Skip to main content

Top 7 Network Attack

When you log in to an AccessEnforcer, or any UTM device, you will see a number of network attacks detected and blocked. The number may be in the thousands, or even hundreds of thousands.
Many of these attacks are scans – precursors to attack. Depending on your settings, a good number might also be firewall policy violations.
But what are other types of network attacks? What are the most common ones today?
One answer comes from the latest Threat Report from McAfee Labs. The chart below aggregates data from the company’s network of millions of sensors across the globe. It shows the most common network attacks detected in Q1 2015.
We describe each of these common types of network attacks below.

Top 7 types of network attacks

Denial of service attacks – 37%

A denial of service (DOS) attack attempts to make a resource, such as a web server, unavailable to users. These attacks are very common, accounting for more than one-third of all network attacks reviewed in the report.
A common approach is to overload the resource with illegitimate requests for service. The resource cannot process the flood of requests and either slows or crashes.
Distributed denial of service (DDoS) attacks are popular today. This approach distributes the task to a number of computers. Through automation, the computers are coordinated to flood a target, often without the knowledge of the computers’ owners.
There are several types of DDoS attacks, which we have covered in earlier posts. These network attacks are growing more powerful every year and some send more than 100 Gbps at peak.


Brute force attacks – 25%

Some attacks look for a back way in, but a brute force attack tries to kick down the front door. It’s a trial-and-error attempt to guess a system’s password.
One in four network attacks is a brute-force attempt. Automated software is often used to guess hundreds or thousands of password combinations.
There are many ways to defend against brute force attacks. One of the simplest is to lock accounts after a number of login attempts. Blocking IP addresses after multiple login failures is another. You can also restrict login access to certain IP addresses.

Browser attacks – 9%

Browser-based attacks target end users who are browsing the internet. The attacks may encourage them to unwittingly download malware disguised as a fake software update or application.
Malicious and compromised websites can also force malware onto visitors’ systems. They often do this by exploiting a weakness in a visitor’s browser or related software, typically caused by the software being out of date.
One of the best ways to avoid browser-based network attacks is to regularly update web browsers and browser-related services such as Java and Flash. This helps ensure newly discovered security vulnerabilities are patched before they can be exploited.

Shellshock attacks – 7%

“Shellshock” refers to vulnerabilities found in Bash, a common command-line shell for Linux and Unix systems.
When security researchers disclosed Shellshock in Sept. 2014, millions of systems and appliances – from web servers to thermostats – were vulnerable. Attackers have since started exploiting the flaws, using them to install malware that sends spam campaigns and DDoS attacks.
Since many systems are never updated, the vulnerabilities are still present across the Web. The problem is so widespread that Shellshock is the target of 7% of all network attacks reviewed in the report.

SSL attacks – 6%

SSL attacks aim to intercept data that is sent over an encrypted connection. A successful attack enables access to the unencrypted information.
SSL attacks were more popular in late 2014, but they remain prominent today, accounting for 6% of all network attacks analyzed. A sharp rise in SSL attacks followed the disclosure last year of several security vulnerabilities in SSL and TLS, including the POODLE attack.
All versions of SSL (1.0 – 3.0) and TLS 1.0 encryption protocols are considered vulnerable to attack and should be avoided.

Backdoor attacks – 2%

A backdoor is a type of attack that bypasses normal authentication to allow remote access at will. Backdoors can be present in software by design. They can also be enabled by other programs or created by altering an existing program.
Backdoors are less common and often used as part of targeted attacks, according to Trend Micro. In these cases a backdoor can be custom-designed to avoid security detection and provide a disguised point of entry.

Botnet attacks – 2%

A botnet is a group of hijacked computers that are controlled remotely by one or more malicious actors. Networks are routinely hit with attempts to infect their computers with malware that will add them to a hacker’s robot army.
Attackers use botnets for malicious activity, or rent the botnet to perform malicious activity for others. From launching DDoS attacks, to sending out spam email, to practicing click-fraud, attackers use botnets for their dirty work.


Millions of computers can be caught in a botnet’s snare. The European Cybercrime Unit recently announced the takedown of the Ramnit botnet, which infected more than 3.2 million Windows computers.

Comments

Post a Comment

Popular posts from this blog

Top 20 Tools for hacking 2018

What are Hacking Tools? Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications, servers and networks. There is a variety of such tools available on the market. Some of them are open source while others are commercial solution. In this list we highlight the top 20 tools for Ethical Hacking of web applications, servers and networks 1)  Netsparker Netsparker  is an easy to use web application security scanner that can automatically find SQL Injection, XSS and other vulnerabilities in your web applications and web services. It is available as on-premises and SAAS solution. Features Dead accurate vulnerability detection with the unique Proof-Based Scanning Technology. Minimal configuration required. Scanner automatically detects URL rewrite rules, custom 404 error pages. REST API for seamless integration with the SDLC, bug tracking systems etc. Fully scalable s...
Post a Comment
Read more

12 ways to hack-proof your smartphone

A s we’ve recently seen from  leaked CIA documents , no one is immune to hacking attacks. Here’s how to protect yourself against them, whether they come from opportunist thieves or state-sponsored spies. 1. Keep up to date – and don’t open up holes yourself When it comes to protecting yourself against hackers, step one is always to install software updates as soon as they become available: that’s as true on smartphones as it is on computers. Yes, updating can be a tiresome and intrusive process, and it sometimes brings annoying changes to the interface that you’re used to. All the same, a huge proportion of successful hacks exploit vulnerabilities that have already been patched; exposing yourself unnecessarily is just daft. I’d also strongly advise against using unofficial tools to “root” your phone (known as “jailbreaking” on iOS), unless you know exactly what you’re doing. On a rooted phone, technical safeguards can be defeated, allowing apps to perform all sort...
Post a Comment
Read more

SS7 hack explained: what can you do about it?

A vulnerability means hackers can read texts, listen to calls and track mobile phone users. What are the implications and how can you protect yourself from snooping? Hackers can read text messages, listen to phone calls and track mobile phone users’ locations with just the knowledge of their phone number using a vulnerability in the worldwide mobile phone network infrastructure. But how can this happen, is it currently being used and what can you do about it? What is being hacked into? Signalling System No 7 (SS7), which is called Common Channel Signalling System 7 (CCSS7) in the US or Common Channel Interoffice Signaling 7 (CCIS7) in the UK, is a system that connects one mobile phone network to another. It was first developed in 1975 and has many variants. Most networks use protocols defined by the American National Standards Institute and the European Telecommunications Standards Institute. What does SS7 normally do? SS7 is a set ...
Post a Comment
Read more