CISM: Different Attack Methods

Alteration attack: In this type of attack, alteration or modification of the data or code is done without authorization. Cryptographic code is used to prevent alteration attacks.
Botnets: Botnets are compromised computers, also known as zombie computers. They are primarily used to run malicious software for distributed denial of service (DDoS) attacks, adware, or spam.
Buffer overflow: A buffer overflow is also known as a buffer overrun. They are normally due to a software coding error, which can be exploited by an attacker to gain unauthorized access to the system. A buffer overflow occurs when more data is fed to the buffer than it can handle and excess data overflows to adjacent storage. Due to this, the attacker gets an opportunity to manipulate the coding errors for malicious actions.
A major cause of buffer overflows is poor programming and coding practices.
Denial of service attack (DOS): In a DOS attack, a network or system is flooded with an enormous amount of traffic with an objective to shut down the network or the system.
Data diddling: In a data diddling attack, data is modified as it enters a computer system. This is done mostly by a data entry clerk or a computer virus.
Data is altered before computer security can protect the data.
Data diddling requires very limited technical knowledge.
Apparently, there are no preventive controls for data diddling, and as a result, organizations need to rely on compensatory controls.
Dumpster diving: In a dumpster diving attack, an attempt is made to retrieve confidential information from the trash or a garbage bin. To address the risk of dumpster diving, employees should be made aware of this kind of risk by way of frequent security awareness training.
A document discarding policy should be in place that defines the appropriate method of discarding various types of information. One example is the use of shredders to destroy documents. The following illustration indicates a dumpster diving attempt:
War dialing: War dialing is a technique in which tools are used to automatically scan lists of telephone numbers to determine the details of computers, modems, and other machines.
War driving: In a war driving attack, attempts are made to locate and get unauthored access to wireless networks with the use of specialized tools.An intruder drives or walks around the building with specialized tools to identify unsecured networks.
The same technique is used by information security auditors to identify unsecured networks and thereby test the wireless security of an organization.
Eavesdropping: Through eavesdropping, an intruder gathers the information flowing in the network through unauthorized methods. Using different tools and techniques, sensitive information including emails, passwords, and even keystrokes can be captured by the intruder.
Email bombing: In this technique, attackers repeatedly send an identical email to a particular address.
Email spamming: In this attack, unsolicited emails are sent to thousands of users.
Email spoofing: In this attack, an email source is spoofed. It is often used to trick the user into giving out sensitive information.
Flooding: This is a type of DOS attack that brings down a network by flooding it with a huge amount of traffic, and the host's memory buffer cannot handle this traffic.
Interrupt attack: In this type of attack, the operating system is invoked to execute a particular task, thereby interrupting the ongoing task.
Juice jacking: In this type of attack, data is copied from a device attached to a charging port (frequently available in public places).Charging points double as a data connection point. The following figure indicates a juice jacking attempt:
Malicious codes:Trojan horse: In this attack, malicious software is disguised as some legitimate software. Once installed, it starts taking control of the system.
Logic bomb: A program is executed when a certain event happens. For example, a logic bomb can be set to delete files or a database at a future date.
Trap door: This is also known as back door. A back door is an unauthorized method to gain entry into a system or database.
Man-in-the-middle attack: In this attack, the attacker interferes while two devices are establishing a connection.Alternately, the attacker actively establishes a connection between two devices and pretends to each of them to be another device.
If In case any device asks for authentication, it sends a request to the other device, and then a response is sent to the first device.
Once a connection is established, the attacker can communicate and obtain information as they wish.
Masquerading: In this type of attack, an intruder hides their original identity and acts as someone else. This is done to access a system or data that is restricted.The impersonation can be by either a person or a machine.
Two-factor authentication requires the individual to authenticate themselves twice, which reduces the risk of a masquerading attack. It provides an additional security mechanism over and above passwords alone.
