Type of Attack Indicators

Almost any software layer or level, including applications and network protocols, is vulnerable to attack. When a system has a weakness, an attacker takes use of it to launch an attack. An attack can have a wide range of consequences, from trivial to serious, depending on the attacker’s goal. Because the assault is actually taking place on a different system and the attacker obtains the data they will change on the second system by attacking the first system, an attack on one system may not be visible on that system. Attacks may target the program, the network, or the cryptographic components used in a system, or they may target the user, as in social engineering. These attack types are contrasted and compared in this chapter.

Even while viruses and hackers get the most press coverage, there are other ways to target computer networks and systems. The numerous methods that computers and networks are attacked on a regular basis are covered in this chapter. At least one of the three security requirements—confidentiality, integrity, and availability—is threatened by each kind of assault (the CIA of security).

Attacks on computer systems and networks can be broadly classified into two groups from a high level: attacks on a particular protocol or service and attacks on individual software, such as an operating system or application. Attacks on a particular operating system or application are typically made feasible by a fault, or bug, in the code (again suggesting a lack of sufficient testing) or by an oversight in the code (and maybe in the testing of that code). Attacks against certain protocols or services are attempts to either exploit a feature of the protocol or service or utilize it in a way that was not intended.
Security experts should be aware of the many types of attacks covered in this lesson

Malware

Software created with malicious intent is referred to as malware. Such software can be made to harm a system, for example, by wiping out all of its files, or it can be made to open a backdoor so that unauthorized users can access the system. Malware is typically installed in a way that makes it invisible to authorized users. Malicious software comes in a variety of forms, including viruses, trojan horses, logic bombs, spyware, and worms. They vary in their installation methods and objectives. While some types steal sensitive information like passwords or credit card numbers, others may encrypt data for ransom or use a device’s resources to carry out attacks on other systems. Malware typically spreads through infected email attachments, malicious websites, software downloads, or exploiting system vulnerabilities. Detecting and removing malware requires robust antivirus software, regular system updates, and cautious online behavior.

Ransomware

Malware that executes an activity and demands a ransom from the user is known as ransomware. As the name suggests, ransomware usually encrypts files on a system and renders them inoperable either permanently (by causing a denial of service) or momentarily until a ransom is paid. The only way to fix ransomware, which is usually a worm that is fully automated and used as a denial of service attack, is to rebuild the system. This attack method is equal to physically destroying assets because it might be time-consuming and/or impractical in certain situations.

Notable Ransomware Attacks

1. WannaCry (2017)

  • Overview: WannaCry exploited a vulnerability in Windows systems using the EternalBlue exploit.

  • Impact: It affected over 200,000 computers across 150 countries, disrupting services in hospitals, banks, and businesses.

  • Mechanism: Once inside a network, it spread rapidly, encrypting files and demanding payment in Bitcoin.​

2. NotPetya (2017)

  • Overview: Initially perceived as ransomware, NotPetya was later identified as a wiper malware designed to cause destruction.

  • Impact: It targeted Ukrainian infrastructure but spread globally, affecting companies like Maersk and Merck.

  • Mechanism: It used the same EternalBlue exploit as WannaCry but lacked a functional decryption mechanism, making data recovery impossible.

Trojans

Trojan Horse, or simply Trojan, is a type of malicious software that disguises itself as a legitimate or harmless program to deceive users into installing it. Once activated, it can create a backdoor for attackers to access the system, steal data, monitor user activity, or deploy additional malware. Unlike viruses or worms, Trojans do not replicate themselves but rely on social engineering tactics—like fake software updates or email attachments—to trick victims into execution. They pose a serious threat to both individual users and organizations by compromising system integrity and privacy.

Back Orifice (BO), which was first developed in 1999 and is currently available in multiple variants, is a prime example of a trojan. BO is compatible with many different kinds of programs. BO will make it possible for unauthorized users to remotely take over the machine, just like they would if they were seated at the console, after it is attached and an infected file is executed. BO is made to function on Windows-based platforms. One method of trojan detection is by using a port that the trojan opens to connect with the outside world.

Worms

Once, it was simple to tell a virus from a worm. The line has recently become more hazy due to the emergence of new types of harmful code that are extremely complex. Worms are bits of code that try to get into computer systems and networks. Following a penetration, the worm will replicate itself on the compromised system. Therefore, worm reproduction does not depend on the virus attaching itself to a file or another piece of code, which is how viruses are defined.

Worms were typically considered a network-based issue, whereas viruses were considered a system-based one. The malicious code may then be referred to as a worm if it spreads throughout a network. The key difference, though, is whether the code can “survive” on its own (a worm) or must affix itself to another entity (a virus).

.

No Attachment Found
No Attachment Found