Threat Attack Vulnerability, and Risk

Brute Force Attack

What is Spoofing in Cyber Security?
IP Spoofing

Difference between Threat and Attack

Birthday attack in Cryptography

What is a Dictionary Attack?

What is FTP Spoofing Attack?

Different Types of Threat to E-Commerce

Zero-day Exploit (Cyber Security Attack)

Difference Between Threat, Vulnerability and Risk in Computer Network

The Threat, Vulnerability, and Risk these terms are interrelated but not the same. In this article, we are going to
discuss the difference between them and how they are related to each other.

Threat
A cyber threat is a malicious act that seeks to steal or damage data or discompose the digital network or system.
Threats can also be defined as the possibility of a successful cyber attack to get access to the sensitive data of a
system unethically. Examples of threats include computer viruses, Denial of Service (DoS) attacks, data breaches,
and even sometimes dishonest employees.

Types of Threat

Threats could be of three types, which are as follows:

1. Intentional- Malware, phishing, and accessing someone’s account illegally, etc. are examples of intentional
threats.

2. Unintentional- Unintentional threats are considered human errors, for example, forgetting to update the
firewall or the anti-virus could make the system more vulnerable.

3. Natural- Natural disasters can also damage the data, they are known as natural threats.

Vulnerability:
In cybersecurity, a vulnerability is a flaw in a system’s design, security procedures, internal controls, etc., that can be
exploited by cybercriminals. In some very rare cases, cyber vulnerabilities are created as a result of cyberattacks, not
because of network misconfigurations. Even it can be caused if any employee anyhow downloads a virus or a social
engineering attack.

Types of Vulnerability

Vulnerabilities could be of many types, based on different criteria, some of them are:

1. Network- Network vulnerability is caused when there are some flaws in the network’s hardware or software.
 2. Operating system- When an operating system designer designs an operating system with a policy that grants
every program/user to have full access to the computer, it allows viruses and malware to make changes on
behalf of the administrator.

3. Human- Users’ negligence can cause vulnerabilities in the system.

4. Process- Specific process control can also cause vulnerabilities in the system.

Risk:

Cyber risk is a potential consequence of the loss or damage of assets or data caused by a cyber threat. Risk can never
be completely removed, but it can be managed to a level that satisfies an organization’s tolerance for risk. So, our
target is not to have a risk-free system, but to keep the risk as low as possible.
Cyber risks can be defined with this simple formula- Risk = Threat + Vulnerability. Cyber risks are generally
determined by examining the threat actor and type of vulnerabilities that the system has.

Types of Risks

There are two types of cyber risks, which are as follows:

1. External- External cyber risks are those which come from outside an organization, such as cyberattacks, phishing,
ransomware, DDoS attacks, etc.

2. Internal- Internal cyber risks come from insiders. These insiders could have malicious intent or are just not be
properly trained.

Difference Between Threat, Vulnerability, and Risk

Threat Vulnerability Risks

Take advantage of
Known as the weakness in
vulnerabilities in the
hardware, software, or designs, The potential for loss or destruction of data is
system and have the
which might allow cyber threats caused by cyber threats.
potential to steal and
to happen.
1. damage data.

Generally, can’t be
Can be controlled. Can be controlled.
2. controlled.

It may or may not be

Generally, unintentional. Always intentional.
3. intentional.

Vulnerability management is a Reducing data transfers, downloading files

Can be blocked by process of identifying the from reliable sources, updating the software
managing the problems, then categorizing regularly, hiring a professional cybersecurity
vulnerabilities. them, prioritizing them, and team to monitor data, developing an incident
4.
resolving the vulnerabilities in management plan, etc. help to lower down
 Threat Vulnerability Risks

that order. the possibility of cyber risks.

Can be detected by identifying mysterious

Can be detected by anti- Can be detected by penetration
emails, suspicious pop-ups, observing unusual
virus software and threat testing hardware and many
password activities, a slower than normal
detection logs. vulnerability scanners.
5. network, etc.

Brute force attack

A Brute force attack is a well known breaking technique, by certain records, brute force attacks represented five
percent of affirmed security ruptures. A brute force attack includes ‘speculating’ username and passwords to
increase unapproved access to a framework. Brute force is a straightforward attack strategy and has a high
achievement rate.

A few attackers use applications and contents as brute force devices. These instruments evaluate various secret
word mixes to sidestep confirmation forms. In different cases, attackers attempt to get to web applications via
scanning for the correct session ID. Attacker inspiration may incorporate taking data, contaminating destinations
with malware, or disturbing help.

While a few attackers still perform brute force attacks physically, today practically all brute force attacks are
performed by bots. Attackers have arrangements of usually utilized accreditations, or genuine client qualifications,
got through security breaks or the dull web. Bots deliberately attack sites and attempt these arrangements of
accreditations, and advise the attacker when they obtain entrance.

Types of Brute Force Attacks:

1. Dictionary attacks – surmises usernames or passwords utilizing a dictionary of potential strings or phrases.

2. Rainbow table attacks – a rainbow table is a precomputed table for turning around cryptographic hash
capacities. It very well may be utilized to figure a capacity up to a specific length comprising of a constrained
arrangement of characters.

3. Reverse brute force attack – utilizes a typical password or assortment of passwords against numerous
conceivable usernames. Focuses on a network of clients for which the attackers have recently acquired
information.

4. Hybrid brute force attacks – begins from outer rationale to figure out which password variety might be
destined to succeed, and afterward proceeds with the simple way to deal with attempt numerous potential
varieties.

5. Simple brute force attack – utilizes an efficient way to deal with ‘surmise’ that doesn’t depend on outside
rationale.

6. Credential stuffing – utilizes beforehand known password-username sets, attempting them against
numerous sites. Adventures the way that numerous clients have the equivalent username and password
across various frameworks.
How to Prevent Brute Force Password Hacking ?
To protect your organization from brute force password hacking, enforce the use of strong passwords.
Passwords should:

 Never use information that can be found online (like names of family members).

 Have as many characters as possible.

 Combine letters, numbers, and symbols.

 Avoid common patterns.

 Be different for each user account.

 Change your password periodically

 Use strong and long password

 Use multifactor authentication

What is Spoofing in Cyber Security?

Spoofing is a completely new beast created by merging age-old deception strategies with modern technology.
Spoofing is a sort of fraud in which someone or something forges the sender’s identity and poses as a reputable
source, business, colleague, or other trusted contact in order to obtain personal information, acquire money, spread
malware, or steal data.

Types of Spoofing:

 IP Spoofing

 ARP Spoofing

 Email Spoofing

 Website Spoofing Attack

 DNS Spoofing

IP Spoofing:

IP is a network protocol that allows you to send and receive messages over the internet. The sender’s IP address is
included in the message header of every email message sent (source address). By altering the source address,
hackers and scammers alter the header details to hide their original identity. The emails then look to have come
from a reliable source. IP spoofing can be divided into two categories.

