Welcome to “Security Threats: Threat Types.” After watching this video, you will be able to: list the types of impersonation, explain password cracking, and identify a DoS attack. Impersonation is when a hacker sets up a public wifi network that seems legitimate. Once a user connects, login credentials, session information, and PII can be intercepted. Another type of impersonation is when a hacker sets up a fake website that looks and feels exactly like a real website, such as a well-known bank or other high-profile site. They may send fake email or text links (known as phishing) to trick you into visiting the fake site so they can steal your credentials to the real site and install malware on your device. A third type of impersonation is when a hacker pretends to be someone else so they can steal data or take over systems. This is also called social engineering. Impersonation attacks can be used individually or in combination with each other. Hackers use snooping attacks to intercept data between devices. These attacks can reveal logins, credit card numbers, intellectual property, and more. Snooping attack types include: eavesdropping, man-in-the-middle, and replay. Some hackers can even use a computer monitor’s electromagnetic fields to reconstruct what it displays. Snooping is common on open, unsecured networks and can be difficult to trace. Eavesdropping (or packet-sniffing) attacks occur on wireless, wired, and phone connections. A packet sniffer is a tool that intercepts everything transmitted on a network. Anything your device sends on an unencrypted network can be viewed with a packet sniffer. This allows hackers an opportunity to intercept, alter, or delete data transmitted between devices. If a network is encrypted, packet sniffers will only be able to see things like the origin and destination of a packet, but not the data inside it. Staying off public wifi or using encryption with a VPN or cellular connection helps prevent eavesdropping attacks. A man-in-the-middle attack is a form of eavesdropping. It has a victim, a receipt point, and an attacker. The victim and receipt point are unaware the attacker is listening in. Man-in-the-middle attacks can be physical or logical. In a physical man-in-the-middle attack, the attacker is physically near the victim, like the same public wifi network, or a network they set up themselves as a trap. The attacker sniffs the unencrypted network traffic to gain access to everything the victim is doing online so they can steal information. In a logical man-in-the-middle attack, the attacker sends emails or texts with fake links that direct victims to sites that steal their data and install malware. If a fake email warned about a bank account problem, the victim might click the link and try to log in. This gives the attacker control of their bank account and installs malware on the victim’s computer. Other man-in-the-middle attacks include spoofing, hijacking, and theft of browser cookies. A replay attack is a type of man-in-the-middle attack which intercepts and retransmits data. Replay attacks are also known as repeat or playback attacks. Replay attacks involve “trusted entities” and require an “access token.” Trusted entities are users or websites that get an access token (or security key) after verifying that they are who they say they are. For example, connecting to your bank or your work network on a network-registered device. Hackers get access tokens by sniffing network traffic between trusted entities. Once they find an access token, they can hijack the session and use the token to impersonate the trusted entities. After that, the hacker can intercept and modify any information sent or access private accounts as if they were the account holder. Password cracking is getting a correct password in an unauthorized way. Brute force attacks submit as many passwords as possible hoping one will work. Dictionary attacks use words pulled from dictionaries or newspapers to crack passwords, and rainbow attacks use words from an original password hash to generate all other possible passwords. Hashing is when an algorithm transforms an input string (like your password) into a smaller, fixed-length output string (or hash) that's saved to a file. A hash is like a digital fingerprint. Passwords are hashed with a scrambling algorithm. If a password hash is determined, attackers can use it to determine other passwords that were scrambled in the same way—that can be over 90% of unknown passwords in some cases. Unauthorized information alteration threatens the integrity of any process or outcome based on that information, including: financial records, vote totals, health records, news stories, and more. Tools that fight unauthorized information alteration include: File integrity monitoring (or FIM), which audits sensitive files and folders to ensure all activity is authorized. And relational database management systems (or RDBMSs). An RDBMS is a database that records user access and data changes. RDBMS is safer than a spreadsheet program. To preserve data integrity, security plans must: prevent unauthorized user access, prevent unauthorized data changes by authorized users, and use error checking and data validation. A denial of service (or DoS) attack floods a network with so much traffic that it crashes. DoS attack victims are typically high-profile, like government sites, banks, or social media sites. Sometimes, DoS attacks are used to distract from other attacks happening at the same time. Common DoS attack types include: Buffer overflow: when a website gets more Internet traffic than it can handle ICMP flood: when diagnostic pings are sent to every computer on a network. Each computer pings every other computer and so on until the network crashes And SYN flood: when a rapid series of incomplete connection requests floods a website until the server crashes A Distributed Denial of Service (or DDoS) attack is when a DoS attack is made with a large collection of compromised, malware-infected computers known as a botnet. DDoS attacks give attackers the following advantages: It's harder to identify a DDoS attack’s origin, which makes it harder to shut down and DDoS attacks are far more devastating than DoS attacks since hundreds or thousands of computers are used instead of just one. There are methods available to defend against DoS and DDoS, but they continue to be a real threat. In this video, you learned that: Impersonation includes public wifi traps, fake sites, and social engineering. Eavesdropping is also called “packet-sniffing.” Man-in-the-middle attacks can be physical or logical. Replay attacks require trusted entity access tokens. A hash is a smaller saved code that is used to store scrambled passwords. To preserve data integrity, security plans must prevent unauthorized access and changes. DoS and DDoS attacks flood a network with so much traffic that it crashes.
