Types of Hacking

What is a phishing attack

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.
An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.
Moreover, phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT) event. In this latter scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.
An organization succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust. Depending on scope, a phishing attempt might escalate into a security incident from which a business will have a difficult time recovering.

Phishing attack examples

The following illustrates a common phishing scam attempt:

• A spoofed email ostensibly from myuniversity.edu is mass-distributed to as many faculty members as possible.
• The email claims that the user’s password is about to expire. Instructions are given to go to myuniversity.edu/renewal to renew their password within 24 hours.

Several things can occur by clicking the link. For example:

• The user is redirected to myuniversity.edurenewal.com, a bogus page appearing exactly like the real renewal page, where both new and existing passwords are requested. The attacker, monitoring the page, hijacks the original password to gain access to secured areas on the university network.
• The user is sent to the actual password renewal page. However, while being redirected, a malicious script activates in the background to hijack the user’s session cookie. This results in a reflected XSS attack, giving the perpetrator privileged access to the university network.

Phishing techniques

Email phishing scams

Email phishing is a numbers game. An attacker sending out thousands of fraudulent messages can net significant information and sums of money, even if only a small percentage of recipients fall for the scam. As seen above, there are some techniques attackers use to increase their success rates.
For one, they will go to great lengths in designing phishing messages to mimic actual emails from a spoofed organization. Using the same phrasing, typefaces, logos, and signatures makes the messages appear legitimate.
In addition, attackers will usually try to push users into action by creating a sense of urgency. For example, as previously shown, an email could threaten account expiration and place the recipient on a timer. Applying such pressure causes the user to be less diligent and more prone to error.
Lastly, links inside messages resemble their legitimate counterparts, but typically have a misspelled domain name or extra subdomains. In the above example, the myuniversity.edu/renewal URL was changed to myuniversity.edurenewal.com. Similarities between the two addresses offer the impression of a secure link, making the recipient less aware that an attack is taking place.

Spear phishing

Spear phishing targets a specific person or enterprise, as opposed to random application users. It’s a more in-depth version of phishing that requires special knowledge about an organization, including its power structure.
An attack might play out as follows:

1. A perpetrator researches names of employees within an organization’s marketing department and gains access to the latest project invoices.
2. Posing as the marketing director, the attacker emails a departmental project manager (PM) using a subject line that reads, Updated invoice for Q3 campaigns. The text, style, and included logo duplicate the organization’s standard email template.
3. A link in the email redirects to a password-protected internal document, which is in actuality a spoofed version of a stolen invoice.
4. The PM is requested to log in to view the document. The attacker steals his credentials, gaining full access to sensitive areas within the organization’s network.

By providing an attacker with valid login credentials, spear phishing is an effective method for executing the first stage of an APT.

How to prevent phishing ? :

Phishing attack protection requires steps be taken by both users and enterprises.
For users, vigilance is key. A spoofed message often contains subtle mistakes that expose its true identity. These can include spelling mistakes or changes to domain names, as seen in the earlier URL example. Users should also stop and think about why they’re even receiving such an email.
For enterprises, a number of steps can be taken to mitigate both phishing and spear phishing attacks:

• Two-factor authentication (2FA) is the most effective method for countering phishing attacks, as it adds an extra verification layer when logging in to sensitive applications. 2FA relies on users having two things: something they know, such as a password and user name, and something they have, such as their smartphones. Even when employees are compromised, 2FA prevents the use of their compromised credentials, since these alone are insufficient to gain entry.
• In addition to using 2FA, organizations should enforce strict password management policies. For example, employees should be required to frequently change their passwords and to not be allowed to reuse a password for multiple applications.
• Educational campaigns can also help diminish the threat of phishing attacks by enforcing secure practices, such as not clicking on external email links.

Virus Attack

A computer virus, much like a flu virus, is designed to spread from host to host and has the ability to replicate itself. Similarly, in the same way that flu viruses cannot reproduce without a host cell, computer viruses cannot reproduce and spread without programming such as a file or document.

