Types of Cyberattack, Specific Risks and How to Mitigate those Risks
Please note that the list of cyberattack types is distributed by the Canadian Centre for Cyber Security and the means to mitigate is provided by third parties. This information is not meant to be exhaustive and Skyway West is not responsible for omissions or mistakes.
What is the DDOS potential TFTP Attack, what is the risk and how can you mitigate that risk?
What is it? Trivial File Transfer Protocol (TFTP) can operate in very little memory so it is sometimes used by a desktop computer to update the firmware on a router. TFTP uses port 69. TFTP is rarely used for Internet file transfers. Wikipedia (link below) does a good job of explaining TFTP. Why is it a risk? As its ...What is the DDOS potential SNMP Attack, what is the risk and how can you mitigate that risk?
What is it? Simple Network Management Protocol (SNMP) is used by network administrators to monitor and control devices (computers, routers, printers, etc.) remotely. There are 3 versions of SNMP. SNMP uses ports 161 and 162. Wikipedia (link below) provides a good overview of the versions, capabilities and security implications of SNMP. Why is it a risk? Being able to ...What is the DDOS potential NTP Attack, what is the risk and how can you mitigate that risk?
What is it? Network Time Protocol (NTP) is used to synchronize your computer clock with other computers on the Internet. By far the most common use of NTP is for one computer to ask “what time is it?” of another computer. But NTP has many other, less used, capabilities. “Mode 6” commands allow NTP to be ...What is the DDOS potential netbios Attack, what is the risk and how can you mitigate that risk?
What is it? Network Basic Input/Output System (NetBIOS) is the mechanism that Microsoft Windows systems use to share resources, particularly file and printer shares. NetBIOS uses ports 137, 138 and 139. Why is it a risk? Using a command called NBSTAT (link below), an attacker can discover computer names, IP addresses, NetBIOS names, Windows Internet Name Service (WINS) ...What is the DDOS potential LDAP Attack, what is the risk and how can you mitigate that risk?
What is it? Lightweight Directory Access Protocol (LDAP) allows remote users to lookup directory data. An LDAP Directory usually contains information about users, but may also contain data about printers, servers, conference rooms, other equipment, etc. LDAP is the protocol used to access the proprietary Microsoft Active Directory. Although LDAP is not Active Directory specific, most exposed ...What is the DDOS potential http Attack, what is the risk and how can you mitigate that risk?
What is it? This vulnerability is (sort of) mis-named; it might be more accurately called “TCP Middlebox Reflection Vulnerability.” Although the vulnerability was detected on the HTTP Port (80), these attacks can occur on any port. A “middlebox” is any device that manipulates network traffic; examples include Network Address Translators (NAT) and load balancers (among others). The key ...What is the brute-force telnet Attack, what is the risk and how can you mitigate that risk?
Brute-force attacks against telnet attempt to gain unauthorized access by systematically trying many combinations of usernames and passwords until the correct one is found. Risk If successful, attackers gain remote access to systems, allowing them to steal data, install malware, or use compromised machines in larger attacks. Since telnet transmits data unencrypted, it is especially vulnerable. Mitigation Disable telnet ...What is a Malware Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Malware is any “malicious software.” Malware can steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission. Most modern malware contains advanced capabilities that help it spread, avoid detection or be very difficult to remove. Why is it a risk? A Denial ...What is the Rsync (remote synchronization) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Rsync (remote synchronization) has been used for over two decades to move and mirror file systems between computers on a network; it is often used for maintaining a backup because it only transfers differences between the two systems; it’s very efficient. The Wikipedia entry for rsync linked below provides an excellent overview ...What is the Building Automation and Control Network (BACnet) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Building Automation and Control Network (BACnet) is a common building automation system protocol that offers Alarm and event monitoring, remote device management and computer file and terminal access. The default port for BACnet traffic is 47808 Why is it a risk? Because early building automation systems relied on dedicated wiring and networks, there were ...What is the MQTT Vulnerability, what is the risk and how can you mitigate that risk?
What is it? MQTT (which originally was an acronym for Message Queue Telemetry Transport, but since 2013 doesn’t actually stand for anything according to Wikipedia) is a protocol use for remote sensor and control (the Internet of Things – IoT); particulraly for industrial applications. MQTT operates unencrypted on port 1883 or encrypted on port 8883. Why is ...What is the MS-SQL Server Resolution Service Vulnerability, what is the risk and how can you mitigate that risk?
What is it? MS-SQL Server Resolution Service (MC-SQLR) facilitates connections over the Internet to MS SQL database servers. Why is it a risk? A Denial of Service attack (DoS) is when an attacker attempts to overwhelm a victim’s server. A Distributed Denial of Service (DDoS) attack is when the attacker uses many unwitting accomplice computers to attack their victim. ...