Types of Cyberattack, Specific Risks and How to Mitigate those Risks
Please note that the list of cyberattack types is distributed by the Canadian Centre for Cyber Security and the means to mitigate is provided by third parties. This information is not meant to be exhaustive and Skyway West is not responsible for omissions or mistakes.
What is the Exposed Service IPP Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Internet Printing Protocol (IPP), as its name implies, allows computers and mobile phones to send print jobs to a printer connected to the network. It is the basis for a number of proprietary network printing services like AirPrint, IPP Everywhere and Mopria Alliance. IPP not only allows queueing of jobs to be printed, but ...What is the Exposed Service CWMP Vulnerability, what is the risk and how can you mitigate that risk?
What is it? CPE WAN Management Protocol (CWMP, also known as TR-069) allows a remote computer to manage broadband routers, VoIP phones, etc. If Universal Plug and Play (UPnP) is supported and configured, CWMP can be used to manage devices inside the local area network. By default, CWMP uses ports 7547-7550. A Man in The Middle (MiTM) ...What is the DDOS potential TFTP Attack, what is the risk and how can you mitigate that risk?
What is it? Trivial File Transfer Protocol (TFTP) can operate in very little memory so it is sometimes used by a desktop computer to update the firmware on a router. TFTP uses port 69. TFTP is rarely used for Internet file transfers. Wikipedia (link below) does a good job of explaining TFTP. Why is it a risk? As its ...What is the DDOS potential SNMP Attack, what is the risk and how can you mitigate that risk?
What is it? Simple Network Management Protocol (SNMP) is used by network administrators to monitor and control devices (computers, routers, printers, etc.) remotely. There are 3 versions of SNMP. SNMP uses ports 161 and 162. Wikipedia (link below) provides a good overview of the versions, capabilities and security implications of SNMP. Why is it a risk? Being able to ...What is the DDOS potential NTP Attack, what is the risk and how can you mitigate that risk?
What is it? Network Time Protocol (NTP) is used to synchronize your computer clock with other computers on the Internet. By far the most common use of NTP is for one computer to ask “what time is it?” of another computer. But NTP has many other, less used, capabilities. “Mode 6” commands allow NTP to be ...What is the DDOS potential netbios Attack, what is the risk and how can you mitigate that risk?
What is it? Network Basic Input/Output System (NetBIOS) is the mechanism that Microsoft Windows systems use to share resources, particularly file and printer shares. NetBIOS uses ports 137, 138 and 139. Why is it a risk? Using a command called NBSTAT (link below), an attacker can discover computer names, IP addresses, NetBIOS names, Windows Internet Name Service (WINS) ...What is the DDOS potential LDAP Attack, what is the risk and how can you mitigate that risk?
What is it? Lightweight Directory Access Protocol (LDAP) allows remote users to lookup directory data. An LDAP Directory usually contains information about users, but may also contain data about printers, servers, conference rooms, other equipment, etc. LDAP is the protocol used to access the proprietary Microsoft Active Directory. Although LDAP is not Active Directory specific, most exposed ...What is the DDOS potential http Attack, what is the risk and how can you mitigate that risk?
What is it? This vulnerability is (sort of) mis-named; it might be more accurately called “TCP Middlebox Reflection Vulnerability.” Although the vulnerability was detected on the HTTP Port (80), these attacks can occur on any port. A “middlebox” is any device that manipulates network traffic; examples include Network Address Translators (NAT) and load balancers (among others). The key ...What is the brute-force telnet Attack, what is the risk and how can you mitigate that risk?
Brute-force attacks against telnet attempt to gain unauthorized access by systematically trying many combinations of usernames and passwords until the correct one is found. Risk If successful, attackers gain remote access to systems, allowing them to steal data, install malware, or use compromised machines in larger attacks. Since telnet transmits data unencrypted, it is especially vulnerable. Mitigation Disable telnet ...What is a Malware Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Malware is any “malicious software.” Malware can steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission. Most modern malware contains advanced capabilities that help it spread, avoid detection or be very difficult to remove. Why is it a risk? A Denial ...What is the Rsync (remote synchronization) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Rsync (remote synchronization) has been used for over two decades to move and mirror file systems between computers on a network; it is often used for maintaining a backup because it only transfers differences between the two systems; it’s very efficient. The Wikipedia entry for rsync linked below provides an excellent overview ...What is the Building Automation and Control Network (BACnet) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Building Automation and Control Network (BACnet) is a common building automation system protocol that offers Alarm and event monitoring, remote device management and computer file and terminal access. The default port for BACnet traffic is 47808 Why is it a risk? Because early building automation systems relied on dedicated wiring and networks, there were ...