# Cyber Attacks ## What are Cyber Attacks Cyber attacks are deliberate actions taken by individuals or organizations to gain unauthorized access to computer systems, steal data, disrupt services, or cause damage. Cyber attacks target individuals, corporations, governments, and critical infrastructure. They range from simple automated scanning for vulnerable systems to sophisticated multi-stage operations conducted by nation-state actors over months or years. Understanding common attack types is essential for defending against them. ## Reconnaissance Before launching an attack, attackers typically gather information about their target. Passive reconnaissance involves collecting publicly available information without interacting directly with the target, such as looking up DNS records, examining job postings that reveal technology stacks, and reviewing social media profiles of employees. Active reconnaissance involves directly probing the target, such as port scanning to identify running services, version scanning to identify software versions with known vulnerabilities, and network mapping. ## Exploitation Attacks Exploitation attacks take advantage of vulnerabilities in software, hardware, or configurations to gain unauthorized access. SQL injection attacks insert malicious SQL code into input fields to manipulate database queries, potentially allowing attackers to extract, modify, or delete database contents. Cross-site scripting attacks inject malicious scripts into web pages that execute in other users' browsers. Buffer overflow attacks send more data than a program can handle, overwriting memory and potentially executing attacker-supplied code. Zero-day exploits target vulnerabilities that have not yet been discovered by the vendor and for which no patch exists. ## Password Attacks Password attacks attempt to discover or bypass authentication credentials. Brute force attacks try every possible password combination. Dictionary attacks try passwords from a list of common passwords and variations. Credential stuffing uses username and password combinations stolen from other breaches, exploiting the fact that many people reuse passwords across multiple services. Password spraying tries a small number of common passwords against many accounts to avoid account lockout. ## Man-in-the-Middle Attacks Man-in-the-middle attacks position the attacker between two communicating parties, allowing the attacker to intercept and potentially modify communications. ARP spoofing poisons ARP caches to redirect traffic through the attacker's machine. SSL stripping downgrades HTTPS connections to HTTP when the victim is not careful to verify they are on HTTPS. Rogue access points create fake WiFi networks that capture all traffic from devices that connect to them.