In more technical terms, a computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in order to execute its code. In the process, a virus has the potential to cause unexpected or damaging effects, such as harming the system software by corrupting or destroying data.

How does a computer virus attack?

Once a virus has successfully attached to a program, file, or document, the virus will lie dormant until circumstances cause the computer or device to execute its code. In order for a virus to infect your computer, you have to run the infected program, which in turn causes the virus code to be executed.
This means that a virus can remain dormant on your computer, without showing major signs or symptoms. However, once the virus infects your computer, the virus can infect other computers on the same network. Stealing passwords or data, logging keystrokes, corrupting files, spamming your email contacts, and even taking over your machine are just some of the devastating and irritating things a virus can do.
While some viruses can be playful in intent and effect, others can have profound and damaging effects. This includes erasing data or causing permanent damage to your hard disk. Worse yet, some viruses are designed with financial gains in mind.

How do computer viruses spread?

In a constantly connected world, you can contract a computer virus in many ways, some more obvious than others. Viruses can be spread through email and text message attachments, Internet file downloads, and social media scam links. Your mobile devices and smartphones can become infected with mobile viruses through shady app downloads. Viruses can hide disguised as attachments of socially shareable content such as funny images, greeting cards, or audio and video files.
To avoid contact with a virus, it’s important to exercise caution when surfing the web, downloading files, and opening links or attachments. To help stay safe, never download text or email attachments that you’re not expecting, or files from websites you don’t trust.

What are the signs of a computer virus?

A computer virus attack can produce a variety of symptoms. Here are some of them:

• Frequent pop-up windows. Pop-ups might encourage you to visit unusual sites. Or they might prod you to download antivirus or other software programs.
• Changes to your homepage. Your usual homepage may change to another website, for instance. Plus, you may be unable to reset it.
• Mass emails being sent from your email account. A criminal may take control of your account or send emails in your name from another infected computer.
• Frequent crashes. A virus can inflict major damage on your hard drive. This may cause your device to freeze or crash. It may also prevent your device from coming back on.
• Unusually slow computer performance. A sudden change of processing speed could signal that your computer has a virus.
• Unknown programs that start up when you turn on your computer. You may become aware of the unfamiliar program when you start your computer. Or you might notice it by checking your computer’s list of active applications.
• Unusual activities like password changes. This could prevent you from logging into your computer.

How to help protect against computer viruses?

How can you help protect your devices against computer viruses? Here are some of the things you can do to help keep your computer safe.

• Use a trusted antivirus product, such as Norton AntiVirus Basic, and keep it updated with the latest virus definitions. Norton Security Premium offers additional protection for even more devices, plus backup.
• Avoid clicking on any pop-up advertisements.
• Always scan your email attachments before opening them.
• Always scan the files that you download using file sharing programs.

What are the different types of computer viruses?

    1. Boot sector virus

This type of virus can take control when you start — or boot — your computer. One way it can spread is by plugging an infected USB drive into your computer.
2. Web scripting virus
This type of virus exploits the code of web browsers and web pages. If you access such a web page, the virus can infect your computer.


3. Browser hijacker

This type of virus “hijacks” certain web browser functions, and you may be automatically directed to an unintended website.


4. Resident virus

This is a general term for any virus that inserts itself in a computer system’s memory. A resident virus can execute anytime when an operating system loads.


5. Direct action virus

This type of virus comes into action when you execute a file containing a virus. Otherwise, it remains dormant.


6. Polymorphic virus

A polymorphic virus changes its code each time an infected file is executed. It does this to evade antivirus programs.


7. File infector virus

This common virus inserts malicious code into executable files — files used to perform certain functions or operations on a system.


8. Multipartite virus

This kind of virus infects and spreads in multiple ways. It can infect both program files and system sectors.


