In other articles we have analyzed various threats. However, this time we will review 4 of the most frequent cyber threats and their
If we talk about cyber threats, the number of them is very wide; some are more complex, others are simpler. All of them have the capacity to put the integrity of computers or systems at risk; if you search the web about the threats that exist, it is likely that the same 4 threats will appear everywhere.
However, there are many more, although we must bear in mind that more importance is always given to the most popular or dangerous dangers. On the other hand, we must be aware that as time goes by; more and more of these threats are created and who knows; the day may come when they become incorrigible. But in the meantime, let’s take a look at the list of the most important cyberthreats.
Port scanning cyber threats
This is used by attackers to discover which port is available to exploit. Ports can be seen as access routes to a computer; through it certain tools, programs or applications are executed. These network points can be either local (in the case of LANs) or in the case of public ones such as on the Internet. This is one of the most common reconnaissance techniques used by attackers.
Therefore; a port scan is used to verify from which port they can enter a computer; it consists of sending a message to each port, one at a time. Depending on the type of response received, it will determine whether the port should be scanned in depth for vulnerabilities; in order to attack.
To label them they can be:
- Known ports (0 – 1023)
- Registered ports (1024 – 49151)
- Private ports (49152 – 65535)
FTP Bounce Attack cyber threats
In this type of attack criminals connect to FTP (File Transfer Protocol) servers, which are used to send and receive files between two computers operating remotely. By connecting to this server the attacker intends to send malicious files to other users or machines using a command called “PORT”. This is an obsolete threat; since nowadays many FTP servers come with this command disabled to prevent this type of attack.
We have seen this particular attack in other articles, but in a nutshell, it is a denial of service attack; it consists of attackers preventing users from accessing information, products or services that exist on the web. Now let’s look more specifically at how this technique works.
When we want to access a website, a URL is entered in the browser, this URL is interpreted as a request to access the content of that website; these sites can only process a certain number of requests at a time; so when they exceed that number, it ends up blocking. In a denial-of-service attack, the attacker collapses a website with requests, causing it to crash and not function as it should.
To solve these attacks there are a few steps you can take:
- Verify that the attack has really occurred: you have to make sure that the error is really caused by a DDOS attack; this is because this error can have multiple factors; such as DNS misconfigurations, routing problems, to simple human errors.
- Notify the leaders: after having confirmed the attack, the next step is to contact the relevant leaders of your work team; so that they can alert the rest of the people in the company and execute the action plan (in case they have one).
- Prioritize the applications: when we talk about a company where the resources destined to counteract these attacks are low, it is necessary to prioritize the applications; try to safeguard the information and the assets of the pages or applications that are of more value for the company.
- Identify the type of attack: as mentioned above, there can be different types of DDoS attacks; so it is necessary to know what the type of attack is in order to counter it.
- Attack mitigation: this step is where the whole arsenal of techniques is put in place to try to stop the attack; if the list of IP addresses that are collapsing the server is small, they can be blocked through a firewall.
- Security reinforcement: having suffered an attack, it shows that there are important vulnerabilities that need to be fixed as soon as possible.
Man-In-The-Middle Attack threats
This is another very common type of attack, due to the fact that it is widely used nowadays. This attack consists of an interception of a communication channel between two parties. It usually occurs in means of communication between people, such as e-mails, social networks, etc. By intercepting the information, the person can eavesdrop on conversations and obtain private information, even redirect information and change messages; which at corporate levels represent a significant enough threat.
There are several ways in which this type of attack can be countered:
The first can be the S / MIME (Secure Multipurpose Internet Mail Extensions) method; which encrypts emails and messages in transit to ensure that only the recipient can read it. In addition, personal signatures can be used to secure and certify business emails.
On the other hand, we have the certification method; this works by creating certificates for all the machines or devices of a company’s employees, to authenticate that they are real. This means that only endpoints with configured certificates will be able to access the system.
In general terms we can say that this last method is simple to use, as it does not require additional hardware to the equipment used; nor does it require complicated training of personnel; furthermore, such implementations can be automated, thus making the job more complicated for hackers.
We hope to raise awareness about the dangers that we can get into the web; whether in everyday life or work, we must always be aware of the threats that exist, because, although we believe that it is something that would not happen; it can still end up being really dangerous if it were to happen to us. So always maintain a high level of security on our devices.