Professional Documents
Culture Documents
Cause of Blackout:
Blackouts can have serious consequences, including loss of data, financial losses,
interrupted services, and damage to a company's reputation. Organizations typically
implement various preventive measures, such as firewalls, antivirus software,
intrusion detection systems, redundancy plans, and disaster recovery procedures, to
minimize the risk of blackouts and mitigate their impact if they occur.
Controlling methods:
1. Implement robust cyber security measures: Enhance your network and system
security by utilizing firewalls, intrusion detection systems, antivirus software, and
regular security updates. This can help protect against cyber attacks that may cause
blackouts.
2. Distributed network architecture: Design your network in a way that distributes
resources across multiple locations or servers. This helps to prevent a single point of
failure and reduces the impact of a blackout.
3. Backup and redundancy: Regularly backup critical data and systems, and
maintain redundant systems or backup power sources. This ensures that if one system
fails or experiences a blackout, the backup can take over and keep essential services
running.
4. Uninterruptible Power Supply (UPS): Implement UPS systems that can provide
temporary power during a blackout or power failure. This allows time for systems to
be properly shut down or transitioned to backup power sources.
5. Conduct regular testing and maintenance: Regularly test and maintain your
systems, networks, and backup power sources to ensure they are functioning properly.
Identify and fix any vulnerabilities or weaknesses that could lead to blackouts.
6. Stay updated with security practices: Stay informed about the latest security
threats, best practices, and industry standards. Regularly review and update your
security policies and practices to stay ahead of new and emerging threats.
Dilla
University
College of Engineering and Technology
School of Computing and Informatics
Department of Computer Science
The software error focuses on buffers, which are sequential sections of computing memory that hold data
temporarily as it is transferred between locations. Also known as a buffer overrun, buffer overflow occurs
when the amount of data in the buffer exceeds its storage capacity. That extra data overflows into
adjacent memory locations and corrupts or overwrites the data in those locations
A buffer overflow attack typically involves violating programming languages and overwriting the bounds
of the buffers they exist on. Most buffer overflows are caused by the combination of manipulating
memory and mistaken assumptions around the composition or size of data.
3 Integer-based attack
In various programming languages, integers have a set amount of bits in memory. An integer overflow
attack is caused by an arithmetic overflow error, which occurs when the outcomes of an integer function
cannot be found in the allocated memory area.
For example, introducing additional code into a program could send it new instructions that give the
attacker access to the organization’s IT systems. In the event that an attacker knows a program’s memory
layout, they may be able to intentionally input data that cannot be stored by the buffer. This will enable
them to overwrite memory locations that store executable code and replace it with malicious code that
allows them to take control of the program.
Attackers use a buffer overflow to corrupt a web application’s execution stack, execute arbitrary code, and
take over a machine. Flaws in buffer overflows can exist in both application servers and web servers,
especially web applications that use libraries like graphics libraries. Buffer overflows can also exist in
custom web application codes. This is more likely because they are given less scrutiny by security teams
but are less likely to be discovered by hackers and more difficult to exploit.
1. System crashes: A buffer overflow attack will typically lead to the system crashing. It may also
result in a lack of availability and programs being put into an infinite loop.
2. Access control loss: A buffer overflow attack will often involve the use of arbitrary code, which is
often outside the scope of programs’ security policies.
3. Further security issues: When a buffer overflow attack results in arbitrary code execution, the
attacker may use it to exploit other vulnerabilities and subvert other security services.
How to Prevent
Buffer Overflows
Application developers can prevent buffer overflows by building security measures into their development
code, using programming languages that include built-in protection, and regularly testing code to detect
and fix errors.
Modern operating systems now deploy runtime protection that enables additional security against buffer
overflows. This includes common protection like:
1. Use a language that does not allow buffer overflows, such as Java or Python.
2. Use input validation and sanitization to ensure that user-supplied data does not exceed the
allocated memory space for a buffer.
3. Use secure coding practices, such as checking the bounds of arrays, to prevent overflows.
4. Use security tools like firewalls and intrusion detection systems to monitor for and prevent buffer
overflow attacks.
