Typical Attacks Against a Network Continued

Now, the last one we go over is called the insider threat. Now, an insider threat, I would say it would be one of the most dangerous type of attacks. Now, insider threat means it’s an individual inside your organisation, your network, whatnot. Most likely, it’s an employee. Now, what makes this so dangerous is the person inside your company works one of two ways. One is they’re intentionally trying to damage your network. Now, the problem with this is they already have access to your network on some level, because they are an employee, for example. They have some level of credentials to get on your network and do things. So this could be extremely dangerous. Because again, they already have access.

They don’t need to try to break into your network. The other type of insider attack is when a user does not know they’re doing something dangerous, that they’re accidentally deleting files or accidentally clicking on a phishing email and installing that payload. They’re getting a vishing call. A vishing call is much like a spear phishing attack, but it’s over the phone. Someone calls and says they’re with IT and, hey, I’m going to email you this file. Please click on it, open it up. And they do, and it causes havoc on your network. It might be ransomware. These are different types of insider threats. We’ll be going over this, how to mitigate that.

But again, insider threat is someone on your network from within. And either they’re intentionally trying to damage your network or unintentionally trying to damage your network because they just don’t know. So these are typical attack methods. So reconnaissance, again, the first phase of hacking, typically a nonintrusive attack that is intended to gather information on the target. Virus and ransomware, typically destructive and malicious software that can be used to a variety of ends. Phishing and spear phishing attacks, an email attack vector that oftentimes will spoof an email address with an intention of the user to give up critical information, click a link, open a file, or take other actions.

HID attacks, the simplest attack is to arm a USB drive with a payload and leave it somewhere to be found. DOS or DDoS attacks, denial of service or distribute denial of service attacks, these can be used to crash a network or used as a distraction. Insider threats, insider threat can be an intentional insider threat, or it can be an unaware one. So wrapping up, not all attacks are destructive. With the case of reconnaissance phase of hacking, this is a prime example of a nondestructive attack. Multiple attacks for multiple reasons, an attacker can use a variety of attacks to achieve different goals. Not all participants are willing.

An unaware user can be an unwitting accomplice to bringing your network down or compromising it. So this was about typical attacks against your network. In the next video, we’ll be taking a look at denial of service attacks and DDoS attacks. Thank you for watching. I’ll see you in the next video.