 Man in the Middle Attacks: Communication between the original sender of the message and the intended
recipient is intercepted, as the term implies. The message’s content is then changed without the knowledge
of either party. The attacker inserts his own message into the packet.

 Denial of Service (DoS) Attacks: In this technique, the sender and recipient’s message packets are
intercepted, and the source address is spoofed. The connection has been seized. The recipient is thus
flooded with packets in excess of their bandwidth or resources. This overloads the victim’s system,
effectively shutting it down.
Drawback:

In a Man-in-the-middle attack, even the receiver doesn’t know where the connection got originated. This is
completely a blind attack. To successfully carry out his attack, he will require a great deal of experience and
understanding of what to expect from the target’s responses.

Preventive measures:

Disabling source-routed packets and all external incoming packets with the same source address as a local host are
two of the most frequent strategies to avoid this type of attack.

ARP Spoofing:

ARP spoofing is a hacking method that causes network traffic to be redirected to a hacker. Sniffing out LAN
addresses on both wired and wireless LAN networks is known as spoofing. The idea behind this sort of spoofing is to
transmit false ARP communications to Ethernet LANs, which can cause traffic to be modified or blocked entirely.

The basic work of ARP is to match the IP address to the MAC address. Attackers will transmit spoofed messages
across the local network. Here the response will map the user’s MAC address with his IP address. Thus attacker will
gain all information from the victim machine.

Preventive measures:

To avoid ARP poisoning, you can employ a variety of ways, each with its own set of benefits and drawbacks. Static
ARP entries, encryption, VPNs, and packet sniffing are just a few examples.

 Static ARP entries: It entails creating an ARP entry in each computer for each machine on the network.
Because the machines can ignore ARP replies, mapping them with sets of static IP and MAC addresses helps
to prevent spoofing attempts. Regrettably, this approach can only defend you from some of the most basic
attacks.

 Encryption: Protocols like HTTPS and SSH can also help to reduce the probability of an ARP poisoning
attempt succeeding. When traffic is encrypted, the attacker must go through the extra effort of convincing
the target’s browser to accept an invalid certificate. Any data sent outside of these standards, however, will
remain vulnerable.

 VPN: Individuals may find a VPN to be reasonable protection, but they are rarely suitable for larger
enterprises. A VPN will encrypt all data that flows between the client and the exit server if it is only one
person making a potentially unsafe connection, such as accessing public wifi at an airport. Since an attacker
will only be able to see the ciphertext, this helps to keep them safe.

 Packet filters: Each packet delivered across a network is inspected by these filters. They can detect and
prevent malicious transmissions as well as those with suspected IP addresses.

For more detail regarding MITM attacks using ARP spoofing please refer to the MITM (Man in The Middle) Attack
using ARP Poisoning.

Email Spoofing:

The most common type of identity theft on the Internet is email spoofing. Phishers, send emails to many addresses
and pose as representatives of banks, companies, and law enforcement agencies by using official logos and headers.
Links to dangerous or otherwise fraudulent websites, as well as attachments loaded with malicious software, are
included in the emails they send.
Attackers may also utilize social engineering techniques to persuade the target to voluntarily reveal information.
Fake banking or digital wallet websites are frequently created and linked to in emails. When an unknowing victim
clicks on that link, they are brought to a false site where they must log in with their information, which is then
forwarded to the fake user behind the fake email.

Manual Detection Method:

 Even though the display name appears to be real, if it does not match the “From” address, it is an indication
of email spoofing.

 Mail is most likely fake if the “Reply-to” address does not match the original sender’s address or domain.

 Unexpected messages (such as a request for sensitive information or an unwanted attachment) should be
opened with caution or reported immediately to your IT department, even if the email appears to come
from a trustworthy source.

Preventive measures:

Implement additional checks like Sender Policy Framework, DomainKeys Identified Mail, Domain-based Message
Authentication Reporting & Conformance, and Secure/Multipurpose Internet Mail Extensions.

Website Spoofing Attack:

Attackers employ website/URL spoofing, also known as cybersquatting, to steal credentials and other information
from unwary end-users by creating a website that seems almost identical to the actual trustworthy site. This is
frequently done with sites that receive a lot of traffic online. The cloning of Facebook is a good example.

DNS Spoofing:

Each machine has a unique IP address. This address is not the same as the usual “www” internet address that you
use to access websites. When you type a web address into your browser and press enter, the Domain Name System
(DNS) immediately locates and sends you to the IP address that matches the domain name you provided. Hackers
have discovered a technique to infiltrate this system and redirect your traffic to harmful sites. This is known as DNS
Spoofing.

Preventive measures:

 DNSSEC or Domain Name System Security Extension Protocol is the most widely used DNS Spoofing
prevention solution since it secures the DNS by adding layers of authentication and verification. However, it
takes time to verify that the DNS records are not forged, this slows down the DNS response.

 Make use of SSL/TLS encryption to minimize or mitigate the risk of a website being hacked via DNS spoofing.
This allows a user to determine whether the server is real and belongs to the website’s original owner.

 Only trust URLs that begin with “HTTPS,” which signifies that a website is legitimate. Consider the risk of a
DNS Spoofing Attack if the indicator of “HTTPS” looks to be in flux.

 The security strategy or proactive approach to preventing a DNS attack is active monitoring. It’s important to
keep an eye on DNS data and be proactive about noticing unusual patterns of behavior, such as the
appearance of a new external host that could be an attacker.

Spoofing is the most popular strategy utilized by advertisers these days. It is quite simple for them to utilize because
it includes a range of ways to perform it. The above are a few instances of spoofing and preventative steps that will
make our organization safer.
What is DNS Spoofing ?

Have you ever stumbled across emails and websites that seem suspicious but you aren’t sure if it has been
authenticated or not? I am sure we all have seen an email or a website that has all of the signs of being suspicious
and our spidey senses go off. I am writing this to help explain what you saw and the potential dangers of what you
could’ve been a victim of. This article is about DNS spoofing.

DNS spoofing or DNS cache poisoning is an attack in which altered DNS records are used to redirect users or data to
a fraudulent website or link that is camouflaged as the actual destination. An example of this would be when you go
to facebook.com on an unsecured network with no antivirus. If someone happens to be sniffing on your open port or
has already done a man-in-the-middle attack, then they are able to corrupt the DNS records. Therefore, redirecting
you to a fake Facebook page that is a replica of the official login page. When you type in your username and
password they will be able to steal your login credentials and inject a virus or worm into your IP address.