9. Macro virus

Macro viruses are written in the same macro language used for software applications. Such viruses spread when you open an infected document, often through email attachments.

How to remove computer viruses ?:

You can take two approaches to removing a computer virus. One is the manual do-it-yourself approach. The other is by enlisting the help of a reputable antivirus program.
Want to do it yourself? There can be a lot of variables when it comes to removing a computer virus. This process usually begins by doing a web search. You may be asked to perform a long list of steps. You’ll need time and probably some expertise to complete the process.
If you prefer a simpler approach, you can usually remove a computer virus by using an antivirus software program. For instance, Norton AntiVirus Basic can remove many infections that are on your computer. The product can also help protect you from future threats.
Separately, Norton also offers a free, three-step virus clean-up plan. Here’s how it works.

1. Run a free Norton Security Scan to check for viruses and malware on your devices. Note: It does not run on Mac OS.
2. Use Norton Power Eraser’s free virus and malware removal tool to destroy existing viruses. Need help? A Norton tech can assist by remotely accessing your computer to track down and eliminate most viruses.
3. Install up-to-date security software to help prevent future malware and virus threats.

Clickjacking or UI redress

Clickjacking or UI redress attack is an attack in which the attackers uses an opaque or transparent layer on webpage to trick a user into clicking on a malicious link or button unknowingly, And thus, the attackers hijacks a click of the users and redirects the users to a different malicious page.

How does clickjacking works?

Clickjacking can be done in different ways.

• Sometimes an attacker deceives a user into clicking on a like button or posting an update on social networking website, I think most of us have seen this type of clickjacking on popular social networking websites.This types of clickjacking is also called as likejacking.
• Sometimes the attacker hijacked the cursor of user and makes the cursor pointer to a locationd from where the user perceive it to lead . This type of clickjacking is also called as cursorjacking.
• Sometimes password manager fail to protect against iFrame and redirection  based attacks and they exposed unwanted password.
• Sometimes unwanted advertisement get displayed on top of an email inbox, advertising free iPad, for example. When user click on the malicious ad. an iframe load that can do malicious activities like deleting all messages etc.
• sometimes the attacker load a webpage into a invisible iframe and tricks the user into changing the security setting of some  softwares like flash player so that microphone,camera can be exploited etc.
• Many a time user prefer to keep logged in e-commerce website. An attackers trick the user into clicking on a social media like button & load the e-commerce website in a transparent iframe. As a result, when the user click on the like button, some expensive atoms may get bought from the e-commerce website using the user's credit card.

How to prevent UI redress attacks ?

We can take a couple of steps to prevent this attacks..

• Some browsers addons like Noscript can prevent users from clicking on invisible page elements. Here is a comprehensive guide on increasing the security and privacy of browsers.
• Some commercial products like GuardedID can make all frame on the page visible and protect against these attacks.
• In some secured web browsers like Gazelle,a window of different origin can only draw dynamic contents over another Window's screen space it the content it draws is opaque. And thusdthus,it can protect users from clicking on something unknowingly.
• Web site owners can include frame killer JavaScript snippet in web page to prevent inside frames from different sources .
• HTTP headers like X-frame-options are adopted by many web browsers and they can prevent clickjacking partially.
• The frame-ancestors directory of content-security-policy can prevent potentially hostile pages using iframe object etc and prevent clickjacking.

DNS Spoofing

DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer (or any other computer).

DNS spoofing is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.

One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server. In 2010, a DNS poisoning event resulted in the Great Firewall of China temporarily escaping China’s national borders, censoring the Internet in the USA until the problem was fixed.

How DNS Works ?

Whenever your computer contacts a domain name like “google.com,” it must first contact its DNS server. The DNS server responds with one or more IP addresses where your computer can reach google.com. Your computer then connects directly to that numerical IP address. DNS converts human-readable addresses like “google.com” to computer-readable IP addresses like “173.194.67.102”.