5. Keep systems and software up-to-date with the latest security patches and updates to prevent
exploitation of known vulnerabilities
A buffer overflow attack works when an attacker manipulates coding errors to overwrite computing
memory. They can then carry out malicious actions like stealing data and compromising systems.
Buffer overflow is a vulnerability because it overflows memory storage capacity, which overwrites memory
data.
Dilla University College of Engineering and
Technology School of Computing and Informatics
Department of Computer Science
Computer Security
DDoS ATTACK
Tomas Teshale RNS-2941/20
DDoS (Distributed Denial of Service) Attack
A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the regular
functioning of a network, service, or website by overwhelming it with a flood of internet traffic.
Multiple compromised devices, known as a botnet, are used in a coordinated effort to send a
massive volume of requests or data packets to the target system. This renders the target
system unable to respond to legitimate user requests.
The objective of a DDoS attack is to exhaust the target's network resources, such as bandwidth,
processing power, or memory, resulting in a disruption of its normal operation. This can cause
the target system to become slow, unresponsive, or completely unavailable to legitimate users.
Volume-based attacks: These attacks aim to overwhelm the target's network infrastructure by
flooding it with a high volume of traffic. Examples include UDP floods, ICMP floods, and DNS
amplification attacks.
TCP-based attacks: These attacks exploit vulnerabilities in the TCP protocol to exhaust system
resources. Examples include SYN floods, ACK floods, and TCP connection attacks.
Application layer attacks: These attacks target the application layer of the target system, aiming
to exhaust its resources or exploit vulnerabilities in specific applications. Examples include HTTP
floods, Slowloris attacks, and application-specific attacks.
To mitigate the impact of DDoS attacks, organizations employ various defense mechanisms,
such as traffic filtering, rate limiting, load balancing, and the use of specialized DDoS mitigation
services.
The main difference between a DDoS attack and a DoS (Denial of Service) attack lies in the
number of attacking sources involved. A DoS attack overwhelms a target system or network
with excessive traffic or requests from a single source or a small group of sources. On the other
hand, a DDoS attack utilizes a coordinated effort using multiple compromised devices, forming a
botnet, to launch the attack. This makes it more powerful and harder to defend against.
HTTP tunnel exploit
An HTTP tunnel exploit refers to a technique where an attacker uses HTTP (Hypertext Transfer
Protocol) to establish a covert communication channel or bypass network security measures.
HTTP tunneling is a method that allows the encapsulation of non-HTTP traffic within HTTP
packets. It is commonly used to bypass network restrictions or firewall rules that may block
certain protocols or traffic types. However, attackers can also exploit HTTP tunneling for
malicious purposes.
In an HTTP tunnel exploit, the attacker typically follows these steps:
1. Tunnel Creation: The attacker sets up an HTTP tunnel between their system and the
target network. This can be achieved by leveraging specific tunneling protocols or
manipulating existing HTTP traffic to create a hidden channel.
2. Data Encapsulation: The attacker encapsulates unauthorized or malicious data within
the HTTP tunnel. This can include traffic from other protocols like FTP, SSH, or even
custom protocols that are not typically allowed through network security controls.
3. Evasion of Detection: The encapsulated data is disguised to appear as legitimate HTTP
traffic. The attacker may use techniques such as payload encryption, encoding, or
obfuscation to avoid detection by network security devices.
4. Unauthorized Activities: Once the tunnel is established and the malicious traffic is
encapsulated, the attacker can carry out various unauthorized activities. This can include
data exfiltration, command and control communication for malware, bypassing network
restrictions, or gaining unauthorized access to systems.
HTTP tunnel exploits can pose significant security risks, including data breaches, unauthorized
access, malware distribution, evasion of security controls, or facilitating attacks like information
theft or denial-of-service.
To mitigate the risks associated with HTTP tunnel exploits, organizations should implement
security measures such as network monitoring, intrusion detection/prevention systems, traffic
analysis, and the use of security devices capable of inspecting and identifying anomalies in
HTTP traffic. Regular security assessments, patch management, and secure coding practices are
also important to prevent and detect these types of exploits.