So going more into the details of what DNS spoofing is in the simplest of terms. Every computer and device has an IP
address and every website has a domain name(www.google.com) that allows internet users to visit the page. The
DNS or domain name system then maps out and plots out the domain name that users enter to the appropriate IP
address to properly route the traffic. The sorting and routing is handled by the DNS servers. DNS poisoning is when a
hacker injects a corrupt piece of DNS instructions into the DNS server and takes advantage of an exploit in the
process of redirecting traffic. The corrupt piece of DNS data that is sent to the DNS server is now redirecting traffic to
a fake login page that looks exactly like the official page. When the users enter their credentials, it is either being
recorded through a keylogger or being sent in a .txt file to the hacker so they have the information stored in an
alternate location.

A way to interpret this process and vulnerability is to look at it in the form of something you can relate to. Let’s say
you are going to your favorite grocery store to get groceries. You have to get rice, canned beans, some bread, deli
meat, etc. So you get to the grocery store and you see that obviously there are aisles where different items are
located(this can be related to the many websites out there and domain names). So you grab all of your items and go
to the checkout lines. Since all of the checkout lines are full you will usually have an attendant directing people to
the next available opening in a checkout aisle(this is the DNS servers directing and routing all traffic to the websites).
So you are directed to the next aisle and checkout and pay for all of your items but the cashier working there was
not really an employee and has stolen everyone’s credit card information in that line(this is the hacker injecting a
corrupt DNS entry into the DNS servers and redirecting users to the fake login page and stealing their login
credentials).
A Domain Name System (DNS) converts a human-readable name (such as www.geeksforgeeks.org) to a numeric IP
address. The DNS system responds to one or more IP-address by which your computer connects to a website (such
as geeksforgeeks.org) by using one of the IP-address.

There is not only one DNS server. There are series of DNS servers used to resolve the domain name. DNS uses cache
to work efficiently so that it can quickly refer to DNS lookups it’s already performed rather than performing a DNS
lookup over and over again.
Although DNS caching increase the speed of the domain name resolution process But the major change in the
domain then takes a day to reflect worldwide.

DNS Spoofing means getting a wrong entry or IP address of the requested site from the DNS server. Attackers find
out the flaws in the DNS system and take control and will redirect to a malicious website.
In above image –

1. Request to Real Website: User hits a request for a particular website it goes to the DNS server to resolve the
IP address of that website.

2. Inject Fake DNS entry: Hackers already take control over the DNS server by detecting the flaws and now they
add false entries to the DNS server.

3. Resolve to Fake Website: Since the fake entry in the DNS server redirect the user to the wrong website.

To Prevent From DNS Spoofing –

DNS Security Extensions (DNSSEC) is used to add an additional layer of security in the DNS resolution process to
prevent security threats such as DNS Spoofing or DNS cache poisoning.
DNSSEC protects against such attacks by digitally ‘signing’ data so you can be assured it is valid.

IP Spoofing
P Spoofing is essentially a technique used by a hackers to gain unauthorized access to Computers. Concepts of IP
Spoofing was initially discussed in academic circles as early as 1980. IP Spoofing types of attacks, had been known to
Security expert on the theoretical level. It was primarily theoretical until Robert Morris discovered a security
weakness in the TCP protocol known as sequence prediction. Occasionally IP spoofing is done to mask the origins of
a Dos attack. In fact Dos attacks often mask actual IP address from where attack has originated from.

Process :

With IP spoofing, intruder sends message to a computer system with an IP address indicating message is coming
from a different IP address than its actually coming from. If intent is to gain unauthorized access, then Spoof IP
address will be that of a system the target considers a trusted host. To Successfully perpetrate an IP Spoofing attack,
hacker must find IP address of a machine that the target System Considers a trusted source. Hackers might employ a
variety of techniques to find an IP address of a trusted host. After they have obtained trusted IP address they can
then modify packet headers of their transmission so its appears that the packet coming from the host.

Different ways to address IP Spoofing include :

1. Do not reveal any information regarding your internal IP addresses.This helps prevent those addresses from
being “spoofed”.

2. Monitor incoming IP packets for signs of IP spoofing using network monitoring software. One popular
product is “Netlog”, is along side similar products, seeks incoming packets to the external interface that have
the both source and destination IP addresses in your local domain. This essentially means an incoming
packet that claims to be from inside network is actually coming from outside your network. Finding one
means that an attack is underway.

Danger that IP spoofing contains is that some firewalls do not examine packets that appear to come from an internal
IP address.Routing packets through filtering router is possible, if they are not configured to filter incoming packets
whose source address is in local domain.

The risks associated with IP Spoofing include:

Denial-of-service attacks: An attacker can use IP Spoofing to flood a network or system with a large number of
requests, making it unavailable to legitimate users.

Unauthorized access: An attacker can use IP Spoofing to bypass access controls and gain unauthorized access to a
system or network.
Data interception: An attacker can use IP Spoofing to intercept sensitive data, such as login credentials, financial
information, or personal information.

Reputation damage: IP Spoofing can damage the reputation of legitimate businesses and organizations, as the attack
can appear to be coming from their IP address.

Examples of router configurations that are potentially vulnerable include :

1. Routers to external networks that support multiple internal interfaces.

2. Proxy firewalls where the proxy applications use source IP address for authentication.

3. Router with two interfaces support sub-netting on the internal network.

4. Routers that do not filter packets whose source address is in the local domain.

Conclusion :

1. IP spoofing attacks are becoming less frequent.

2. Primarily because the Venues they use have become more Secure and in some case no longer used.

3. Spoofing can still be used and all security administrators should address it.

Difference between Spoofing and Phishing

Spoofing: Spoofing is a type of attack on a computer device in which the attacker tries to steal the identity of the
legitimate user and act as another person. This kind of attack is done to breach the security of the system or to steal
the information of the users.

Example: Hackers normally change their IP addresses to hack a website so that the hacker can’t be traced.

Phishing: Phishing is a type of attack on a computer device where the attacker tries to find the sensitive information
of users in a fraud manner through electronic communication by intending to be from a related trusted organization
in an automated manner.
Example: Sometimes hackers through communication ask for OTP or secret PIN of bank transactions by acting as an
employee of the bank which is a fraud manner.

Difference between Spoofing and Phishing:

S.
No. Spoofing Phishing

Hacker tries to steal the sensitive

1. Hacker tries to steal the identity to act as another individual.
information of the user.

2. It doesn’t require fraud. It is operated in a fraudulent manner.

3. Information is not theft. Information is theft.

4. Spoofing can be part of the phishing. Phishing can’t be the part of the spoofing.

Needs to download some malicious software on the victim’s

5. No such malicious software is needed.
computer.

6. Spoofing is done to get a new identity. Phishing is done to get secret information.

7. Types: IP Spoofing, Email Spoofing, URL Spoofing etc. Types: Phone Phishing, Clone Phishing etc.

8. Examples- Examples-
S.
No. Spoofing Phishing

 Hacking of a complete website by modifying its IP Emails containing these type of terms:
Address.
 Click Here
 A banking website appears to be legitimate but it is
 Verify your personal information
used to gather sensitive information from user and
many more.  Payment Failed

 Tax Refunds

The best and common way to stop a spoofing attack- The best and common way to stop a
phishing attack-
 Ensure the destination of the link received via emails
by hovering over the link before clicking on it.  Be wary of grammatical flaws in
the communication’s content.
9.  Delete strange emails like unprofessional emails,
alarming messages, misspellings in the message body,  Keep a check on spelling mistakes
etc. in an email.

