Network+ and Security+ Exam Objectives: Common Hacker Attacks
A critical component of IT/IS security fundamentals is understanding the common attacks hackers use to infiltrate networks, take down websites, and steal confidential information. This topic is a key objective in CompTIA’s Security+ SY0-601 exam; specifically, it’s Objective 1.5: “Explain different threat actors, vectors, and intelligence sources.” (more on that below). For the Network+ N10-007 exam, this falls under objective 4.4 “Summarize common networking attacks.”
Since the advent of the Internet and e-commerce, hackers have come up with literally hundreds of different variations of attacks. The good news for Security+ candidates is that you only need to be familiar with some key hacker attack categories and types.
In this article, we’re going to take a look at some of the most common hacker attacks and provide a technical description of how they are used.
CertBlaster Network+ & Security+ practice test products:
Denial of Service attacks (DoS and DDoS)
Denial of Service (DoS) attacks are probably the most prevalent form of network attack today because they are relatively easy to execute. A DoS attack is meant to make a website or online service unavailable by overwhelming the host computers with one or more types of network traffic.
If a DoS uses multiple systems to carry out the attack, it is called a Distributed Denial of Service (DDoS) attack. DDoS attacks often use a large number of unrelated systems which have been compromised by malware or trojans. Compromised systems used in a DDoS attack are referred to as zombie computers. A zombie computer’s owner is often totally unaware that their machine is being used in a DDoS attack.
You may have unwittingly participated in a non-malicious DoS attack. This event commonly occurs when a popular, high-traffic website runs a news story linked to a small commercial site or blog. Small sites like these are commonly hosted on modest web servers incapable of dealing with the resulting mass influx of visitors, causing the target sites to become unusable until the visitor demand dies down.
One of the oldest and simplest DoS attacks is a ping flood. A ping flood sends a fast, constant flow of ICMP echo request packets (pings) to the IP address of a targeted computer. The computer and its network bandwidth are eventually compromised by the constant stream of ping packets.
A smurf attack is a DoS or DDoS attack that employs spoofing—using electronic forgery to make something appear it is from a different place. In a smurf attack, network packets are created with the target computer’s spoofed IP address as the packets’ origin. The spoofed packets contain a ping message that is broadcast to all of the IP addresses in a given network. The ping responses are all sent to the target computer, which quickly overwhelms the target computer and the network it’s on.
A Xmas attack is a DoS attack that uses a special network packet called a Christmas tree packet. This is a data-filled packet that can interact with several different network protocols. These packets require a lot of data processing, which makes them an effective denial of service weapon.
There are a number of hacker attacks that target network communication tools. Some of these attacks are nuisances, while others are far more serious.
Everyone is familiar with spam, unsolicited email advertising messages selling various nefarious products. Spam can also be used as a DoS attack by sending huge quantities of messages to a targeted email server or client. A variation of this type of attack is spim, which targets an online instant message service or a specific IM user.
Phishing attacks involve the mass-mailing of forged emails soliciting responses from recipients in order to gain private information for a hacker to leverage. Banks, e-commerce sites, and online payment services are popular phishing email subjects. Spear phishing is a more targeted version of this attack which is usually aimed at a specific organization, or even just a single person. Vishing, or voice phishing, uses caller-ID spoofing and other telecom trickery to make the victim believe they are speaking with a representative of their bank or another institution.
Pharming is an attack that diverts web traffic from one website to a counterfeit site. These counterfeit sites may use keylogging to capture usernames and passwords, or they may automatically upload malware to the user’s computer. Pharming often employs DNS poisoning, which is compromising one or more DNS servers to act as the redirection agent.
URL hijacking, also called typosquatting, is when someone registers a URL that is a common misspelling of a popular site (e.g., gooogle.com). This is often done to earn page hit advertising dollars, or to cyber squat on a misspelled URL in the hopes that the related site will purchase it. More seriously, this technique can be used to send poor typists to a malware-infected site, or to a counterfeit version of the desired site.
A watering hole attack is when a hacker infects a website that is known to be popular with a certain user or group of users. The desired result is that the hacker gets access to the target’s machine, and through that machine infiltrates their corporate network.
Security+ and Network+ candidates: good luck on your exam!
For CertBlaster Network+ & Security+ practice test suites click below buttons
Aaron Axline is a technology writer and knowledge management specialist based in Edmonton, Canada. His work has appeared in titles from Que Publishing and on popular tech blogs and sites. His professional writing site is AaronAxline.blogspot.ca.