Attacks attacked as a target of opportunity.

Attacks are made against any
layer or any level of software virtually nowadays, from the network protocols
to the applications. Whenever an attacker finds something vulnerable in a
system, he exploits the weakness to attack a system or the application. This
can result in effects ranging from minor to severe depending on the attacker’s
intent. The attack may not be visible on the system that is attacked as the
attack is actually occurring in a different system, and the attacker
manipulates the data on the second system by attacking the first system. Most
of the organizations are being vulnerable to the potential cyber threats these
days and the rate has been increasing dramatically every year. An attack on a
computer can be because of two major reasons. It may be because it is
specifically targeted by the attacker or attacked as a target of opportunity.
In this paper, we discuss, study and classify these attacks and also discuss
some of the major malicious software like viruses, worms, trojans, adware and
the pornware that have made a forward step in the science of virology









Cyber attacks:

Attacks in
the cyber world had become a predominant threat to the world, these attacks can
be carried out against any layer or level of software, right from network
protocols to application. If a hacker finds the vulnerability the damage of the
attack depends on the intention of the attacker and the extent to which that
vulnerability would allow the attacker.

for the attack:

The reasons
for cyber-attacks could be classified into 2 major types, targeted and target
of opportunity. Targeted attacks are carried out by an individual or
organization by choosing its target and getting into the systems of the target
this kind of attacks are done because the attacker believes that he is doing
justice in the unjust systems.

example, Hacktivists hacking banks, to take money from the rich and distribute
among the masses or attacking the universities or educational institutions to
make information free, also few attacks the government websites of the rival
countries to steal any sensitive information that might help them to cause
chaos in the target country. Finally, few developed governments run some secret
organizations to maintain protect and exploit vulnerabilities of other

Some of the
popular attacks in this regard are Aaron H. Swartz attacking MIT systems to
download academic journal articles. The attack on Sony Pictures by Guardians of
Peace, alleged sponsor of this attack is North Korea, over an issue regarding
the release of a movie that portrayed a plot to assassin the leader of North
Korea. Stuxnet attack on PLCs (programmable logic controllers) which caused
substantial damage to Iran’s nuclear program.

The other
type of attack is exploiting target of opportunity. This type of attacks is
carried out by the individuals or organizations who learned about a
vulnerability and simply searches for anyone with that vulnerability and
exploit the target. For example, phishing pages which could record the
credentials of the victim. Exploiting credit card and user details dump of some
online websites. The recent Ransom ware attack called Wannacry is an example of
this type of attack.

targeted attacks are difficult to execute and needs lots of groundwork and
research about the victim whereas the target of opportunity attacks just need
an opportunity to find a victim, this type of attacks is everywhere on the
internet waiting for the prey to fall for the bait. This doesn’t mean that
target of opportunity doesn’t choose their victims rather they try to attack a
sector where the existing vulnerability is more profitable. This type of
attacks is because of vulnerabilities that have not been taken care of while
setting up the system security or not updating security patches from time to
time or lack of awareness about threats in the cyber world.

involved in a cyber attack:

Hackers are
like robbers, they undergo a step by step process to perform an attack. These
are similar steps to those steps a security consultant performs during a
penetration test. The most common steps a hacker uses are listed below:

1.     Profiling
(known as reconnaissance)

2.     Scanning

3.     Researching

4.     Executing
the attack


is the most crucial step in the process as the name suggests it is all about
the collection of as much as information possible about an organization.
Gathering information can be done in many ways such as going through the
organization’s website, advertisements by the company, by getting hands-on
different financial reports of a company available at EDGAR site, this
information will let the hacker to get an idea of what he is trying to exploit
and this information is very useful for social engineering attacks.

for some networking related information attacker can simply use to
know almost everything about a network setup of the website of the
organization, such as IP address, phone numbers, names of important people. If
the website is hosted on the office servers then the attacker is already having
the organization’s IP address, which holds the data of internet service
providers and etc., this part will be discussed in the scanning step. Some of
the domain registrars are offering a privacy to the domain owner over few extra
bucks, which is proven to be useful to prevent such data loss.


 The technical part of the attack starts from
this step. As mentioned in the previous step from the IP address one can figure
out the ISP of the organization and can start from exploiting the open nodes on
the service provider’s end or the attacker could start in a traditional way
using ping sweep, In this step hacker sends a ping to the target machine to
make sure that the machine is reachable. Once the attacker gets the positive
response, then he starts performing ports scan to identify which ports are open
on the target machine. The program nmap is used as the default standard for
ping sweep and port scans. nmap -sv command will perform a banner grab to
determine the version of software behind open ports.

By knowing
the OS of the target machine, along with the specific application programs, the
attacker can have an idea of the software that can be used to exploit the
target machine. After the ping sweep, various techniques can be used to send
specially formatted packets to the ports of target machine to view and study
the response.  The way the target machine
responding to different packets will let an attacker learn about the operating
system and list of specific applications on the target system.


getting hands-on the list of applications and the operating system running on
the target machine, the hacker will start researching the vulnerabilities of
the applications on the target system. Some of the websites have the details
about the vulnerabilities of the applications and OS so that the administrators
can know about the vulnerabilities and fix them, some websites along with the
information, they provide the tools to exploit the target machine.

With the
details of the known vulnerabilities attacker starts to attack the target
machine with the newly acquired information and tools to exploit. If the
administrator of the target machine has patched up the security of a
vulnerability, the attacker would simply try to exploit another vulnerability
that is listed. In case if the administrator has a patch to all the security
issues the attacker may use brute force to test the combinations of ID and
password this process is a time taking and unfortunately, this attack which
could be prevented, sometimes proven successful. Along with this in this
process attacker may send malware emails to the employees to collect all the
possible sensitive data to execute the attack.

the attack:

As the
attacker now has all the information he needed to know and has set up his web.
Now, the attacker is all set to make his attack. The execution of attack may
result in many different outcomes, like the system may crash or the data theft
of the users or defacing the website. Usually, hackers would create some user
accounts with admin privileges so that they can have the access to the victim’s
machine even after the attack is patched.

The extent
of the severity of the attack is totally depended on the objective of the
attacker, if the objective is activism, the attack will be completed by defacing
the website. If the objective is much sinister, such as theft of user data and
gaining access to payment details of the users. The attacker may leave some
nodes open to gain access in the future. The objective of a hacker guide his

the effects of cyber attacks:

Since no
system is safe these days, the administrator should be really careful and fix
all the possible information leaking sources starting right from not disclosing
the private information of the organization and its computing resources.
Because hacker is after the information, don’t make it easily available.

The next
step is to fix all the security patches of the applications and the OS. Almost
all the viruses, malware or malicious software existing only exploit the known
vulnerabilities fixing up this patches for the services running on the machine
could prevent most of the possible attacks. The final step is to limit the
number of services to those that are absolutely necessary, by this one can
limit the possible avenues of attack and also reduce the number of services
that are to be patched. Security patches should be updated from time to time so
that update attacks could be prevented.