 Open the attached documents or any other type of  Check for the phrase structure and
attachment from reliable source only. unusual sentence phrasing.

Birthday attack in Cryptography

Birthday attack is a type of cryptographic attack that belongs to a class of brute force attacks. It exploits the
mathematics behind the birthday problem in probability theory. The success of this attack largely depends upon the
higher likelihood of collisions found between random attack attempts and a fixed degree of permutations, as
described in the birthday paradox problem.

Birthday paradox problem –

Let us consider the example of a classroom of 30 students and a teacher. The teacher wishes to find pairs of students
that have the same birthday. Hence the teacher asks for everyone’s birthday to find such pairs. Intuitively this value
may seem small. For example, if the teacher fixes a particular date say October 10, then the probability that at least
one student is born on that day is 1 – (364/365)30 which is about 7.9%. However, the probability that at least one
student has the same birthday as any other student is around 70% using the following formula:

1 - 365!/((365 - n!) * (365n)) (substituting n = 30 here)

Derivation of the above term:

Assumptions –

1. Assuming a non leap year(hence 365 days).

2. Assuming that a person has an equally likely chance of being born on any day of the year.

Let us consider n = 2.

P(Two people have the same birthday) = 1 – P(Two people having different birthday)

= 1 – (365/365)*(364/365)

= 1 – 1*(364/365)

= 1 – 364/365

= 1/365.

So for n people, the probability that all of them have different birthdays is:

P(N people having different birthdays) = (365/365)*(365-1/365)*(365-2/365)*….(365-n+1)/365.

= 365!/((365-n)! * 365n)

Hash function –

A hash function H is a transformation that takes a variable sized input m and returns a fixed size string called a hash
value(h = H(m)). Hash functions chosen in cryptography must satisfy the following requirements:

The input is of variable length,

The output has a fixed length,

H(x) is relatively easy to compute for any given x,

H(x) is one-way,

H(x) is collision-free.

A hash function H is said to be one-way if it is hard to invert, where “hard to invert” means that given a hash value h,
it is computationally infeasible to find some input x such that H(x) = h.

If, given a message x, it is computationally infeasible to find a message y not equal to x such that H(x) = H(y) then H is
said to be a weakly collision-free hash function.
A strongly collision-free hash function H is one for which it is computationally infeasible to find any two messages x
and y such that H(x) = H(y).

Let H: M => {0, 1}n be a hash function (|M| >> 2n )

Following is a generic algorithm to find a collision in time O(2n/2) hashes.

Algorithm:

Choose 2n/2 random messages in M: m1, m2, …., mn/2

For i = 1, 2, …, 2n/2 compute ti = H(mi) => {0, 1}n

Look for a collision (ti = tj). If not found, go back to step 1

We consider the following experiment. From a set of H values, we choose n values uniformly at random thereby
allowing repetitions. Let p(n; H) be the probability that during this experiment at least one value is chosen more than
once. This probability can be approximated as:

p(n; H) = 1 - ( (365-1)/365) * (365-2)/365) * ...(365-n+1/365))

p(n; H) = e-n(n-1)/(2H) = e-n2/(2H)

Digital signature susceptibility –

Digital signatures can be susceptible to birthday attacks. A message m is typically signed by first computing H(m),
where H is a cryptographic hash function, and then using some secret key to sign H(m). Suppose Alice wants to trick
Bob into signing a fraudulent contract. Alice prepares a fair contract m and fraudulent one m’. She then finds a
number of positions where m can be changed without changing the meaning, such as inserting commas, empty lines,
one versus two spaces after a sentence, replacing synonyms, etc. By combining these changes she can create a huge
number of variations on m which are all fair contracts.

Similarly, Alice can also make some of these changes on m’ to take it, even more, closer towards m, that is H(m) =
H(m’). Hence, Alice can now present the fair version m to Bob for signing. After Bob has signed, Alice takes the
signature and attaches to it the fraudulent contract. This signature proves that Bob has signed the fraudulent
contract.
To avoid such an attack the output of the hash function should be a very long sequence of bits such that the birthday
attack now becomes computationally infeasible.

What is a Dictionary Attack?

A Dictionary Attack is an attack vector used by the attacker to break in a system, which is password protected, by
putting technically every word in a dictionary as a form of password for that system. This attack vector is a form
of Brute Force Attack.

The dictionary can contain words from an English dictionary and also some leaked list of commonly used passwords
and when combined with common character replacing with numbers, can sometimes be very effective and fast.

How is it done?

Basically, it is trying every single word that is already prepared. It is done using automated tools that try all the
possible words in the dictionary.

Some Password Cracking Software:

 John the Ripper

 L0phtCrack

 Aircrack-ng

Difference between Brute Force and Dictionary Attack:

The difference with brute force attack is that, in brute force, a large number of possible key permutations are
checked whereas, in the dictionary attack, only the words with most possibilities of success are checked and are less
time consuming than brute force.

How to be on the safer side?

You can protect yourself from such kind of attacks by following ways:

 Choose a mix of upper and lower case letters, numbers and specials (i.e. special characters).

 Password must be a long string with more characters. The longer it is, the more time consuming it is to crack
(sometimes, time to crack is in years).

 Password reset should be done after a certain period of time.

What is FTP Spoofing Attack?

FTP stands for file transfer protocol and it is an application layer protocol for transferring files between a client and a
server. We can download, delete, move, rename, and copy files to a server using an FTP client. If you transfer a file
using FTP, it will mostly upload or download data from the FTP server. When the files are uploaded, they are
transferred from the personal computer to the server, and when files are downloaded, they get transferred from the
server to the personal computer.

Spoofing:
Spoofing is a kind of cyber attack in which an intruder impersonates another legitimate device or user in order to
initiate a network attack. To put it another way, an attacker sends a communication from a device that appears to be
real.

FTP Spoofing Attack:

Usually, in FTP servers, external users or IPs other their organization IPs will be blocked to avoid logon or to
access/transfer files by an adversary. Even though there are more security measures, attackers could use an
external computer to assume the host address of a computer on the company network and download files during
data transfer.

Working:

1. Attackers will fetch the server’s user name and password via a brute force attack to get into the server to get
the files or to transfer the payload.