DNS Caching

The Internet doesn’t just have a single DNS server, as that would be extremely inefficient. Your Internet service provider runs its own DNS servers, which cache information from other DNS servers. Your home router functions as a DNS server, which caches information from your ISP’s DNS servers. Your computer has a local DNS cache, so it can quickly refer to DNS lookups it’s already performed rather than performing a DNS lookup over and over again.

DNS Cache Poisoning

A DNS cache can become poisoned if it contains an incorrect entry. For example, if an attacker gets control of a DNS server and changes some of the information on it — for example, they could say that google.com actually points to an IP address the attacker owns — that DNS server would tell its users to look for Google.com at the wrong address. The attacker’s address could contain some sort of malicious phishing website
DNS poisoning like this can also spread. For example, if various Internet service providers are getting their DNS information from the compromised server, the poisoned DNS entry will spread to the Internet service providers and be cached there. It will then spread to home routers and the DNS caches on computers as they look up the DNS entry, receive the incorrect response, and store it.

Normally, a networked computer uses a DNS server provided by an Internet service provider (ISP) or the computer user's organization. DNS servers are used in an organization's network to improve resolution response performance by caching previously obtained query results. Poisoning attacks on a single DNS server can affect the users serviced directly by the compromised server or those serviced indirectly by its downstream server(s) if applicable.
To perform a cache poisoning attack, the attacker exploits flaws in the DNS software. A server should correctly validate DNS responses to ensure that they are from an authoritative source (for example by using DNSSEC); otherwise the server might end up caching the incorrect entries locally and serve them to other users that make the same request.
This attack can be used to redirect users from a website to another site of the attacker's choosing. For example, an  attacker spoofs the IP address DNS entries for a target website on a given DNS server and replaces them with the IP address of a server under their control. The attacker then creates files on the server under their control with names matching those on the target server. These files usually contain malicious  content, such as computer worms or viruses. A user whose computer has referenced the poisoned DNS server gets tricked into accepting content coming from a non-authentic server and unknowingly downloads the malicious content. This technique can also be used for phishing attacks, where a fake version of a genuine website is created to gather personal details such as bank and credit/debit card details.

The Great Firewall of China Spreads to the US

This isn’t just a theoretical problem — it has happened in the real world on a large scale. One of the ways China’s Great Firewall works is through blocking at the DNS level. For example, a website blocked in China, such as twitter.com, may have its DNS records pointed at an incorrect address on DNS servers in China. This would result in Twitter being inaccessible through normal means. Think of this as China intentionally poisoning its own DNS server caches.
In 2010, an Internet service provider outside of China mistakenly configured its DNS servers to fetch information from DNS servers in China. It fetched the incorrect DNS records from China and cached them on its own DNS servers. Other Internet service providers fetched DNS information from that Internet service provider and used it on their DNS servers. The poisoned DNS entries continued to spread until some people in the US were blocked from accessing Twitter, Facebook, and YouTube on their American Internet service providers. The Great Firewall of China had “leaked” outside of its national borders, preventing people from elsewhere in the world from accessing these websites. This essentially functioned as a large-scale DNS poisoning attack. (source.)

Prevention and mitigation

The real reason DNS cache poisoning is such a problem is because there’s no real way of determining whether DNS responses you receive are actually legitimate or whether they’ve been manipulated.

The long-term solution to DNS cache poisoning is DNSSEC. DNSSEC will allow organizations to sign their DNS records using public-key cryptography, ensuring that your computer will know whether a DNS record should be trusted or whether it’s been poisoned and redirects to an incorrect location.

Many cache poisoning attacks against DNS servers can be prevented by being less trusting of the information passed to them by other DNS servers, and ignoring any DNS records passed back which are not directly relevant to the query. For example, versions of BIND 9.5.0-P1 and above perform these checks.Source port randomization for DNS requests, combined with the use of cryptographically secure random numbers for selecting both the source port and the 16-bi cryptographic nonce, can greatly reduce the probability of successful DNS race attacks.