Access attacks require some sort of intrusion capability. These can consist of anything as simple as gaining an account holder’s credentials to plugging foreign hardware directly into the network infrastructure. They usually happen when Reconnaissance Attacks have already performed by the hacker/attacker.
General Distinction of Access Attacks
A. Logical access attacks like exploitation through brute force attacks or testing passwords on the net by rainbow tables or dictionary attacks tend to create a ton of traffic on the network and can be easily spotted by even a lower experienced level network monitor. It is for this reason that most of the logical access attacks are usually put forward after enough reconnaissance or credentials have been obtained. There is also a tendency to lean on the passive side of attacking like man in the middle attacks to try to gather more information before becoming overly suspicious.
B. Physical access is really either access to the hardware or access to the people. Social engineering is very dangerous and hard to defend against simply because your users are usually the weakest link in cybersecurity. The easiest type of social engineering attack involves sending out phishing emails designed to hook someone that way or getting a key logger on a person inside’s computer to gain credentials that may escalate privileges of the attacker. Even the best of cybersecurity can fall subject to these types of attacks simply because they play on humanity as it exists, and we are not perfect beings as we make humanly mistakes.
There are several common types of access attacks:
-
Password attack
Threat actors attempt to discover critical system passwords using various methods such as phishing attacks, dictionary attacks, brute-force attacks, network sniffing, or social engineering techniques. Brute-force password attacks involve repeated attempts using tools such as Ophcrack, L0phtCrack, THC Hydra, RainbowCrack, and Medusa.Pass-The-Hash
-
Pass-The-Hash
The threat actor already has access to the user’s machine and uses malware to gain access to the stored password hashes. The threat actor then uses the hashes to authenticate to other remote servers or devices without using brute force.
-
Trust Exploitation
Threat actors use a trusted host to gain access to network resources. For example, an external host that accesses an internal network over VPN is trusted. If that host is attacked, the attacker may use the trusted host to gain access to the internal network.
-
Port Redirection
This is when a threat actor uses a compromised system as a base for attacks against other targets.
-
Man-in-the-middle attack
The threat actor is positioned in between two legitimate entities in order to read, modify, or redirect the data that passes between the two parties.
-
IP, MAC, DHCP Spoofing
Spoofing attacks are attacks in which one device attempts to pose as another by falsifying address data. There are multiple types of spoofing attacks. For example, MAC address spoofing occurs when one computer accepts data packets based on the MAC address of another computer that is the actual destination for the data.
What is the solution?
These type of attacks really come down to network hardening. Most companies are limited to the capabilities of their equipment, so if your Cisco router is vulnerable to attack, then the best course of action is to know that attack, look for it and set rules on your network IDS/IPS for it.
Update often and regularly. This cannot be stressed enough in the computer industry.
Additional steps include monitoring the probing from any recently recognized reconnaissance attacks. If hackers are researching you, there is a greater possibility of future attack attempts.
Again, bring in outsourced teams to test and audit current security standings, if you don't have right team setup within.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM