Understanding types of cyberattack by knowing its pattern and statistics.
In this modern era, Internet is so common and slowly became living needs to human beings. Without these technology, humans are like losing their hands, losing the source of convenience. But, what benefits the people also brings disadvantages behind it. With the vulnerability of internets, the attackers perform attacks through the internet by using malicious code to alter computer code, logic or data causing disruptive consequences just to benefits themselves directly and sometimes indirectly, threatening the victims wealth, physical safety and mentality. Recently, the attackers perform attacks such as ransomware attack, DDoS attack, SQL injection and etc. The users of internet are very exposed to the attacks. Who would know, just by connecting to the public Wi-Fi, you might be attacked by the attackers. Who would know, just surfing some unfamiliar website, you might infected by ransomwares. It is dangerous if one has no knowledge about these attacks.
For an example, there was a viral ransomware attack which is called WannaCry spreading through computers worldwide last year. It is a ransomware which encrypts (lock) the user’s files, enabling only certain party able to do the decryption (unlocking) before paying some money. In order to prevent the threats, one has to be well knowing about the types, patterns and impacts of various kind of cyberattacks. In this assignment, some types of cyberattack will be introduced by describing its pattern and impact along with some real time statistics.
1.The DDoS/DoS(Distributed Denial of Service) Attack
Basically, the purpose of DDoS attack and DoS attack are the same. They are used to flood on a system’s resources or say to jam the traffic of a system so that the other users cannot access to the attacked system. But, the difference between DDoS and DoS attack is that DoS attack only uses one single computer and internet, but DDoS uses multiples host machines that are infected by malware controlled by the attacker.
There are few types of DDoS/DoS attack which is the TCP SYN flood attack, the Teardrop attack, the Botnets and etc.
In the TCP SYN flood attack, the attacker perform attacks at the “three-way handshake” mechanism. SYN packets were sends repeatedly to every ports of the targeted server, using fake IP addresses. Unawareness of the targeted system request to establish communication and responds to each attempt with SYN-ACK packet from each open port. Finally, the attackers doesn’t send back ACK packet or sometimes the IP address is spoofed, the SYN-ACK packet will not received by the attacker, leaving the server wait for the acknowledgement of its SYN-ACK packet for some times. During this period, the server cannot close down the connection by sending RST packet ( which uses to terminate communication during three-ways handshake mechanism).Before the connection time out, another SYN packet will arrive, leaving behind a large number of half-open connection. Eventually, the server’s connection overflow table fill, making the real client to be denied, or sometimes, the server will crash or malfunction.
right475615Distribution of DDoS attacks by country,Quarter 3 and 4 of 2017.
Distribution of DDoS attacks by country,Quarter 3 and 4 of 2017.
From the above chart, we can observe that the China had the most attack followed by the U.S and South Korea. We can see that, China’s attacks has slightly decreased from 63.30% to 59.18% from between Q3 and Q4 but U.S and South Korea were in increase which is 12.98% to 16.00% (U.S) and 8.70% to 10.21% (South Korea) respectively.
1651002349502895600Distribution of unique DDoS-attack targets by country,Quarter 3 and 4 2017
Distribution of unique DDoS-attack targets by country,Quarter 3 and 4 2017
According to the chart, China again will be the most attacked target even though it is obvious that the attacks had decreased from 51.84% to 47.53%.Then the U.S and South Korea still topping the chart with 19.32% and increased to 24.10% and 10.37% increased to
South Korea 9.62% respectively. Russia was originally in the chart at Q3 of 2017, but drop out of the chart at Q4.
1727200151130Types and duration of DDoS attack
Types and duration of DDoS attack
The chart shows the types and duration of DDoS attack. According to the chart, SYN attack has the most numbers out of the another 4 DDoS attack. The reason behind this was, SYN attack is simply yet destructive to the targets.
In DDoS attacks, disruptive of essential systems will be made to avoid the systems function properly. This is critical as a normal running system will be affected such as the ticketing system of a train station, the navigation system of an airplane and etc. What if the system of train station of Tokyo got disturb for just 5 minutes? The Tokyo train station has average of 500,000 passengers every day and it will be a big mess when a large number of people cannot travel from one place to another and just stucked at the train station. Then, it will be terrible if the airplanes fly in the sky halfway, and suddenly, the navigation system is disturbed, right? The modern world now is basically works on systems. Without systems, a lot of activities will not able to be carried and many many lives will be threatened.
Other than essential system, the attacker will also target big companies to disturb their systems indirectly benefits them and causing lost to the targeted company. Alibaba, Amazon are the famous virtual shopping for people nowadays. It does not only brought convenience, but also cheaper products to the consumer/buyer. What the attackers trying to do will be performing DDoS attack on the servers, making the servers unable to accessed by the users and hence, losing the benefits. This is said indirectly benefits to the attackers when the company server’s down does not bring any benefits to the attacker, but it is to those competitor of the same field. Maybe, the attackers were hired by those competitor. Through this, the attacker will be rewarded with some benefits.
A malware attack is a type of cyberattack in which malware or unwanted software that run activities on the your computer system without user’s permission. Most of the modern malware codes like ransomware, spyware, and adware are software programs that can spread to other computers and execute on their own. This is a type of software program used to steal the user’s information such as online banking logins, password, credit card numbers or intellectual properties from the internet. The malware program are separate into different types such as worm, viruses, Trojan horse, adware, spyware, ransomware, backdoor and others.
