Types of account theft attacks. Summary of common types of network attacks


For attacks that exploit vulnerabilities, require hackers to be aware of security issues on the operating system or software and take advantage of this knowledge to exploit the vulnerabilities.

1. Passive attack
An attack on which stolen account information is stored for later use. This type of attack has two types: online (offline) and offline (offline) .The offline attack has specific goals, performed by the perpetrator of direct access to the victim's property. For example, an culprit with access to a user's computer could easily install a "key logger" or a spy to collect user's data.

Offline attacks have limited range and low performance. This is the simplest form of account theft, does not require "skilled" and does not cost anything.

Users can become victims of this attack simply because they reveal passwords or save it in unencrypted file in an easily identifiable file name on the hard disk. A recent study found that 50% of account theft was done by someone close to the victim.

Online attacks have no specific targets. The attacker targeted a large number of users on the Internet, hoping to exploit "loose" systems or take advantage of the users' trust to steal accounts.

This type of attack is quite high, up to 3% (according to a ComputerWorld report). The most common form of online attack is phishing.

Costs for online attacks are mainly used to buy email lists, "weak" computer lists that can put fake websites or order destructive software. This type of attack is usually done by "skilled" hackers.

2. Active attack
A sophisticated attack to steal and use accounts in real time. Active attacks are quite costly and require high technical skills. A "man-in-the middle" attack that creates a fake website standing between the user and the real website is an example of an active attack. Active attacks are not a security issue but they will be in the near future.

When two-key authentication becomes popular and passive attack is no longer in effect, criminals will have to resort to a more sophisticated type of proactive attack. Companies, especially financial institutions, need to prepare their users for this second wave of attacks.

The best defense against proactive attacks is securing users' computers: ensuring the operating system and all applications are fully updated and patched, updated for virus signature databases and malware, use firewalls for Internet connections, use antispyware and malware tools to make sure your computer doesn't install unnecessary programs ... The anti-phishing filter also helps reduce the chances of a user going astray. Phishing websites.

3. Distributed attack (Distributed attack)
Sporadic attacks require an attacker to introduce code, such as a Trojan horse program or a back-door program, with a "trusted" component or software distributed to many other companies and attack users by focusing on modifying malware hardware or software during distribution, etc. Attacks introducing malicious code such as back door on a product for the purpose of unauthorized access to information or unauthorized access to functions on the system.


Insider attacks involve insiders.

4. Internal attack (Insider attack)
Insider attacks involving insiders, such as an employee "dissatisfied" with their company, ... intranet network attacks can be harmful. or harmless.

Insiders deliberately eavesdrop on, stealing or destroying information, using the information in a fraudulent manner or illegally accessing the information.

5. Phishing attack
In phishing attacks, hackers will create a fake website that looks "identical" to popular websites. During phishing attacks, hackers will send an email for users to click on and navigate to the fake website. When users log in to their account information, hackers will save that username and password.

6. Hijack attacks
During hijack attacks, hackers will gain control and disconnect the conversation between you and another person.

7. Password attack
For password attacks, hackers will try to "crack" the passwords stored on the network account database or password protected files.

Password attacks include three main types: dictionary attacks, brute-force attacks, and hybrid attacks.

Dictionary attack using a list of files containing potential passwords.

8. Exploit attack (Exploit attack) exploit
For attacks that exploit vulnerabilities, require hackers to be aware of security issues on the operating system or software and take advantage of this knowledge to exploit the vulnerabilities.

9. Buffer overflow (buffer overflow error)
A buffer attack happens when hackers send more data to an application than expected. As a result of the buffer attack attack, hackers attack system administrator access on Command Prompt or Shell.

10. Denial of service attack
Unlike password attacks, denial of service attacks prevent the use of your computer or network in the usual way with valid users.

After the attack, access your network, hackers can:

Block traffic.
Sending unreasonable data to network applications or services, resulting in termination notices or unusual behavior on these applications or services.
Buffer overflow error.
11. Man-in-the-Middle Attack style attack
As the name implies, a Man-in-the-Middle Attack is an attack that occurs when the conversation between you and someone is monitored, captured, and controlled by the attacker. your transparent way.

Man-in-the-Middle Attack-style attacks are like someone impersonating your identity to read your messages. And the person on the other end believes it's you, because the attacker can respond positively to exchange and gather more information.

12. Compromised-Key Attack
The key here is the secret code or important numbers to "decode" the confidential information. Although it is difficult to break a key, it is possible for hackers. After hackers have obtained a key, this code is called a malicious code.

Hackers use this malicious key to gain access to communications without having to send or receive attack protocols. With malicious keys, hackers can decode or modify the data.


With malicious keys, hackers can decode or modify the data.

13. Direct attack

Direct attacks are often used in the early stages to gain internal access. A classic attack method is to detect usernames and passwords. This method is simple, easy to implement and does not require any special conditions to get started. An attacker can use information such as username, date of birth, address, house number, etc. to guess a password. In case you have a list of users and information about your work environment, there is an automated program to detect this password.

A program that can be easily retrieved from the Internet to decode encrypted passwords of a unix system called crack, is capable of trying combinations of words in a large dictionary, according to user-defined rules. self-definition. In some cases, the success of this method can be as high as 30%.

The method of using application program errors and the operating system itself has been used since the first attacks and continues to gain access. In some cases this method allows an attacker to gain the rights of a system administrator (root or administrator).

Two examples that are frequently provided to illustrate this method are the example of the sendmail program and the UNIX operating rlogin program.

Sendmail is a complex program, with source code containing thousands of lines of C language. Sendmail is run with the priority of the system administrator, because the program must have the right to write to the mailbox of users. use the machine. And Sendmail directly receives mail requests on external networks. These are the factors that make sendmail become a source of security holes to access the system.

Rlogin allows users from one computer on the network to remotely access another computer to use its resources. In the process of getting the user name and password, rlogin does not check the length of the input stream, so the attacker can include a pre-calculated string to overwrite the rlogin program code, via that gain access.

14. Wiretapping
Eavesdropping information on the network can bring back useful information such as user name, password, confidential information transmitted over the network. Eavesdropping is usually done right after an attacker gains access to the system, through programs that allow the network interface card (Network Interface Card-NIC) to receive all the information. online transmission. This information can also be easily obtained on the Internet.

15. Fake address
IP address spoofing can be done through the use of source-routing capabilities. With this attack, the attacker sends IP packets to the internal network with a spoofed IP address (usually the address of a network or a machine considered safe to the internal network), co specify the path that IP packets must send.

16. Disable the functions of the system
This is a type of attack aimed at paralyzing a system, not allowing it to perform the function it designed. This type of attack cannot be prevented, because the means organized by the attack are also the means for working and accessing information on the network.

For example, using the ping command at the highest speed possible, forcing a system to consume the entire computational speed and ability of the network to respond to these commands, no longer the resources to perform the task there. Useful.

17. Error of system administrator
This is not an intruder attack, but system administrator errors often create vulnerabilities that attackers can use to gain access to the local network.

18. Attack on the human element
An attacker could contact a system administrator, posing as a user to request a password change, change his or her access rights to the system, or even change some configurations. of the system to perform other attack methods.

With this type of attack, no device can be effectively prevented, and there is only one way to educate intranet users about security requirements to be alert to suspicious phenomena.

The human element is generally a weakness in any protection system, and only education and user cooperation can enhance the security of the protection system. .