Provide (2) 150 words substantive response with a minimum of 1 APA references for RESPONSES 1 AND 2 below. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline.
The worst kind of attack in my opinion is a social engineering attack. Kaspersky describes social engineering as a manipulation technique that exploits human error to gain private information, access and valuables. I consider these types of attacks the worst since the attack targets the weakest link in the security chain, users. While social engineering attacks can take a few different forms but the one I want to focus on is Phishing. Phishing is an attempt to gain private information, like passwords and login names by using what seems like a legitimate site or link in an email from what seems like a trusted source but in actuality it’s a scam that is trying to get your sensitive data. Phishing also has a few forms of attacks as well but the one the example I’m using today is a spear phishing attack on Google and Facebook.
In 2013 a Lithuanian group called the Lithuanian National Evaldas Rimasuskas pretended to be a computer manufacturer that worked for both Google and Facebook, called Company-2, which sounds very similar to the actual hardware company called Company-1. Rimasuskas then send invoices to facebook and Google for legitimate services performed for the tech giants but the bill came from the fraudulent company, which paid into a bank account under the fake company name. I would consider this a win for social engineering since this plan worked for 2 years before Rimasuskas plead guilty to the scheme.
Similar to a DOS (Denial Of Service) attack, a DDOS (Distributed Denial Of Service) attack is where a large influx of network traffic is sent to a targeted network, service, or server with the intent of overloading it and denying the use of it to others. The difference between a DOS and a DDOS attack is where a DOS attack utilizes only one system, a DDOS attack uses multiple. I believe this to be the worst type of attack for multiple reasons. For one, they are relatively simple to perform. They can be conducted by multiple hackers with multiple systems or an individual hacker remotely controlling multiple systems. The attack involves sending ICMP requests, sometimes referred to as pings, to one location. If a large enough amount of pings are sent frequently enough, the target server wont be accessible to any of the daily regular web traffic. DDOS attacks are also very difficult to prevent due to the distributed nature of the attack, with the possibility of the sources of the attack ranging from all around a city to all around the world. There are also difficulties involved in trying to tell the difference between regular web traffic and web traffic sent with the malicious intent of overloading the network.
An example of a DDOS attack is the Six Banks Attack of 2012, where an Iranian group of hackers, supposedly in response to recent economic sanctions from the U.S., prevented access to online banking services of six U.S banks. This effectively caused a negative impact to the banks revenue and image. While the goal is unknown, I would consider the attack to be a success due to the fact that the banks were unable to defend against it. Ways to prevent such an attack from happening again would include incorporating a cloud based server into your network architecture. The increase in bandwidth will allow your network to withstand larger amounts of traffic. Another way would be to incorporate systems, like a customized firewall, that can identify and deny network traffic anomalies.