IP spoofing: In IP spoofing, a forged IP address is used to break a firewall.IP spoofing can be considered the masquerading of a machine.
Message modification: In this type of attack, a message is captured and altered, and deleted without authorization.These attacks can have a serious impact. For example, a modified message to a bank to make a payment.
Network analysis: In this type of attack, an intruder creates a repository of information about a particular organization's internal network, such as internal addresses, gateways, and firewalls.The intruder then determines what services and operating systems are running on the targeted system and how they can be exploited.
Packet replay: In this type of attack, an intruder captures the data packet as data moves along a vulnerable network.
Pharming: In this type of attack, the traffic of a website is redirected to a bogus website.This is done by exploiting a vulnerability in the DNS server.
Pharming is a major concern for e-commerce websites and online banking websites.
Piggybacking: In this type of attack, which refers to a physical security vulnerability, the intruder follows an authorized person through a secured door to gain unauthorized access.The following illustration indicates a piggybacking attempt.
Password sniffing: In a password sniffing attack, tools are used to listen to all the traffic in the network's TCP/IP packets and extract the usernames and passwords. This tool is known as a password sniffer. These passwords are then used to gain unauthorized access to the system.
Parameter tampering: The unauthorized modification of web application parameters with a malicious aim is known as parameter tampering. As the hidden files in the web page are not visible, a developer may feel safe to pass the data without proper validation. This creates a risk, as an intruder may intercept the hidden data and then modify the parameters for malicious purposes.
Privilege escalation: In a privilege escalation attack, high-level system authority is obtained by an employee through some unauthorized methods by exploiting security flaws.
Race condition: This is also known as a time of check (TOC) or time of use (TOU) attack.In this attack, an intruder exploits a small time window between the point in time a service is accessed and the point in time a security control is applied.
The longer the gap between the TOU and the time of service, the higher the chances are of race condition attacks being successful.
Salami: In this technique, a small amount of money is sliced from a computerized transaction and transferred to unauthorized accounts.
Social engineering: In a social engineering attack, an attempt is made to obtain sensitive information from users by tricking and manipulating people.In social engineering attacks, the attacker does not require any technical tools and techniques to obtain information.
Social engineering is generally conducted through dialogue, interviews, inquiries, and other social methods of interaction.
The objective of social engineering is to exploit human nature and weaknesses for obtaining critical and sensitive information. B. implementing adequate and effective security awareness training, the consequences of social engineering attacks can be minimized.
Shoulder surfing: In shoulder surfing attacks, an intruder or a camera captures sensitive information by looking over the shoulder of the user entering their details, which are visible on the computer screen. Passwords entered should be masked on the computer screen to prevent shoulder surfing attacks. The following figure illustrates a shoulder surfing attack:
Traffic analysis: In this attack, communication patterns between entities are studied and information is deduced.
Virus: A virus is a type of malicious code that can self-replicate and spread from computer to computer. A virus can take control of a user's computer and can delete or alter sensitive files. It can also disrupt system functioning.
Worms: Worms are destructive programs that can destroy sensitive data. However, worms do not replicate like a virus.
Biometric attacks: Replay attack: In replay attacks, the attacker makes use of residual biometric characteristics (such as fingerprints left on a biometric device) to gain unauthorized access.
Brute force attack: In brute force attacks, the attacker sends numerous biometric samples to a biometric device with an objective of making it malfunction.
Cryptographic attack: In cryptographic attacks, the attacker attempts to obtain information by targeting algorithms or the encrypted information that is transmitted between a biometric device and an access control system.
Mimic attack: In a mimic attack, the attacker attempts to reproduce fake biometric features of a genuine biometric user. For example, imitating the voice of an enrolled user.

You should also understand the difference between active and passive attacks. A passive attack is an attack in which only information is captured but does not modify, insert, or delete the data traffic. Examples of passive attacks include traffic analysis, network analysis, and eavesdropping. In an active attack, damage is done by modifying or deleting the data.