Types of Cyberattack, Specific Risks and How to Mitigate those Risks
Please note that the list of cyberattack types is distributed by the Canadian Centre for Cyber Security and the means to mitigate is provided by third parties. This information is not meant to be exhaustive and Skyway West is not responsible for omissions or mistakes.
What is a Blocklist, what is the risk and how can you mitigate that risk?
What is it? A blocklist (sometimes still referred to as a “blacklist”) is a list of Internet addresses and domain names that have been reported as sending out unsolicited advertising (aka “spam”), distributing malware, hosting botnets, hosting phishing websites, etc. Many e-mail services will not deliver mail from blocklisted servers. There are many public ...What is a Botnet Drone, what is the risk and how can you mitigate that risk?
A botnet is a network of infected computers that can be controlled remotely, forcing them to send spam, spread viruses, or stage DDoS (distributed denial of service) attacks. A Botnet Drone is a type of software that connects your device to a botnet. Source: Avast.comWhat is a DNS Attack, what is the risk and how can you mitigate that risk?
What is it? The Domain Name System (DNS) is a decentralized naming system for computers and other network resources. A computer uses DNS to translate an Uniform Resource Locator (URL, like www.google.com) to an Internet Protocol (IP, like 142.250.69.206) address. It’s roughly analogous to a traditional telephone book, except that lookups are coordinated over ...What are NTP Service Mode 6 Queries, what is the risk and how can you mitigate that risk?
The remote NTP server responds to mode 6 queries (Mode 6 is the recommended protocol used to get status information from a running ntpd to configure some of its behaviors on the fly). Devices that respond to these queries have the potential to be used in NTP amplification attacks. An attacker sends a massive amount ...What is an SNMP Attack, what is the risk and how can you mitigate that risk?
An SNMP attack is a type of Distributed Denial of Service (DDoS) attack. Instead of Domain Name Servers (DNS), SNMP attacks use the Simple Network Management Protocol (SNMP) – a common network management protocol used for configuring and collecting information from network devices like servers, hubs, switches, routers and printers. SNMP attacks can generate attack volumes of hundreds of ...What is an RDP Service Exploit, what is the risk and how can you mitigate that risk?
What is it? Remote Desktop Protocol (RDP) allows a remote computer to take control of a computer in your network. RDP comes pre-installed for Microsoft Windows but can also be used with Apple OSX computers. RDP is used by many to work-from-home; it’s also used by IT support departments to perform remote maintenance and ...What is an SSDP Service Exploit, what is the risk and how can you mitigate that risk?
What is it? Simple Service Discovery Protocol (SSDP) is used to discover what devices (and their capabilities) are available in a local area network. It is the basis of Universal Plug and Play (UPnP) devices like printers and scanners but it also helps locate network resources. SSDP uses port 1900. Attackers can exploit SSDP ...What is a multicast DNS Service Exploit, what is the risk and how can you mitigate that risk?
What is it? The Domain Name System (DNS) is a network of computers that convert web addresses like “google.com” into Internet Protocol (IP) addresses like 192.168.0.1. The client computer connects to a DNS server and asks for the IP address of “google.com” and gets an answer back. Multicast DNS (mDNS) does the same thing ...What is an Open Portmapper Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Portmapper, also known as Remote Procedure Call Bind (RPCBind), is a mechanism where Internet address ports can be assigned as a program running on a remote computer to act as if it is running on the local computer. RPCBind runs on port 111 and dates back to 1991. Although portmapper has ...What is a NetBios Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Network Basic Input/Output System (NetBIOS) is the mechanism that Microsoft Windows systems use to share resources, particularly file and printer shares. NetBIOS uses ports 137, 138 and 139. Why is it a risk? Using a command called NBSTAT (link below), an attacker can discover computer names, IP addresses, NetBIOS names, Windows Internet ...What is a Microsoft (MS) SQL Server Resolution Service Vulnerability and How Does it Affect You?
Microsoft SQL is a database management system, and its Server Resolution Service is a way external devices can request details on the MS SQL server running on a network. When exposed to the wider Internet, the Server Resolution Service can be used by a third party to commit abuse. Your compromised or misconfigured device is ...What is an SMB Protocol Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Server Message Block (SMB), also called Common Internet File System (CIFS) allows Microsoft Windows computers to share files, serial ports and printers across a network. SMB uses ports 139 or 445. The UpGuard link below provides background on the protocol and how it works. Why is it a risk? Version 1.0 ...