit the way the processor has been designed to allow an attacker to read parts of computer memory they should not have access to.

Hardware based issues can be difficult to fix retrospectively. If the flaw is with the physical design of the chip then there is little that can be done, and modifying the behaviour of the code running on the chip itself is difficult.

While not strictly a hardware on the hardware itself, a flaw in the firmware for the Broadcom WiFi chips left billions of devices open to attack2.