Difference Between DoS and DDoS Attacks Quiz

Cybersecurity Risk

• Identifying, mitigating, and managing cybersecurity risk is the core duty of cybersecurity to protect an organization's digital assets.
• Assessing risk is a critical function of a cybersecurity organization, essential for effective policies, security implementations, resource allocation, and incident response preparedness.

Cybersecurity Risk Approaches

• There are three approaches to implementing cybersecurity:
  • Compliance-based security: relies on regulations or standards to determine security implementations, leading to a "checklist" attitude towards security.
  • Risk-based security: identifies unique risks and designs security controls to address them, considering the organization's risk tolerance and business needs.

Types of Cyberattacks

Denial of Service (DoS)

• Symptoms of a DoS attack:
  • Inability to access a website
  • Delay in accessing online services
  • Huge delays in file opening on websites
  • Increased volume of spam emails
  • Degradation of performance of services
• Mitigation steps:
  • Routing malicious traffic
  • Using load balancers to avoid heavy traffic
  • Using intrusion detection systems
  • Using intrusion prevention systems
  • Using security firewalls
• Types of DoS attacks:
  • DNS server attack
  • HTTP server attack
  • ICMP flooding
  • Network attack or buffer overflow attack
  • Large name files attack
  • Ping of death attack
  • SYN flood attack on TCP handshake protocol
  • Shrew attack

Distributed Denial of Service (DDoS)

• A type of DoS attack where multiple sources of traffic are used to attack the victim server.
• DDoS attack is more lethal than DoS attack.
• Prevention of DDoS attacks is more difficult than normal DoS attacks.
• Types of DDoS attacks:
  • Connection-based application-layer attacks
  • Connectionless volumetric attacks from multiple botnets
  • State table exhaustion attacks
  • Other techniques used in DoS attacks

SQL Injection

• SQL injection is the second largest source of web application malicious attacks (21.6%).
• SQL injection attacks:
  • Get data from the SQL database server and send it to the hacker's computer.
• Most affected fields:
  • IT
  • Banks and e-transaction websites
  • Government websites

Spamming

• Spamming is the sending of junk mails and messages in bulk without consent.
• Used for spreading malware, viruses, phishing, Trojans, worms, and spyware.
• Widespread form of malicious attacks used to send unsolicited messages through different modes of messaging.
• Can result in severe loss and damage to public lives, societies, government systems, and other critical infrastructures.

Digital Property Misappropriation

• Illegal or fraudulent use of digital resources like software and digital content without permission.
• Over US$6 billion are misappropriated in the global economy annually.
• Laws, patents, copyrights, trademarks, and other rules are in force to safeguard digital property rights.
• Steps to safeguard digital properties include:
  • Data encryption
  • Digital access control
  • User controls
  • Others