2. Even though attackers have passwords in their hands, most of the organizations will drop/reject the
connections from external IPs.

3. So attackers will hide their original identity by changing the local IP into the organization’s IP address. It is
possible to spoof private IP addresses with some significant limitations.

4. It may be possible to establish a connection that can be used to transfer a payload to the target by using IP
spoofing, but it will not be possible to establish a true two-way TCP connection.

5. For instance, the attacker can get the target machine to respond, but the responses from the attacker
machine will not be routed to them, therefore they will not receive them.

6. As a result, UDP connections are more widely utilized for IP spoofing than TCP connections. The attacker, on
the other hand, can imitate receiving the packets by sending back bogus acknowledgement packets and then
proceed to transmit a payload or establish a connection into the internal system.

7. It’s extremely tough to hack because it may not be viable on all systems due to variations in how different
platforms handle TCP connections, making it more difficult for the attacker to replicate ack packets.
Working of FTP Spoofing Attack

Detection Method:

1. IP address spoofing is detected by scanning data packet headers for discrepancies. The IP address can be
validated by its MAC (Media Access Control) address or by a security system like Cisco’s IOS NetFlow, which
assigns an ID and timestamp to each computer that accesses the network. So at the first stage itself, it will
get failed if the MAC address does not belong to the organization domain.

2. Each BotNet contains potentially thousands of computers capable of reaching multiple IP addresses. Thus,
the automatic attack is difficult to trace.

Preventive Measures:

1. Use a good firewall to analyze every packet to avoid connection from external IP.

2. Use strong passwords to avoid the initial stage of an FTP attack.

3. Limit FTP server access to just necessary administrative professionals, and compel staff with credentials to
use multi-factor authentication to reduce this threat. Passcodes that must be kept should be kept in an AD
domain or on an LDAP server.

4. When used independently, FTPS techniques are insecure. Clients do not need to request encryption to
connect to the network. Only when the client expressly demands a secure connection is it possible. On the
network, this feature should never be enabled. Instead, use implicit encryption, which forces all connections
to be encrypted. The SSL and TLS 1.0 protocols are no longer supported, so the file server should be running
TLS version 1.2.

5. The standard FTP protocol has been deprecated. Secure file transfer protocol servers, work via a secure
connection to keep your company and customers safe.

6. Nowadays, hash algorithms become more vulnerable to brute force attacks. Blowfish and ciphers are both
obsolete and easily cracked. The Advanced Encryption Standard (AES) should be used in the network. To
protect the integrity of the data transmissions, use algorithms from the SHA-2 family.

7. Attacks that cause a denial of service (DoS) are still widespread. Programming the FTP or SFTP server to
restrict malicious IP addresses is time-consuming, but it is still one of the most effective defenses against
these attacks. We can also use allow lists to explicitly accept clients on your network, but this only works for
the few traffic sources that still employ static IP addresses.

8. By misusing file permission access, hackers can take advantage of our system. Clients should never be given
exclusive access to a whole directory, even if they need permission to upload or download data. Any files
that aren’t being used on a DMZ server should be encrypted. Files on an FTP server should only be kept for
as long as they are required.

Conclusion:

FTP is used widely in organizations for file sharing, so it’s like candy in the mouth for the attackers. Organizations
should take necessary actions and security measures to prevent FTP attacks.

Different Types of Threat to E-Commerce

E-commerce is basically the process of buying and selling commodities and goods over the Internet. In E-commerce,
transactions take place via digital methods via electronic funds and the processing of online transactions.

Since E-commerce deals with the transfer of money digitally, hackers and attackers use this as an opportunity to
break into E-commerce websites and gain some financial profit from them.

E-commerce Security:

 E-commerce Security basically deals with a set of protocols specially designed for E-commerce platforms to
process electronic transactions with security. E-commerce Security helps to buy and sell goods over the
Internet with full protection and security.

 The absence of E-commerce Security leads to the loss of the banking credentials of the customers, the
leaking of private sensitive information of users, phishing attacks, stealing of money, and frauds related to
credit cards.

 Electronic payment system which is an essential part of E-commerce Security helps to operate in a user-
friendly manner and avoids difficult documentation procedures and also saves some cost of transactions.

 E-commerce Security enables to provide security to Electronic payment systems so that they can easily
process the data and transfer electronic funds with security in an easy manner.

Types of threats to E-commerce:

 Tax Evasion: Organizations show the legal paper records of revenue to the IRS. But in the case of E-
commerce shopping, online transactions take place due to which funds get transferred electronically due to
which IRS is not able to count the transactions properly and there are high chances of tax evasions by these
organizations.

 Payment conflict: In E-commerce, payment conflicts can arise between users and the E-commerce
platforms. These electronic funds transferring systems might process extra transactions from the users
which will lead to a payment conflict by the users due to some glitches or errors.

 Financial fraud: Whenever an online transaction or transfer of funds takes place, it always asks for some pin
or passwords to authenticate and allows only the authorized person to process the transactions. But due to
some spyware and viruses used by attackers, they can also process the transactions of the users by allowing
the unauthorized person, which will lead to causing a financial fraud with the user.

 E-wallets: E-wallets are now an essential part of E-commerce platforms. Attack on E-wallets can lead to the
leak of the sensitive banking credentials of the users which can be used by the attackers for their own profit.
Regulators tend to monitor all the activities related to the financial security of the money of the users.

 Phishing: It is one of the most common attacks nowadays on the users, where the attackers send emails and
messages to a large number of users which contain a special link in it. When the users open that link in their
browser, the malware starts downloading in the background and the attacker gets full control over the
financial information about the users. They make fake websites to make the users believe their website and
fill out their financial credentials.

 SQL injections: SQL injections are used by attackers to manipulate the database of large organizations.
Attackers enter malicious code full of malware into the database and then they search for targeted queries
in the database and then they collect all the sensitive information in the database.

 Cross-site scripting (XSS): Hackers target the website of E-commerce companies by entering malicious code
into their codebase. It is a very harmful attack as the control of the entire website goes into the hands of the
 attackers. It can enable the attackers to track the users by using their browsing activity and their cookies. For
More details please read the what is cross-site scripting XSS article.

 Trojans: Attackers make software that may appear to be useful before downloading, but after downloading
the software it installs all the malicious programs on the computer. It collects data like personal details,
address, email, financial credentials and it may cause data leaks.

 Brute force attacks: Hackers draw patterns and use random methods to crack into someone else’s account
as an unauthorized user. It requires the use of multiple algorithms and permutations and combinations to
crack the password of an account by the attacker.

 Bots: The hackers use a large number of bots on E-commerce websites to track the competitor in the E-
commerce industry rankings and his user’s buying policies in order to scrap the sales and revenue of the
competitor. It also decreases the ranking of their E-commerce website as compared to the competitors due
to bad experiences faced by the users. It results in overall price decreasing and less revenue overall in sales.

