Types of Cyberattack, Specific Risks and How to Mitigate those Risks

What is it? File Transfer Protocol (FTP), first introduced in 1971, is one of the oldest Internet protocols. It is used to transfer files from one computer to another on a network. FTP uses ports 20 and 21. FTP does not encrypt file transfers OR login credentials....

What is it? Secure Sockets Layer (SSL), and the more modern Transport Layer Security (TLS) are encryption/decryption techniques used by computers when transferring data; https ("hypertext transfer protocol secure") web sites use this technology. There are several...

What is it? A blocklist (sometimes still referred to as a "blacklist") is a list of Internet addresses and domain names that have been reported as sending out unsolicited advertising (aka "spam"), distributing malware, hosting botnets, hosting phishing websites, etc....

A botnet is a network of infected computers that can be controlled remotely, forcing them to send spam, spread viruses, or stage DDoS (distributed denial of service) attacks. A Botnet Drone is a type of software that connects your device to a botnet.

Source: Avast.com

What is it? The Domain Name System (DNS) is a decentralized naming system for computers and other network resources. A computer uses DNS to translate an Uniform Resource Locator (URL, like www.google.com) to an Internet Protocol (IP, like 142.250.69.206) address. It's...

The remote NTP server responds to mode 6 queries (Mode 6 is the recommended protocol used to get status information from a running ntpd to configure some of its behaviors on the fly). Devices that respond to these queries have the potential to be used in NTP amplification attacks. An attacker sends a massive amount of mode 6 messages to a huge number of recipient servers or clients in your organization. A remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause a reflected denial of service condition. Reflection Denial of Service attacks makes use of a third party component to send the attack traffic to a victim, ultimately hiding the attackers’ own identity. The attackers send packets to the reflector servers with a source IP address set to their victim’s IP, indirectly overwhelming the victim with the response packets.

Sources: www.netsecaddict.com; www.security.radware.com

An SNMP attack is a type of Distributed Denial of Service (DDoS) attack.

Instead of Domain Name Servers (DNS), SNMP attacks use the Simple Network Management Protocol (SNMP) – a common network management protocol used for configuring and collecting information from network devices like servers, hubs, switches, routers and printers.

SNMP attacks can generate attack volumes of hundreds of gigabits per second, which can be directed at targets from multiple broadband networks. Attacks are sometimes hours in duration and are highly disruptive to targets. SNMP attacks elicit a flood of responses to a single spoofed IP address. During an attack, the perpetrator sends out a large number of SNMP queries with a forged IP address (the victim’s) to numerous connected devices that, in turn, reply to that forged address. The attack volume grows as more and more devices continue to reply, until the target network is brought down under the collective volume of these SNMP responses.

Source: www.imperva.com

What is it? Remote Desktop Protocol (RDP) allows a remote computer to take control of a computer in your network. RDP comes pre-installed for Microsoft Windows but can also be used with Apple OSX computers. RDP is used by many to work-from-home; it's also used by IT...

What is it? Simple Service Discovery Protocol (SSDP) is used to discover what devices (and their capabilities) are available in a local area network. It is the basis of Universal Plug and Play (UPnP) devices like printers and scanners but it also helps locate network...

What is it? The Domain Name System (DNS) is a network of computers that convert web addresses like "google.com" into Internet Protocol (IP) addresses like 192.168.0.1. The client computer connects to a DNS server and asks for the IP address of "google.com" and gets an...