LOGIC BOMB
A logic bomb refers to a type of malicious code or program that is designed to
execute a certain action when specific conditions are met. It is essentially a time
based or event-based trigger that causes the code to behave maliciously.
A logic bomb is usually inserted into a system or software by a person with
malicious intent, often an insider. Unlike viruses or worms, logic bombs are not
designed to spread themselves. Instead, they are intentionally hidden within
legitimate programs or software and remain dormant until the predefined
conditions are met.
Once the conditions are satisfied, the logic bomb may perform various harmful
actions, such as deleting files, altering data, or disrupting system operations.
These actions can have severe consequences, including data loss, system crashes,
or unauthorized access to sensitive information.
EX 1 A logic bomb is a programmer who embeds code within a system that will
trigger a harmful action on a specific date or when the programmer is no longer
employed.
Overall, logic bombs pose a significant threat to computer security and can have
severe consequences if triggered. Therefore, it is crucial to maintain a proactive
and robust security posture to prevent and detect such malicious code
The History of a logic bomb derives from the broader field of computer
programming and has a history spanning several decades. While the term "logic
bomb" was officially coined in the 1970s, the notion of code with malicious intent
reaches back further.
The rapid development and adoption of computer systems in the 1960s and 1970s
brought about an increased concern for data security. This led to the emergence
of individuals who sought to exploit vulnerabilities for personal gain, revenge, or
simple to prove their technical
One of the earliest known instances resembling a logic bomb occurred in 1969. As
part of the ARPANET project (a precursor to the internet), a researcher named
William W. Haven in advertently programmed a self-replicating and self-modifying
code segment. Although unintended, this incident demonstrated the potential
impact that malicious code could have on a system.
The term "logic bomb" was officially introduced in the early 1970s. The phrase
referred to a piece of code with a hidden, time-based trigger that would perform a
destructive action when a specific condition was met. These conditions could
include a predetermined date, a particular user action, or any other event
programmed into the logic bomb.
Throughout the 1980s and 1990s, several well-known incidents involving logic
bombs received significant attention. For example, as mentioned earlier,
programmer Richard Vickery planted a logic bomb in 1982 that triggered on his
birthday, causing data loss and system disruptions at Fidelity Investments.
Malware Attack
Any malicious software intended to harm or exploit any programmable device, service, or
network is referred to as malware. Cybercriminals typically use it to extract data they can use
against victims to their advantage in order to profit financially.
In simple words, malware is short for malicious software and refers to any software that is
designed to cause harm to computer systems, networks, or users. Malware is a program designed
to gain access to computer systems, generally for the benefit of some third party, without the
user’s permission..
Types of Malware
Viruses – A Virus is a malicious executable code attached to another executable file. The virus
spreads when an infected file is passed from system to system. Viruses can be harmless or they
can modify or delete data.
Worms – Worms replicate themselves on the system, attaching themselves to different files and
looking for pathways between computers, such as computer network that shares common file
storage areas. Worms usually slow down networks. A virus needs a host program to run but
worms can run by themselves. After a worm affects a host, it is able to spread very quickly over
the network.
Trojan horse – A Trojan horse is malware that carries out malicious operations under the
appearance of a desired operation such as playing an online game. A Trojan horse varies from a
virus because the Trojan binds itself to non-executable files, such as image files, and audio files.
Ransom ware – Ransom ware grasps a computer system or the data it contains until the victim
makes a payment. Ransom ware encrypts data in the computer with a key that is unknown to the
user. The user has to pay a ransom (price) to the criminals to retrieve data. Once the amount is
paid the victim can resume using his/her system
Spyware – Its purpose is to steal private information from a computer system for a third party.
Spyware collects information and sends it to the hacker.
What is teardrop?