 DDoS attacks: Distributed Denial of Service (DDoS) attacks are most commonly used by hackers to not allow
original legitimate users to access and buy and sell products from the E-commerce platforms. Hackers use a
large number of computers to flood the number of requests to the server so that at one time the server
crashes out.

 Skimming: Skimming is a popular method to spread out the malware on the website’s main pages which are
used by a large number of people. It steals and leaks all information entered by the users on that webpage
and all this information goes to the attacker through skimming.

 Middlemen attack: In this type of attack, the attacker can clearly get all the information in the conversation
taking place between the consumer and the E-commerce platform itself. The attacker sees the conversation
between both of them and uses this as an opportunity to make the user face some vulnerability.

Prevent threats:

We can prevent the following E-commerce threats in the following ways:

 Anti-malware: We can deploy Anti-malware and Anti-virus software on all our computer systems so that we
can prevent these conditions to happen. Anti-malware and Anti-virus software prevent all types of malware
and viruses to infect the data on our computer.

 HTTPS: HTTPS helps to keep the website data secure from any kind of digital attack. SSL and HTTPS encrypt
all the data of the users which is harder to crack by the hackers.

 Payment gateway: We can secure the payment gateway used on the E-commerce websites which very high
security and strict policies against leaking of any financial credentials of any user.

Zero-day Exploit (Cyber Security Attack)

 Last Updated : 29 Jun, 2022

Read

Discuss

In this IT era, majority of the cyberspaces are vulnerable to different kinds of attacks.

Zero-day exploit is a type of cyber security attack that occur on the same day the software, hardware or firmware
flaw is detected by the manufacturer. As it’s been zero days since the security flaw was last exploit, the attack is
termed as zero-day exploit or zero-day attack. This kind of cyber-attacks are considered dangerous because the
developer have not had the chance to fix the flaw yet. Zero-day exploit typically targets large organizations,
government departments, firmware, hardware devices, IoT, users having access to valuable business data, etc.

Working of Zero-day Exploit:

A software is developed and released without knowing the fact that it has a security vulnerability. An attacker
identifies or exploits this vulnerability before the developers identifies or fixes the same. While still the vulnerability
is open and unpatched, exploiting the vulnerability, the hacker attacks and compromises the software which can
lead to data theft, unauthorized access or crashing of the software itself. After the attacker attacks the target, the
public or developer identifies the attack and tries to figure out the patch. The developer identifies the fix and
releases the update to safe guard its new user.

Zero-day Exploit Detection:

Probability of detecting zero day exploit is rare or in other words, the attack leaves no opportunity for detection. But
there are a few ways to identify the existing known vulnerabilities.

1. Signature Based – In this method, the occurrence pattern of known vulnerability can be detected with the
help of pattern matching. Even though this method cannot detect the malware code used for zero-day
exploit, it is capable of detecting known attacks like SQL injection that may lead to zero-day vulnerability.
While a developer may not be able to detect zero-day attack, the system firewall may be able to detect and
protect against few known specific attack types such as XSS , SQL injection, etc.

2. Statistical Techniques – By monitoring the normal activity, this technique learns the normal behavior of the
network. When the system identifies any deviation from normal profile it will detect a probability of
vulnerability.

3. Behavior Based – The implementation of behavior based detection typically depends on a ‘honeypot’. A
honeypot is a security mechanism that is developed to detect the presence of hackers or hacking attempts.

4. Hybrid Techniques – This hybrid technique use the advantage of statistical, behavioral and traditional
signature based defense mechanism. They are comparatively more effective as the weaknesses of any single
detection technique will not break the security.

Zero-day Exploit Prevention : As zero-day exploits cannot be easily discovered, prevention of the zero-day exploit
becomes difficult. There is hardly any ways to protect against zero-day exploit as we don’t have any idea about its
occurrence well in advance. We can reduce the level of risk opting any of the following strategies:

 Implementation of IP security protocol ( IPSec).

 Usage of virtual local area networks.

 Deployment of intrusion detection system (IDS) or intrusion prevention system (IPS).

 Usage of network access control protocols.

 Usage of security schemes such as Wi-Fi Protected Access 2.

 Keeping all systems up to date.

  Performing periodic vulnerability scanning.

Example Cases of Zero-day Exploit :

 CVE-2016-4117 – This zero-day attack exploited one of the previously undiscovered flaws in Adobe Flash
Player.

 CVE-2016-0167 – This is a privilege escalation attack targeting win32k Windows Graphics subsystem
Microsoft Windows.

 CVE-2017-0199 – This zero-day attack exploited one of the previously undisclosed vulnerability in Microsoft
Office RTF documents.

 Stuxnet worm – This zero-day exploit targeted supervisory control and data acquisition (SCADA) systems.

Unified Threat Management (UTM)?

Unified Threat Management (UTM) is the process to tackle the attacks and malware threats on a network so that the
safety of all the devices is maintained during the connection. The various examples of Unified threat management
include:

Antivirus software

Firewalls

Spam Email Detection

Intrusion Detection

Leak Prevention

Used to prevent attacks on websites

Features of a UTM:

The various features of a UTM are:

Unified Threat Management (UTM) is software used for the administration and security of networks that are
vulnerable to harmful malware and virus attacks that may harm the systems of all the people connected to that
network. It prevents this spyware and malware to enter the network and any of the devices connected to that
network.

UTM is an effective resource that enables developers to secure their internet networking on their computers along
with saving them a ton of time, money, manpower, and expensive IT infrastructure.

UTM works on effective algorithms and security modules that detect and alarm all the threats and attacking signals
in advance of the attack that is being planned on that network. Also, UTM provides effective solutions to these
threats so that they may cause as little as possible harm to the network and its clients.

UTM enables content moderation and filtration to block spam content that may lead to violence, crime, or child
safety issues on their network.
UTM in advance comes with the latest definitions of anti-virus software that may block harmful malware, spyware,
etc. on their computer networks. It has a database of pre-defined viruses in the system and it automatically blocks
them and removes them from the system.

It enables efficient and faster processing of data that is being transferred over the network. When UTM is enabled,
the time for processing data reduces, and now the transfer process is more secure and encrypted on the network.

Unified Threat Management also deals with the retrieval of lost data over data. The transferred data is being
continuously monitored by the network administrator. Even in case of data theft, it automatically recovers back all
the data and it alarms the system in advance of the data theft attack, and blocks that attacker.

UTM firewall is capable of scanning and removing viruses, spyware, malware, Trojan horses, etc. at the same time.
The incoming and outgoing data all together are being continuously monitored and tracked to keep an eye on all the
incoming threats to the network in form of malicious data.