One of the most famous type in malware attack recently is ransomware attack. According to researchers from Malwarebytes, during Q1 2017 roughly 60% of malware attack were ransomware, with the rest being a mix of ad fraud malware . The objective for this type of attack is to extort money from the victim. This is often achieved by encrypting the user’s data with a password . To decrypt it ,the user need to paid the fee. Ransomeware attack can be design in more advanced technique called cryptoviral extortion, which encrypts the victim’s files in a way that makes them nearly impossible to recover without the decryption key.
996957620000This picture shows the malware distribution by type Q1 2017.
In May 2017, cybercriminals had launch a huge malware attack in the history called “WanaCrypt0r 2.0” or WannaCry which targeted computers running the Microsoft Windows operating system. More than 200,000 devices in 150 countries were affected, including hospitals, banks and major telecom industries. Cyber criminals are asking money of 300$ in the form of bitcoin currency in order to get access of your computer. If you don’t pay up, then after a week the hackers threaten you to permanently delete all your important data files. A report by Cybersecurity Ventures predicted that ransomware damage costs would exceed $5 billion in 2017.This attack was stopped within a few days after the Microsoft had released emergency patches, and the discovery of a kill switch that prevented infected computers from spreading WannaCry any further.
This picture shows WanaCrypt0r 2.0 ransomware provided by cybersecurity firm Symantec, in Mountain View, California, on May 15.
Another type of malware is adware. Adware is software design to display unwanted advertisements up on your screen or makes any alterations on the system or to the browser settings without permission. Adware can be automatically downloaded to your system while browsing any website. some of the typical sign of adware on you computer system are your web browser’s homepage has mysteriously changed without your permission and Website will links redirect to sites different from what you visit. Once adware perform on our device, it might carry out some sorts of unwanted tasks. The software’s functions may be designed to analyze the location and which website you visit, and then display ads related to the type of product or services there. One example of adware program is Premier Opinion. It develop by VoiceFive Inc used to hijack web browsers and displays ads and saving coupons. In addition, It helps publisher to make money from your clicks on promoted stuff. Hence premium opionion will steal and record the user information like user’s IP address, location , user name & password ,banking data and financial information. It will also disable antivirus and blocks Firewall security in order to run its. Premier Opinion cannot be simply uninstalled as any other program. To remove this program it required aknowledge IT sphere and takes time.
SQL INJECTION ATTACK
SQL injection is a type of code injection gimmick. It was considered as one of the top 10 web application vulnerabilities of 2007 and 2010. SQL injection is used by others to attack data-driven applications, in which sinister SQL statements are inserted into an entry field for execution. SQL injection must open up with a security vulnerability in an application’s software. SQL injection is well known as an attack vector for websites but also can be used to attack any type of SQL database. SQL injection attacks make attackers to fool the identity, distort with existing data, cause refusal issues such as voiding transactions or changing balances, allow the complete revelation of all data on the system, damage the data or make it otherwise unavailable, and become administrators of the database server.
According to the statistics we found, SQL injection attack was the most common attacks, it represented almost 1/3 of the total amount of attacks, as SQL injection is used to reach the sensitive information or run the OS commands for further penetration of the system.
Top 10 attacks on web applications
If the attacked companies were divided into government entities, financial services companies, IT companies, and educational institutions. We found that in half of the government attacks was to get access to the important data. This is why attacks were directed either against application users or at obtaining access to databases containing such information.
Top 5 attacks on government web applications
When targeting financial services companies, attackers’ main aim was generally to steal money. Most attacks tried to either get access to sensitive data or to get control over the server. In particular, the Path Traversal attack has the potential to lead to disclosure of such data as the server configuration, application source code, identifying information of OS users, and more. This data can then be used to further develop the attack. This attack is used rather frequently to assist in other, larger attacks, this is because this attack does not need much in the way of preparation.
Top 5 attacks on web applications of financial services companies
Attacks on IT companies are rather same, being dominated by SQL Injection and Cross-Site Scripting, which are the main attacks in sectors across the board. SQL Injection can, in addition to obtaining information, be used for other purposes such as defacing websites. Cross-Site Scripting can be used to infect user workstations with malware. Such incidents have a high reputation risk for IT companies, especially for those in the security field.
Top 5 attacks on web applications of IT companies
Attackers against educational institutions oftentimes are students themselves, whether trying to access data (most often, exams) or actively modify it (such as exam grades and scholarship lists). The most common attack in such cases is Cross-Site Request Forgery. With this technique, an attacker can create a special page that contains a request to a vulnerable application, the purpose of which is to perform actions with the authority of a legitimate user. However, the results in this category are vulnerable to statistical noise due to small sample size.
Top 5 attacks on web applications of educational institutions
To discuss about the impact of SQL injection attacks, we conclude that when an IT department found a huge spike in queries to its website and relevant error messages, they can correctly suspect it was the problem of an SQL injection attack. In such attack, an attacker sends deliberately malformed requests to a company’s website wish that the server will malfunction and either return non-public data in response to the request or grant the attacker deep, administrative access to the server. The main impact of the SQL injection attacks can be separated into different part. First will be in confidentiality, since SQL database generally contain the important data, loss of confidentiality is an often problem with SQL injection vulnerability. Second will be in authentication. If poor SQL commands are used for usernames and password checking, there would stand a chance for connecting to a system as another user with no previous username and password. Nevertheless, in authorization part, if the authorization information is held in a SQL database, it may be possible to change the data through the successful exploitation of SQL injection vulnerability. Lastly will be integrity, just as there stand a chance for others to read the sensitive data and may possible make changes or delete the information with SQL injection attack.