Distributed Denial of Service (DDoS)
- A DDoS attack aims to overwhelm a network or service by flooding it with traffic from multiple sources.
- Mechanism:
- Botnets: Attackers use networks of infected devices (botnets) to generate traffic.
- Target Saturation: The target becomes unresponsive to legitimate users.
- Example:
- An e-commerce site is flooded with requests during a sale, causing it to crash.
DDoS attacks can target any online service, from websites to gaming servers, making them a widespread threat.
Insecure Network Protocols
- Protocols that lack encryption or authentication, making them vulnerable to interception.
- Examples:
- Telnet and FTP: Transmit data in plaintext, allowing eavesdropping.
- HTTP: Lacks encryption, exposing sensitive information.
- Risks:
- Data Interception: Attackers can capture credentials and sensitive data.
- Session Hijacking: Unauthorized access to active sessions.
Always use secure protocols like HTTPS or SSH to protect data in transit.
Malware
- Malicious software designed to damage, disrupt, or gain unauthorized access to systems.
- Types:
- Ransomware: Encrypts files, demanding payment for decryption.
- Spyware: Collects sensitive information without user consent.
- Example:
- A ransomware attack encrypts a company's files, halting operations until a ransom is paid.
Malware can spread through email attachments, infected websites, or compromised software updates.
NoteThere are many different types of Malware, it would be good to look at: Virus, Worm, Trojan Horse, Spyware, Adware, Ransomware, Rootkit, Keylogger, Botnet, Fileless Malware, Logic Bomb, Backdoor
Man-in-the-Middle (MitM) Attacks
- An attacker intercepts and alters communication between two parties without their knowledge.
- Mechanism:
- Eavesdropping: Capturing data as it travels between devices.
- Data Manipulation: Altering messages or injecting malicious content.
- Example:
- An attacker intercepts a Wi-Fi connection at a café, capturing credit card information during an online purchase.
MitM attacks are especially dangerous on public Wi-Fi networks, where encryption may be weak or absent.
Phishing Attacks
- Fraudulent attempts to obtain sensitive information by disguising as a trustworthy entity.
- Mechanism:
- Emails or messages that appear legitimate, directing users to fake websites.
- Social Engineering: Exploiting human trust to extract information.
- Example:
- An email pretending to be from a bank, asking users to verify their account details on a fake website.
Always verify the sender's email address and check for suspicious links before providing any information.