The unified Threat Management system comes already with a browser extension feature that tracks the user on the
network and alerts them when a particular website is misusing their cookies by sending spyware and malicious
malware to their system. Sometimes, it automatically blocks those websites that don’t come with a https secure
network connection.

Nowadays, Gmail and other service providers use UTM extension in their services to mark and remove spam-
generated emails and alert the users about the same. These extensions scan the message of those emails and check
whether they contain malicious spyware in form of links that could be used to track the members of that network.

UTM comes with incoming and outgoing intrusion detection algorithms to agree with the terms and conditions of
connection to that network. Also, it makes the work easier as no we don’t need different specialized software for
solving different purposes.

Working of UTM:

UTM firewalls are of two types :

Stream-based UTMs

Proxy-based UTMs

In Stream-based UTMs, each device on the network is physically connected to a network security device that enables
to scan of the networking data and looking for viruses, spyware, malware, or any attacks from the websites like
DDoS attacks, DNS Amplification attacks, and Intrusion attacks.

In Proxy-based UTMs, network security software is installed and enabled like anti-virus, or connected to a private
VPN, or using IPS systems. Also, a proxy server is installed for safety purposes so that all the data is first transferred
to that server and after that to all other devices after it gets thoroughly scanned by that server as a security
measure.

Difference between a UTM and a Firewall:

The responsibility of a firewall is just to scan the incoming and outgoing data through the computer for malicious
viruses, spyware, and malware that may corrupt the system.

Whereas a UTM is responsible for not only managing a particular computer, but instead it scans all the computer
systems and servers on that network. It tracks and monitors all the transferred data on that network and looks for
malicious objects.

UTM has much broader use than a Firewall. UTM is also used by service providers for spam email detection,
intrusions, filtering traffic, managing devices on the network, etc.

Disadvantages of UTM:

UTM has a lot of advantages, but at the same time, it has quite a lot of disadvantages :

UTM does not satisfy the privacy of the network members and users. For securing the nodes on the network from
data breaches, it continuously tracks the traffic and the networking history of all the members of the network.

UTM leads to slow performance of the processor, as the spyware tracking software capture the majority part of the
computer’s memory in those security processes, thus, leading to low efficiency in the actual work on that network.

UTM expensive to implement and maintain, especially for small businesses or organizations with limited resources.
The cost of hardware, software licenses, and ongoing maintenance and updates can add up quickly, making it
difficult for some companies to justify the investment. Additionally, UTM may require specialized knowledge and
expertise to set up and configure properly, which can further increase costs.

Difference between Spam and Phishing Mail

Spam Mail:

Spam (also known as junk mail) is an unsolicited email. In most cases, spam is a method of advertising. However,
spam can send harmful links, malware, or deceptive content. The end goal is to obtain sensitive information such as
a social security number or bank account information. Most spam comes from multiple computers on networks
infected by a virus or worm. These compromised computers send out as much bulk email as possible.

Features of Spam Emails:

 Spam emails are typically sent for advertising purposes or to promote products or services.

 Spam emails often contain misleading or false information to deceive the recipient.

 Spam emails are often sent from unknown or untraceable sources.

 Spam emails are often sent without the recipient’s consent or knowledge.

 Spam emails may contain links to malicious websites or contain attachments with viruses or malware.

The key characteristics of spam emails are:

 They are unsolicited: Spam emails are sent to a large number of recipients without their permission or
consent.
  They are commercial in nature: Spam emails often contain advertising or promotions for products or
services.

 They are sent in bulk: Spam emails are typically sent to a large number of people, often using automated
tools.

 They often contain false or misleading information: Spam emails may contain false or misleading information
in order to trick recipients into taking action.

Phishing Mail:

Phishing is a form of fraud. Cybercriminals use email, instant messaging, or other social media to try to gather
information such as login credentials by masquerading as a reputable person. Phishing occurs when a malicious party
sends a fraudulent email disguised as being from an authorized, trusted source. The message’s intent is to trick the
recipient into installing malware on his or her device or into sharing personal or financial information.

Features of Phishing Emails:

 Phishing emails are designed to appear as if they are from a legitimate source, such as a bank or a social
media platform.

 Phishing emails often contain urgent or alarming messages to persuade the recipient to take immediate
action.

 Phishing emails often contain links to fake websites that resemble legitimate websites, in order to steal login
credentials or other personal information.

 Phishing emails often use social engineering tactics to trick the recipient into revealing sensitive information
or downloading malware.

 Phishing emails may also contain attachments with malware or viruses.

The key characteristics of phishing emails are:

 They are deceptive: Phishing emails are designed to look like they come from a legitimate source, such as a
bank, social media platform, or other trusted entity.

 They are targeted: Phishing emails are often targeted at specific individuals or groups, rather than being sent
to a large number of people.

 They contain requests for personal information: Phishing emails often contain requests for personal
information, such as login credentials, credit card numbers, or social security numbers.

 They use social engineering tactics: Phishing emails often use social engineering tactics to trick recipients
into revealing personal information, such as creating a sense of urgency or using emotional appeals.

Similarities:

 Both spam and phishing emails are sent in bulk to a large number of recipients.

 Both types of emails can be used to distribute malware or viruses.

 Both types of emails can be used to steal personal information, such as login credentials or financial
information.

Let’s see the Difference Between Spam and Phishing Mail:

S.No. SPAM MAIL PHISHING MAIL

Spam emails is referred to as junk email and is Phishing emails are fraudulent emails designed to steal
1
unsolicited messages sent in bulk by email. users private information and data.

Spam emails are a form of commercial Phishing is a social engineering attack on the mail and
2 advertising designed to flood the email inbox of often carried out via emails with the intention of
users. obtaining sensitive information

3 Spam is basically junk email flooding the inbox. Phishing is not just limited to emails.

Phishing emails utilize strong social engineering

4 Spam emails utilize commercial content.
techniques.

It is an electronic equivalent of unsolicited It is the equivalent of an is users’ act of illicitly

5
email. obtaining users’ information

There are multiple types of Phishing emails for

6. Spam mail main is sent by botnets. example -:
Clone phishing, angler phishing

Spam mails are dangerous because they

We can prevent our device from Phishing mails by
7. contains malicious links that can infect our
Implementing SPF, DKIM and DMARC.
computer with malware.

Examples include- Examples include-

 You’ve Won! lottery worth $2,00,000  Requesting personal data

 Advertising (retailers, online  Instructing consumers to access a link or a

8.
pharmacies, gambling, etc) surprise attachment

 Fake virus alerts  Verify your password or account information.

