Skip to main content

Top 7 Network Attack

When you log in to an AccessEnforcer, or any UTM device, you will see a number of network attacks detected and blocked. The number may be in the thousands, or even hundreds of thousands.
Many of these attacks are scans – precursors to attack. Depending on your settings, a good number might also be firewall policy violations.
But what are other types of network attacks? What are the most common ones today?
One answer comes from the latest Threat Report from McAfee Labs. The chart below aggregates data from the company’s network of millions of sensors across the globe. It shows the most common network attacks detected in Q1 2015.
We describe each of these common types of network attacks below.

Top 7 types of network attacks

Denial of service attacks – 37%

A denial of service (DOS) attack attempts to make a resource, such as a web server, unavailable to users. These attacks are very common, accounting for more than one-third of all network attacks reviewed in the report.
A common approach is to overload the resource with illegitimate requests for service. The resource cannot process the flood of requests and either slows or crashes.
Distributed denial of service (DDoS) attacks are popular today. This approach distributes the task to a number of computers. Through automation, the computers are coordinated to flood a target, often without the knowledge of the computers’ owners.
There are several types of DDoS attacks, which we have covered in earlier posts. These network attacks are growing more powerful every year and some send more than 100 Gbps at peak.


Brute force attacks – 25%

Some attacks look for a back way in, but a brute force attack tries to kick down the front door. It’s a trial-and-error attempt to guess a system’s password.
One in four network attacks is a brute-force attempt. Automated software is often used to guess hundreds or thousands of password combinations.
There are many ways to defend against brute force attacks. One of the simplest is to lock accounts after a number of login attempts. Blocking IP addresses after multiple login failures is another. You can also restrict login access to certain IP addresses.

Browser attacks – 9%

Browser-based attacks target end users who are browsing the internet. The attacks may encourage them to unwittingly download malware disguised as a fake software update or application.
Malicious and compromised websites can also force malware onto visitors’ systems. They often do this by exploiting a weakness in a visitor’s browser or related software, typically caused by the software being out of date.
One of the best ways to avoid browser-based network attacks is to regularly update web browsers and browser-related services such as Java and Flash. This helps ensure newly discovered security vulnerabilities are patched before they can be exploited.

Shellshock attacks – 7%

“Shellshock” refers to vulnerabilities found in Bash, a common command-line shell for Linux and Unix systems.
When security researchers disclosed Shellshock in Sept. 2014, millions of systems and appliances – from web servers to thermostats – were vulnerable. Attackers have since started exploiting the flaws, using them to install malware that sends spam campaigns and DDoS attacks.
Since many systems are never updated, the vulnerabilities are still present across the Web. The problem is so widespread that Shellshock is the target of 7% of all network attacks reviewed in the report.

SSL attacks – 6%

SSL attacks aim to intercept data that is sent over an encrypted connection. A successful attack enables access to the unencrypted information.
SSL attacks were more popular in late 2014, but they remain prominent today, accounting for 6% of all network attacks analyzed. A sharp rise in SSL attacks followed the disclosure last year of several security vulnerabilities in SSL and TLS, including the POODLE attack.
All versions of SSL (1.0 – 3.0) and TLS 1.0 encryption protocols are considered vulnerable to attack and should be avoided.

Backdoor attacks – 2%

A backdoor is a type of attack that bypasses normal authentication to allow remote access at will. Backdoors can be present in software by design. They can also be enabled by other programs or created by altering an existing program.
Backdoors are less common and often used as part of targeted attacks, according to Trend Micro. In these cases a backdoor can be custom-designed to avoid security detection and provide a disguised point of entry.

Botnet attacks – 2%

A botnet is a group of hijacked computers that are controlled remotely by one or more malicious actors. Networks are routinely hit with attempts to infect their computers with malware that will add them to a hacker’s robot army.
Attackers use botnets for malicious activity, or rent the botnet to perform malicious activity for others. From launching DDoS attacks, to sending out spam email, to practicing click-fraud, attackers use botnets for their dirty work.


Millions of computers can be caught in a botnet’s snare. The European Cybercrime Unit recently announced the takedown of the Ramnit botnet, which infected more than 3.2 million Windows computers.

Comments

Post a Comment

Popular posts from this blog

Top 20 Tools for hacking 2018

What are Hacking Tools? Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications, servers and networks. There is a variety of such tools available on the market. Some of them are open source while others are commercial solution. In this list we highlight the top 20 tools for Ethical Hacking of web applications, servers and networks 1)  Netsparker Netsparker  is an easy to use web application security scanner that can automatically find SQL Injection, XSS and other vulnerabilities in your web applications and web services. It is available as on-premises and SAAS solution. Features Dead accurate vulnerability detection with the unique Proof-Based Scanning Technology. Minimal configuration required. Scanner automatically detects URL rewrite rules, custom 404 error pages. REST API for seamless integration with the SDLC, bug tracking systems etc. Fully scalable solution.
Post a Comment
Read more

EMBEDDED BACKDOOR WITH IMAGE USING FAKE IMAGE EXPLOITER

In this article we are introducing a newly launched hacking tool “ Fake Image Exploiter ”. It is design so that it becomes easier for attackers to perform phishing or social engineering attacks by generating a fake image with hidden malicious .bat/.exe file inside it. Let’s start! Open the terminal inside your kali Linux and type following command to download it from github. Git clone https://github.com/r00t-3xp10it/FakeImageExploiter.git Once it gets downloaded then opens the folder and selects the file “ settings ” for configuration before running the program as shown the given screenshot. Now made some changes inside setting file as shown the screenshot: Here you have to declare the type of payload extension you will use to hide it inside the image. You can set any exetension among these four : ps1, bat, txt, exe.  I had set  PAYLOAD_EXETNSION=bat  similarly set  BYPASS_RH=NO   and scroll down for next configration. In same way set these two values also as show
Post a Comment
Read more

Wifi Post Exploitation on Remote PC

Hello readers! Today you will be learning about different ways to get basic service sets information of remote user’s Wi-Fi as well as current network connection information, and how to extract saved Wireless LAN profiles of remote pc after that you will be disconnecting target user’s Wi-Fi too. First Hack the Victim PC Using Metasploit ( tutorial how to hack remote pc ) after that get admin access through Bypassuac ( click here ), once you have victim’s meterpreter session run given below post exploit  one-by-one.  Get BSS information of a remote user’s Wi-Fi connection This module gathers information about the wireless Basic Service Sets available to the victim machine. e.g. this will give you SSID and other important  information regarding wireless connection. msf > use post/windows/wlan/wlan_bss_list msf post( wlan_bss_list ) > set session 5 msf post( wlan_bss_list ) > exploit From given below image you can observe that here it has found “5 networks” suc
Post a Comment
Read more