With the tremendous advancement of Internet technology over the past few decades so has the sophistication of exploits and thus threats to computer systems. It is exploited by malicious hackers who find vulnerabilities or vulnerabilities that are pre-existing errors in the security configuration of computer systems. Common types of vulnerabilities are errors in the design or configuration of network infrastructure, protocols, media, operating systems, web-based applications and services, databases, etc.
Types of Computer Security Threats
Spoofing is when someone hides their identity to avoid exposure of their wrongdoing and impersonates someone else in order to gain trust and get confidential information out of the system. The IP address or unique identity on the network is known as IP spoofing and pretending to be someone else in your digital communications is known as email spoofing.
Information gathering attacks
Information gathering is the practice in which the attacker obtains invaluable details about probable targets. This is not an attack, just a preliminary phase of an attack, and is completely passive as there is no explicit attack. Systems including computers, servers, and network infrastructure including communication links and devices between networks, are tracked, scanned, and queried for information such as the target system is running, which ports are open, details about the operating system, and its version, etc. Some of the attacks for gathering information are sniffing, mapping, vulnerability scans, phishing, etc.
The easiest way to gain control of a system or a user account is a password attack. If the victim’s personal information and behavior are known, the attacker begins by guessing the password: a form of Social engineering to track down and find the password. The dictionary attack is the next step in password attacks and is automated.
After gaining access to a system, the attacker enlists the assistance of malware or malicious software that secretly acts against the interests of the computer user.
Computer viruses are malicious software designed to get from one computer to another by means of file transfer, piggybacking on original programs and operating systems, or email from certain websites to your computer as well contaminate other computers in your contact list over the communication network Viruses affect system security by changing settings, accessing confidential data, displaying unwanted advertisements, spamming contacts and taking control of the web browser. Viruses are identified as executable viruses, boot sector viruses, or email viruses.
Computer worms are fragments of malicious software that multiply rapidly and spread from one computer to another via their contacts spread to the contacts of these other computers, and so on and reach a large number of systems in a very short time. Fascinatingly, the worms are prepared to spread by exploiting software vulnerabilities. Worms display unwanted advertisements. This process uses tremendous CPU time and network bandwidth, thereby denying access to the victim’s systems or network, creating chaos and trust issues on a communications network.
Trojans are programs that look completely real but actually contain a malicious part. Trojans are typically distributed through email attachments from trusted contacts and also by clicking on fake advertisements. The Trojan payload is an executable file that a server program installs on the victim’s system by opening a port and listening to that port while the server is running on the attacker’s system. You can do this through the back door that hides it from the user.
Spyware and Adware
Spyware and adware are programs that have the common property of collecting personal information from users without their knowledge. The adware is designed to track data about the user’s surfing behavior and to display pop-ups and advertisements based on this. the agreement during the installation process is often dispensed with the slightest seriousness. Spyware, on the other hand, installs itself on a computer and gathers information about the user’s online activities without their knowledge. Spyware contains keyloggers that record everything typed on the keyboard, making them unsafe due to the high threat of identity theft.
Scareware is another malware that misleads victims by displaying fake warnings and forcing victims to purchase deceptive protection software. Warnings or pop-up messages sound like warning messages along with appropriate safeguards that, if followed, create safety concerns.
A rootkit is a suite of software tools that can be secretly mounted with real software. The rootkit enables remote access and administrative control on a system. With these rights, the rootkit carries out malicious activities, such as deactivating antivirus, password sniffing, keylogging, etc.
The Keylogger software has the ability to record keystrokes and also take screenshots and send them to a log file in encrypted form to save. The keylogger software can record all the information entered on the keyboard including passwords, email, and the log file created by the keylogger is saved and sent to the attacker on a remote computer to extract the password and banking information for financial purposes of the scam.
Ransomware is malicious software that makes it difficult to get into the computer or files on the computer. Computers can be locked or file encrypted. As a result, the two most common types of ransomware are lock screen ransomware and encryption ransomware. In order to lift the restriction, a ransom is required from the victim, which is displayed on the victim’s system. Notification that facilities have detected illegal activity on this computer and are demanding a ransom as a fine to avoid criminal prosecution.
Rogue security software
Rogue security software is another malicious program that misleads users into believing that malware is installed on their system or that security measures are out of date and are therefore a cause for concern. They offer to install or update users’ security settings. So it is a real malware that is installed on the computer.
