Security: Social Engineering Attacks - Paiet/Tech-Journal-for-Everything GitHub Wiki

  • Man-in-the-middle
    • a form of eavesdropping where the attacker makes an independent connection between two victims and relays information between the two as if they were directly connected
  • DDoS
    • a type of attack where multiple systems are used to consume the resources of a particular system so that it no longer can respond to legitimate requests
  • DoS
    • same as DDoS but used with a single pc
    • UDP floods
    • SYN floods
    • Reflected DoS attack
  • Replay
    • an attack where information about a particular session is captured and then used at a later time to gain unauthorized access to a particular resource.
  • Smurf attack
    • also called ICMP flood it is when large amounts of ICMP ping packets are sent to a target.
    • these are not really effective with today's networking equipment
  • Spoofing
    • human or software based attack where the goal is to impersonate or pretend to be someone else for the purpose of identity concealment
    • can spoof IPs, MAC, email
  • Spam
    • unsolicited email
  • Phishing
    • email based social engineering attack where the email is claimed to be sent directly to the victim and requests personal information or money to be sent to the attacker
  • Spim
    • spam that is sent through instant messaging
  • Vishing
    • also called voice phishing, it is done through phone systems and VoIP system. can be effective since people can be more trusting when speaking in real time
  • Spear phishing
    • targeted phishing
  • Xmas attack
  • Pharming
    • an attack where a request for a website is redirected to similar website the looks the same but is really fake.
    • website is usually an e-commerce site
  • Privilege escalation
  • Malicious insider threat
  • DNS poisoning and ARP poisoning
  • Transitive access
    • giving access to resources without the need to authenticate.
    • individuals having transitive access can be saved in a log file
    • an attacker who gains access to this file can add himself and the exploit the trust relationship
  • Client-side attacks
  • Password attacks
  • Brute force
    • This type of attack is used when it is not possible to take advantage of other weaknesses that would be easier
    • It consists of systematically checking all possible combinations until the correct one is found
    • the key length determines the practical feasibility of performing a brute force attack since longer keys take an exponentially longer time to crack than shorter ones
    • the use of GPU's and ASICs (application-specific integrated circuit) are often used as the hardware for performing brute force attacks
    • brute force attacks are commonly performed offline since countermeasures such as password lockout policies are typically implemented to protects against these attacks
  • Dictionary attacks
    • this attack involves using every word in the dictionary as either the password into a system or the key to decrypt a message or document
    • this type of attack works because so many people use ordinary words as passwords
    • dictionary attacks are very successful against single-word passwords, less successful against multiple-word passphrases, and unsuccessful against randomly generated letters/numerals
  • Hybrid
    • this type of attack combines brute force and dictionary attacks
    • it takes a common word and appends numbers to the end such as Password0000; Password0001; Password0002; etc
  • Birthday attacks
    • this type of attack is based off a statistical phenomenon based off the birthday paradox, which states that in order for there to be a 50% chance that any two people in a room have the same birthday, you only need 23 people
    • this applies to finding collisions in hashing algorithms because it is much harder to find something that collides with a given hash than it is to find any two inputs that hash to the same value
  • Rainbow tables
    • similar to a dictionary attack
    • composed of a large dictionary with pre-calculated hashes and the passwords they were calculated from
    • the use of 'salt' can be a measure to protect against successful rainbow table attacks
  • Typo squatting/URL hijacking
    • this attack involves attackers cybersquatting on domain names similar to legitimate websites
    • fake websites are created with the look and feel of the legitimate site with the hope visitors will be unable to realize they are on a different site
    • such website often employ drive-by-downloads as a way to deploy malicious software to your pc
  • Watering hole attack
    • this type of attack involves planting malware at sites the attacker believes the target will visit
    • targets that are resilient to spear phishing or other types of phishing attacks can fall victim to a watering hole attack Summarize social engineering attacks and the associated effectiveness with each attack.
  • Shoulder surfing
    • the act of monitoring an individual entering credentials or other input or actions
    • a type of eavesdropping
  • Dumpster diving
    • sorting through an individual's or company's discarded items in search of information
    • typically used to find information for use in deploying phishing attacks
  • Tailgating
  • Impersonation
  • Hoaxes
    • email or web-based attack where the victim is tricked into performing a type of action.
    • can be to delete system files or to convince them to give up personal information
  • Whaling
    • spear phishing attacks against individuals in high ranking positions or those with power and wealth
  • Vishing
  • Principles (reasons for effectiveness)
    • Authority
    • Intimidation
    • Consensus/Social proof
    • Scarcity
    • Urgency
    • Familiarity/liking
    • Trust