CyberSec: attacks and countermeasures

We live in a fully computerised world. The widespread diffusion of information technologies and, in particular, of the internet,led to an enormous increase of the number of users. However, whilst we have witnessed a remarkable expansion of markets, we have also seen – or have been victims of –more and more computer attacks.

There are several ways to compromise a system’s safety, and not all of them have as a purpose to usesophisticated programming techniques to break through the core of a corporate business or to reach sensible and personal information.

In fact, usually, the most fragile part of the delicate computer security chain is the user. A range of negligent behaviours, a delay on the software update or even only the readout of an USB memory stick can turn out to be fatal and to allow a third part to access the system.

Malware

A Malware is a dangerous software that can cause damage to devices. Malwares are usually used to steal a user’s personal information, such as usernames, passwords or even credit cards’ numbers, but they also are exploited to execute DoS or DDoS attacks. The most common malwares are: virus, worm, trojan horse, ransomware and spyware.

Viruses are parts of a code that are generally spread, by copying themselves, into other programs, or into a particular section of a hard disk, in order to be executed every time the infected file is opened. They are generally transmitted from a computer to another, when the user moves some infected files.

A worm aims to saturate the system’s resources, making it slower by means of useless and damaging operations. Typically, they do not need to be activated by a user in order to replicate themselves, and they can be disseminated to other systems through the Internet.

A Trojan horse owes its name to the analogy with the factstold by the poet Homer. It contains harmful instructions that are executed without the user’s awareness and it usually does not auto-replicate, so, in order to spread out, it has to be consciously sent to victims.

Ransomwares encrypt all the data available in a hard disk. To break the encryption, the user has to pay a ransom, thus obtaining the encryption key needed to “translate” the data. The effectiveness of the key one pays for is not always guaranteed.

Spywares are used to collect information from the system in which they are installed and to transmit it to a certain recipient. This information can range from a navigation habit to passwords or users’ encryption keys.

HOW TO PROTECT YOURSELF

In order to defend yourself, it is useful to install on your device an anti-malware and anti-virus, though it might not be sufficient. To have maximise your security, it is fundamental to update such software frequently, as new malwares are generated on a daily basis.

DoS

A DoS (Denial of Service) attack aims to make network resources unreachable, whether it is a single web-portal, a server or a DNS system. Therefore, a DoS attack seeks to make a website or a serverunachievable, by saturating the communication bandwidth.

The DDoS attack is a special case of DoS attack, where a number of slaves is used to saturate the band’s capacity in a more effective way. Devices named slave or zombie, can be purchased in the illegal market or made such by a software, which is usually undetectable to the user.

Another general task of the slave is to make the identification of the perpetrators of the attack particularly hard, since it is zombie who attacks, and not the slave.

HOW TO PROTECT YOURSELF

Possible solutions are to filter the arrival data, to restrict the traffic and to install leakage detection systems. It can also be useful to reduce the lines, decreasing the time to live the pending requests.

Man in the middle

A Man in the middle is a computer attack where someone secretly re-broadcasts or alters the communication between two parties which is meant to be direct and private. The attacker creates independent connections with the victims and re-broadcasts the messages to make them believe they are communicating directly, by means of a private connection, whereas the whole conversation is actually being controlled by the attacker. The ill-intentioned is to intercept all the important messages being sent by the victims, and to input new messages.

The attack works only if neither of the two victims realises that the connection that links them has been compromised by a third person, which could happen if the two users communicate through a different channel that is not being manipulated.

HOW TO PROTECT YOURSELF

To improve one’s safety, it is possible to adopt some preventative measures, such as aexchange of certificates between users, aimed to guarantee a mutual authentication. Another expedient is the use of secure protocols; as an instance, the secure version of the internet protocol http is https.

Man in the middle

A Man in the middle is a computer attack where someone secretly re-broadcasts or alters the communication between two parties which is meant to be direct and private. The attacker creates independent connections with the victims and re-broadcasts the messages to make them believe they are communicating directly, by means of a private connection, whereas the whole conversation is actually being controlled by the attacker. The ill-intentioned is to intercept all the important messages being sent by the victims, and to input new messages.

The attack works only if neither of the two victims realises that the connection that links them has been compromised by a third person, which could happen if the two users communicate through a different channel that is not being manipulated.

HOW TO PROTECT YOURSELF

To improve one’s safety, it is possible to adopt some preventative measures, such as aexchange of certificates between users, aimed to guarantee a mutual authentication. Another expedient is the use of secure protocols; as an instance, the secure version of the internet protocol http is https.

Dictionary attacks

A dictionary attack can be used to add an authentication mechanism to access a computer system, that requires a password.

The attacker uses a dictionary, not quite a regular vocabulary, but more of a special dictionary containing (sometimes replacing letters with numbers that recall their shapes) names, numbers, letters, song lyrics and, in general, all those words that are generally used as passwords by users as they are easy to remember.

A brutal attack considers all possible combinations and guesses the desired sequence with consequent discouraging times, the dictionary attack improvessuch a technique and allows a significant reduction of the time needed to obtain a match.

HOW TO PROTECT YOURSELF

To protect yourself is useful to use long and non-banal passwords. The initial words of an idiom or of a sentence that we remember, with uppercase and lowercase characters, including symbols and numbers can be useful to prevent this sort of attack. Moreover, it is suggested to periodically change passwords (2-3 times per year).

, ,
Alessio Colella

Born in Turin in 1994. Student of management engineering,
I love writing about everything around me.