A collection of compromised systems or bots that act as a group of infected computers under the control of a master bot to remotely control attacks and send synchronous attacks to the victim’s host. This army of bots, agents, and botmasters makes up a botnet. They are used to send spam and also for distributed denial of service attacks.
Denial-of-Service (DoS) attacks, as the name suggests, deny users access to the service or the system. The server offering the service is rejected DoS attacks interrupt the service of a computer or network system, making it inaccessible or underperforming.
In distributed DoS attacks (DDoS), the victim is also the target of many individual compromised systems. DDoS attacks are usually carried out with the help of botnets. The botmaster is that the wrongdoer who indirectly attacks the victim machine with a military of bots or zombies. DDoS attacks occur when many compromised systems act in sync and are coordinated under the control of an attacker to completely drain their resources and force them to deny service to their real users. It is the increase in traffic that is putting a strain on the website or server that makes it appear sluggish.
Over the past decade, the use of the Internet of Things (IoT) has grown exponentially; H. smart devices are used in the home, organization, and business. The problem with these IoTs is their weak security, as these devices are often overlooked when it comes to installing security patches that provide clues for attackers to seize these devices in order to infiltrate networks. An IoT-based attack is any cyberattack that exploits a victim’s use of the IoT to inject malware into a network.
When hijacking a session, the hacker takes control of the session between the two servers. Session hijacking typically occurs in applications that use TCP with sequence number prediction. The attacker uses this sequence number to send a TCP packet.
A combined attack is a software program exploit that contains an aggregate of taking advantage of strategies to attack and propagate threats, for example, viruses, worms, and Trojan horses.
Website attacks are focused on browser additives which can be vulnerable to being unpatched even if the browser is patched. SQL injection assaults are meant to goal any internet site or net utility that makes use of an SQL database inclusive of MySQL, Oracle, etc. Through taking advantage of the safety flaws in the utility’s software program. This attack is used to achieve and corrupt user’s sensitive records.
Mobile phone and VOIPthreats
Malware targets cell phones, VoIP systems, and IP PBXs as those gadgets have considerable posted vulnerabilities. There are attack tools freely to be had on the Internet, and misusing those vulnerabilities makes those attacks too common and easy even for a script kiddie.
WiFi Snooping is an attack used by cyberattacks to obtain confidential information from a target system. It is the process of silently listening to an unencrypted Wi-Fi network.
WPA2 Handshake Vulnerability
Key Reset Attack (KRACK) allows attackers to decrypt network traffic on WiFi routers.
One of the most common cybersecurity threats faced by any organization are its own employees. Insider attacks are initiated by disgruntled employees of the organization. Insiders often have certain privileges and data rights with respect to attacking systems and networks, which gives them an advantage against external attackers. These attacks are difficult to prevent with a firewall, which is the first layer of defense.
Supply chain attacks
Attacks on the supply chain is aimed at causing harm by targeting the least secure elements of the supply chain.
Buffer overflows are used to exploit programming errors that do not care about the size of the buffer. If a buffer gets stuck beyond its size, the data overflows into the contiguous memory. This flaw is cleverly exploited by hackers to change the execution of the program.
User to root attack
A user to root attack is a case of privilege escalation in which a user is given a higher privilege than authorized. This is not an attack class as such, and it is the process of an attack. performs activities that the attacker is not authorized to do.
Man-in-the-middle attacks allow the hacker to spy on the communication between two systems and to compromise privacy. A common way to do this is to place the attacker in one place and redirect all communications along the path that includes that hacker so that the hacker can eavesdrop.
Pharming is a widespread online scam that automatically targets a nasty and illegal website by submitting the authentic URL. Even if the URL is entered correctly, you will be redirected to a fake website that is similar to the real one. The fake site asks you to enter personal information that has been given to someone with malicious intent.
Spam is an unsolicited bulk e-mail message that annoys users with spam and puts a burden on communication service providers, organizations, and individuals alike. These emails can be commercial like an advertisement or non-commercial like chain letters or anecdotes.
Many computer threats have been included in this article using many terms that are not mutually exclusive. Here, too, an attack can be divided into different classes, since the attackers use several techniques or strategies. Advanced defenses implemented by security professionals allow hackers to continue to use the same attack techniques and exploit the same vulnerabilities that they used in the past, avoiding irreparable damage. This requires the implementation of a security policy as an ongoing process with a tight access control mechanism and the implementation of advanced multi-layered security devices.