 Email chains and more.  Send a message of urgency

Conclusion :

spam emails are unsolicited messages that are typically sent in bulk and contain commercial or misleading
information. Phishing emails, on the other hand, are targeted scams that aim to trick people into revealing personal
or sensitive information. By understanding the differences between spam and phishing emails, individuals and
organizations can better protect themselves against email fraud.
Difference between Phishing and Vishing

 Last Updated : 22 Jul, 2022

Read

Discuss

There are several types of Email attacks that are used by the attackers to steal confidential information from users.
The confidential information may include login credentials, bank card details, or any other sensitive data. Phishing
and Vishing are also such types of attacks.

1. Phishing :

Phishing is a type of email attack in which the attacker tries to find the sensitive information of users in a fraud
manner through electronic communication by intending to be from a related trusted organization. Attackers design
emails carefully to target a group and clicking on the link installs malicious code on the computer.

Example –

 Stealing bank transaction passwords from users.

 Stealing login credentials from users.

2. Vishing :

Vishing is the type of cyber attack in which voice communication is used for stealing confidential data from a group
of people. In vishing, the attacker tricks the target to give sensitive information through a voice call pretending to be
an employee from a related and trusted firm.

Example –

 Asking for bank transaction OTP from users.

 Asking for UPI PIN from users.

Difference between Phishing and Vishing :

S.
No. PHISHING VISHING

Phishing attack is targeted for a wide range of people A vishing attack is also targeted at a wide range of
1.
through emails. people through voice communication.

2. Victim needs to click on malicious links. Victim needs to tell the information on their own.

3. It is an automated attack. While it is a manual attack.

4. A single attacker can send various emails at a time. Voice calling to target can be done by a attacker
S.
No. PHISHING VISHING

one a time.

5. It has more accuracy. It has less accuracy.

It was mostly used in earlier days but still

6. It is more used now-a-days.
attackers use it.

The attackers involved in phishing are cyber criminals While the vishing attackers are not experts in
7.
or professional hackers. hacking.

Phishing can take place in the following forms-

 Spear Phishing Vishing can take place in the following forms-

 Whaling  A government official

8.  Clone Phishing  Telemarketing Incident

 Smishing  Fraudulent Tech Support

 Vishing  Fake bank transactions and more.

 Angler phishing and more.

Common Precautionary Steps- Common Precautionary Steps-

 Think twice before submitting your sensitive  Do not pick the call from unknown
information. number

9.  Never believe warning messages.  Block the number immediately in case you
find something like fraud during the call.
 Avoid opening any Word, Excel, PowerPoint, or
PDF-like enclosed documents in these  Avoid responding such as pressing of
deceptive or unusual communications and buttons or speaking in response to
others. prompts from automated message.

Examples of Phishing Attacks- Examples of Vishing Attacks-

10.  Fraudulent fake invoices  Wardialing

 Email Account Upgrade Fraud  Caller ID forgery

S.
No. PHISHING VISHING

 Suspicious Activity Fraud and others.  Dumpster diving and others.

Difference between Phishing and Pharming

 Difficulty Level : Easy

 Last Updated : 22 Jul, 2022

Read

Discuss

Phishing:

Phishing is a type of attack on a computer device. In phishing, the attacker tries to find the sensitive information of
users by the means of electronic communication illegally. In other words, it is an illegal attempt to obtain secure
information from people or users.

A simple example of phishing is bank fraud, where hackers tried to get your bank details through communication by
acting as an employee of the bank which is a fraud manner.

Pharming:
Pharming is a more advanced technique to get users’ credentials by making effort to enter users into the website. In
order words, it misdirects users to a fake website that appears to be official and victims give their personal
information at fault.

In pharming, a fake website is created which appears to be official. Users then access the website and a request is
popped up regarding username and password and other credentials.

Let’s see the difference between Phishing and Pharming:

S.
No. PHISHING PHARMING

In phishing, the attacker tries to find the

sensitive information of users by the Pharming is a more advanced technique to get users’
1
means of electronic communication credentials by making effort to enter users into the website.
illegally.

It is an attempt to scam people one at a It simply redirects traffic from one website to a different,
2
time via an email or instant message. identical-looking website to steal information.
S.
No. PHISHING PHARMING

3 It is electronic mail fraud. It is similar in nature to email phishing.

It is a type of fraud in which an attacker

It is a scam and seeks to obtain personal and private
4 tricks the victims into providing personal
information through domain spoofing.
information by email or message.

5 It is relatively easy to initiate and identify. It is more difficult to accomplish and identify.

It involves a fraudulent email containing a

It poisons the DNS server, redirecting the users to different
6 link to a website seeking personal details
websites.
from users.

7 It uses mail. It uses websites.

Phishing also uses additional methods for

Pharming will employ strategies for data theft such as DNS
8 data theft like fax phishing, vishing, and
spoofing, DNS hijacking, and DNS cache poisoning.
smishing.

Pharming negotiates with the DNS server to send users to a

fraudulent domain. Once the hacker conducts a successful DNS
9. Phishing employs lures like bogus links.
assault during pharming, the mainstream traffic to the website
is diverted.

10. It targets individuals one at a time. It simultaneously targets huge groups of individuals.

Difference between Spear Phishing and Whaling

 Last Updated : 22 Jul, 2022

Read

Discuss

Spear Phishing and Whaling both are different type of Email phishing attacks that attackers use to steal your
confidential information. This confidential information might include login credentials, credit & debit card details,
and other sensitive data.
Spear Phishing: This type of phishing targets a specific person or organization. In this attack, the attacker tricks the
victim to click on malicious links which installs malicious code, which lets the attacker retrieve all the sensitive
information from the target system or network.

Whaling: Whaling is also a type of phishing attack. In this attack high level personnel of an organization such as CEO,
COO, CTO are targeted. Attackers send emails or text messages that seem legitimate but contain malicious links.

Difference between Spear Phishing and Whaling:

S.
No. Spear Phishing Whaling

Targets only high level directives of an

1. Targets specific group of people or organization. organization.

Main focus is to steal admin credentials or trade

2. Main focus is to steal corporate banking information. secrets.

3. Email or message is designed for group of people. Email or message is for specific person.

4. Targets low profile individual. Targets high profile individual.

To prevent this attack educate people about such

5. attacks. Check the URL before actually clicking it.

Examples include

 Tax scams. Like posing as business

executives and requesting requisite tax
filing forms or employee financial
Examples include information for submitting false tax returns
and claim refunds.
 Email appears to legitimate as it may contains
recipients name, references of colleagues  The other one in a row is in the form of an
working in an organization, etc. to entice the email purporting to be from the CEO or
victims to open an attachment and initiate the director of the business instructing the
attack like in vendor related payments stating accounting division to conduct wire
that it has failed due to several reasons like transfers. It seems to be authentic but it
incomplete details or wrong details and you originates from faked email addresses and
have to retry the payment process using the incorporate in the appropriate names and
6. given link which is nasty one. details to look like legitimate.