In computer security, a "teardrop" refers to a type of Denial-of-Service (DoS) attack. This attack
involves sending fragmented packets to a target system or network, with manipulated packet
information that causes the target's operating system to incorrectly reassemble the packets. This
can lead to system crashes or freezes, resulting in denial of service to legitimate users.
a teardrop attack, the client sends an intentionally fragmented information packet to a target
device. Since the packets overlap, an error occurs when the device tries to reassemble the packet.
The attack takes advantage of that error to cause a fatal crash in the operating system or
application that handles the packet.
The teardrop attack is a type of denial-of-service (DoS) attack that exploits a vulnerability in the
way certain operating systems handle fragmented internet control message protocol (ICMP)
packets. The attack was first discovered and documented in 1997 by a researcher named Rain
Forest Puppy.
In a teardrop attack, the attacker sends a series of fragmented ICMP packets with overlapping
payloads to the target system. When the target system attempts to reassemble these packets, it
encounters a programming error that causes it to crash or become unresponsive. This can result
in a denial of service for legitimate users trying to access the targeted system or network.
The teardrop attack was particularly effective against older versions of the Windows operating
system, as well as some versions of the Linux kernel.
Scams and Phishing
Scams and Phishing
‣ Using social engineering to create a sense of urgency.
‣ cyber-attack that gathers sensitive information like login credentials, credit
card numbers, personal information, bank account numbers by masquerading
as a legitimate website or email.
‣ Once the victim opens a phishing email or text message and clicks the
malicious link, they are taken to a fake website that matches the legitimate
site.
Types of scams
Advance Fee Fraud: approach as a online make money.
Tech Support Scams: send virus as a antivirus.
Employment Scams: by offering fake job opportunity.
Phishing scam: close someone in any way to attack.
Types of Phishing:
1.Email phishing: attacker send deceptive emails that appear to be from a legitimate
source and typically contain links that lead to fake websites
designed to steal login credentials.
This is usually accomplished by flooding the targeted host or network with traffic until the target
can't respond or crashes. DoS attacks can last from a few hours to many months, costing companies
and consumers time and money while their resources and services are unavailable .
How Do DoS Attacks Work?
• A DoS attack is most commonly accomplished by flooding the
targeted host or network with illegitimate service requests. The
hallmark of these attacks is the use of a false IP address, which
prevents the server from authenticating the user. As the flood of bogus
requests are processed, the server is overwhelmed, which causes it to
slow and, at times, crash—at which point, access by legitimate users is
disrupted. In order for most DoS attacks to be successful, the
malicious actor must have more available bandwidth than the target.
Types of DoS Attacks
• There are two main types of DoS attacks:
Creation of trojan
Dropper : way of transfering to another computer
Wrapper : to bind into applications
Crypter : used to detect antivirus
How a Trojan horse works
Before a Trojan horse can infect a machine, the user must
download the server side of the malicious application.
The Trojan horse cannot manifest by itself. The executable
file must be implemented and the program must be installed
in order for the attack to be unleashed on the system.
Types of Trojan horse
There are different types of trojan horses some of them are:-
Backdoor Trojan: Gives attackers unauthorized access to the infected
system.
Downloader Trojan: Downloads and installs other malware onto the
infected system.
Remote Access Trojan (RAT): Allows remote control of the infected
system.
Ransom Trojan: it will block access to things such as your documents on
the device until a ransom is paid to the attacker
Banker Trojan: Designed to steal account data for credit and debit cards.
how to trojan got on our system ?
free software
file share
USB flash
Email Attachement
How to Prevent Trojan Horse Attacks
only download apps and software from official sources such as:-
app store and play store
Never open an email attachment from an unknown source
Install a good antivirus
Use strong, unique passwords.
How to know if you attack Trojan ?
Zeus
• It is estimated to have infected over 3.6 million computers in the
USA, including machines owned by NASA, Bank of America and the
US Department of Transportation.
ILOVEYOU
ILOVEYOU was a trojan released in 2000, which was used in the world’s
most damaging cyberattack, which caused $8.7 billion in global losses.
Stuxnet
• Stuxnet was a specialized Windows Trojan designed to attack
Industrial Control Systems (ICS). It was allegedly used to attack