Network Security Attacks

What are Network Security Attacks?

Network security attacks are unauthorized actions against private, corporate, or governmental IT assets in order to destroy them, modify them, or steal sensitive data. As more enterprises invite employees to access data from mobile devices, networks become more vulnerable to data theft or total destruction of the data or network. Or in short, any form of malicious action taken to harm the security of information system components is classified as a network security attack with respect to the enterprise security policy.

There are two main types of network security attacks based on how the attackers doing the attacks:

• Active: when information is altered by a hacker or destroyed entirely.

• Passive: when sensitive information is screened and monitored, potentially compromising the security of enterprises and their customers.

"Why have these attacks become more common?"

In recent years, there has been an upward trend towards "hactivism" whereby hackers try to take control of organizations for political reasons or financial gain. Digital transformation in the workplace has now enabled a “bring your own device” (BYOD) model, which potentially poses risks for employees who access data with mobile devices. These can leave businesses vulnerable to threats such as wireless network attacks, as can cloud-based applications and highly interactive websites.

"Why is network security important?"

Unfortunately for modern enterprises, hacker knowledge, attack tools and botnet-for-hire are more readily available than ever before, helping to increase the prevalence and sophistication of internet-borne network attacks. For example, modern DDoS attacks can now attack at the deepest layer, the application layer, as opposed to years gone by when they could only penetrate the network or transport layer.

These cyber-attacks have two overarching outcomes for enterprises: firstly, they result in costly damages to IT infrastructure. Secondly, they incur further loss of revenue by diminishing brand reputation, for example, losing customers due to data breaches.

Types of Network Security Attacks

1. Virus

A virus is not self-executable; it requires the user’s interaction to infects a computer and spread on the network. An example is an email with a malicious link or malicious attachment. When a recipient opens the attachment or clicks the link, the malicious code gets activated and circumvents the systems security controls and makes they inoperable. In this case, the user inadvertently corrupts the device.

2. Malware

Malware attack is one of the most severe cyberattacks that is specifically designed to destroy or gain unauthorized access over a targeted computer system. Most malware is self-replicating, i.e., when it infects a particular system, it gains entry over the internet and from thereon, infects all the systems connected to the internet in the network. An external endpoint device if connected, will also get infected. It works exceptionally faster than other types of malicious content.

3. Worm

A worm can enter a device without the help of the user. When a user runs a vulnerable network application, an attacker on the same internet connection can send malware to that application. The application may accept the malware from the internet and execute it, thereby creating a worm.

4. Phishing

Phishing is the most common types of network attacks. It stands for sending emails purporting as from known resources or bankers and creating a sense of urgency to excite user to act on it. The email may contain malicious link or attachment or may ask to share confidential information.

5. Botnet

It is a network of private computers which are a victim of malicious software. The attacker controls all the computers on the network without the owner’s knowledge. Each computer on the network is considered as zombies as they serve the purpose of spreading and infecting a large number of devices or as guided by the attacker.

6. DoS (Denial of Service)

A Denial of Service is a crucial attack that destroys fully or partially, victim’s network or the entire IT infrastructure to make it unavailable to the legitimate users.

The DoS attacks can be categorized in the following three parts –

• Connection flooding: The attacker bogs down the host by establishing a large number of TCP connections at the targeted host. These fake connections block the network and make it unavailable to legitimate users.

• Vulnerability attack: By sending a few well-crafted messages to the vulnerable operating system or application running on the targeted host, stops the service or make it worse to the extent that the host crashes.

• Bandwidth flooding: The attacker prevents legitimate packets from reaching the server by sending a deluge of packets. The packets sent are large in number so that the target’s link gets blocked for others to access.

7. Distributed Denial of Service (DDoS)

It is a complex version of a DoS attack and is much harder to detect and defend compared to a DoS attack. In this attack, the attacker uses multiple compromised systems to target a single DoS attack targeted system. The DDoS attack also leverages botnets.

8. Man-in-the-middle

A man-in-the-middle attack is someone who stands in between the conversation happening between you and the other person. By being in the middle, the attacker captures, monitors, and controls your communication effectively. For example, when the lower layer of the network sends information, the computers in the layer may not be able to determine the recipient with which they are exchanging information.

9. Packet Sniffer

When a passive receiver placed in the territory of the wireless transmitter, it records a copy of every packet transmitted. These packets can contain confidential information, sensitive and crucial data, trade secrets, etc. which when flew over a packet receiver will get through it. The packet receiver will then work as a packet sniffer, sniffing all the transmitted packets entering the range. The best defense against packet sniffer is cryptography.

10. DNS Spoofing

It is about compromising a computer by corrupting domain name system (DNS) data and then introducing in the resolver’s cache. This causes the name server to return an incorrect IP address.

11. IP Spoofing

It is the process of injecting packets in the internet using a false source address and is one of the ways to masquerade as another user. An end-point authentication that ensures the certainty of a message originating from the place we determined would help in defending from IP spoofing.

12. Compromised Key

An attacker gains unauthorized access to a secured communication using a compromised key. A key refers to a secret number or code required to interpret secured information without any intimation to the sender or receiver. When the key is obtained by the attacker, it is referred to as a compromised key which serves as a tool to retrieve information.

---

How to Prevent Cyber Attacks?

1. Viruses, Malware and Worms

Virus, malware and worms is the most common network security attacks. The easiest way to prevent your computer for getting viruses is to install the latest anti-virus software. Also using administrator accounts only when absolutely necessary will also helps. The last thing you can do is to use your computer carefully.

2. Phishing

The most important thing to avoid phishing is to know how does a phishing website/link looks like. Get anti-phishing add-ons on your browser. Use different passwords for every and if it is very difficult to remember every passwords, you can use some kind of passwords manager app.

3. DoS and DDoS

You can prevent a distributed denial of service attack by securing your network infrastructure, filtering routers at the edge of your network to spot and dro DDoS connections, blackholing the site that is being DDoS’d, thereby directing all traffic to an invalid address.

4. Man-in-the-middle

You can prevent a MitM attack by not using public Wi-Fi if possible, using the latest version of encryption protocols such as TLS 1.3, and using VPN will also helps.

5. Packet Sniffer

The most important thing to prevent packet sniffing is to use a personal firewall. Also keep your anti-virus updated and use a VPN if possible.

6. DNS Spoofing

You can prevent DNS Poisoning by enabling DNSSEC on internal DNS Server, and using DNS forwarders only to verified DNS servers.

---

Reference:

• What are Network Security Attacks
• Types of Network Security Attacks | EC-Council Official Blog
• How To Prevent The Top Cyber Attacks In 2021