← Back

🎯 Module 2: Network Threats

⚔️ Understanding Threat Actors, Attack Tools, and Network Attack Methodologies

CCNA Level Threat Analysis Malware Attack Vectors

📋 Overview

This module explores the various types of threats and attacks facing modern networks. Students will learn about different threat actors, their motivations, and the sophisticated tools they use. The module covers malware types, network attack categories, and evasion techniques used by cybercriminals.

Back to top

🔑 Key Terms

Threat

A potential danger to an asset such as data or the network itself.

Vulnerability

A weakness in a system or its design that could be exploited by a threat.

Attack Surface

The total sum of vulnerabilities in a system accessible to an attacker.

Exploit

The mechanism used to leverage a vulnerability to compromise an asset.

Malware

Malicious software designed to damage, disrupt, steal, or inflict harm on data, hosts, or networks.

Social Engineering

Access attack that manipulates individuals into performing unsafe actions or divulging confidential information.

Back to top

👤 Who is Attacking Our Network?

Types of Hackers

Type Description
White Hat Ethical hackers using skills for good, ethical, and legal purposes
Grey Hat Individuals who commit crimes but not for personal gain or to cause damage
Black Hat Criminals who violate security for personal gain or malicious reasons

Threat Actor Categories

  • Script Kiddies: Inexperienced hackers using existing tools
  • Vulnerability Brokers: Individuals who discover and sell vulnerabilities
  • Hacktivists: Politically motivated hackers
  • Cybercriminals: Profit-motivated attackers
  • State-sponsored Hackers: Government-backed threat actors
Risk Management

Four Ways to Manage Risk

  • Risk Acceptance - Accept the potential risk and continue operating
  • Risk Avoidance - Stop the activity that causes risk
  • Risk Reduction - Decrease risk through protective measures
  • Risk Transfer - Shift risk to third parties (insurance)
Back to top

🛠️ Threat Actor Tools

Evolution

Tool Sophistication vs Technical Knowledge

Attack tools have become more sophisticated and automated over time, requiring less technical knowledge to implement effectively.

Common Attack Tool Categories

  • Password crackers
  • Wireless hacking tools
  • Network security scanning tools
  • Packet crafting and sniffing tools
  • Rootkit detectors
  • Vulnerability scanners and exploitation tools
  • Forensic and debugging tools
  • Specialized hacking operating systems
Back to top

🦠 Malware

Virus

Spreads by inserting copies into other programs. Requires human help to spread and can lay dormant until activated.

Worm

Self-replicating malware that can run independently. Consists of enabling vulnerability, propagation mechanism, and payload.

Trojan Horse

Appears legitimate but contains malicious code. Types include remote-access, data-sending, destructive, and keylogger.

Ransomware

Currently dominant malware that denies access to systems/data and demands payment for release.

Spyware

Gathers information about users without their knowledge, often tracking browsing habits.

Adware

Displays annoying pop-ups to generate revenue, often bundled with legitimate software.

Detection

Common Malware Symptoms

  • Strange files, programs, or desktop icons appearing
  • Antivirus/firewall programs turning off
  • System freezing or crashing
  • Spontaneous email sending
  • Modified or deleted files
  • Increased CPU/memory usage
  • Network connectivity problems
  • Unknown processes or open ports
Back to top

🌐 Network Attack Categories

Reconnaissance Attacks

Information gathering phase that precedes other attacks:

  • Information queries (Google, whois)
  • Ping sweeps to find active IPs
  • Port scans (Nmap, SuperScan)
  • Vulnerability scanning (Nessus, OpenVAS)
  • Exploitation tools (Metasploit)

Access Attacks

Exploit vulnerabilities to gain unauthorized access:

  • Password attacks
  • Spoofing attacks (IP, MAC, DHCP)
  • Trust exploitation
  • Port redirection
  • Man-in-the-middle attacks
  • Buffer overflow attacks

DoS/DDoS Attacks

Disrupt network services through:

  • Overwhelming traffic quantity
  • Maliciously formatted packets
  • Distributed attacks using botnets
  • Buffer overflow exploitation

Social Engineering

Manipulate humans to compromise security:

  • Pretexting and phishing
  • Spear phishing and spam
  • Baiting and impersonation
  • Tailgating and shoulder surfing
  • Dumpster diving
Critical Insight

The Weakest Link

People are often the weakest link in cybersecurity. Social engineering attacks exploit human psychology rather than technical vulnerabilities, making security awareness training essential.

DDoS Attack Components

Component Description
Zombies Compromised hosts running malicious bot code
Bots Malware designed to infect hosts and communicate with handlers
Botnet Group of zombies controlled by handlers
Handlers Command-and-control servers controlling zombie groups
Botmaster Threat actor controlling the botnet and handlers

Evasion Techniques

  • Encryption and Tunneling: Hide or scramble malware files
  • Resource Exhaustion: Overwhelm security detection systems
  • Traffic Fragmentation: Split payloads into smaller packets
  • Protocol Misinterpretation: Exploit PDU handling flaws
  • Traffic Substitution: Obfuscate data using different encoding
  • Rootkits: Hide activities at the OS level
  • Proxies: Redirect traffic through intermediate systems
Back to top

✅ Quick Checks

  1. What are the three main categories of network attacks?
    Reconnaissance, Access, and DoS attacks.
  2. What is the difference between a virus and a worm?
    Viruses require a host program to run and human help to spread, while worms can run independently and self-replicate.
  3. What is currently the most dominant type of malware?
    Ransomware, which denies access to systems/data and demands payment.
  4. What is the weakest link in network security?
    People - social engineering exploits human psychology rather than technical vulnerabilities.
  5. What are the main components of a DDoS attack?
    Zombies, bots, botnets, handlers, and the botmaster.
Back to top

📝 Summary

  • Threat actors range from script kiddies to state-sponsored hackers with varying motivations
  • Attack tools have become more sophisticated while requiring less technical knowledge
  • Malware types include viruses, worms, Trojans, ransomware, spyware, and adware
  • Network attacks fall into three categories: reconnaissance, access, and DoS
  • Social engineering exploits human psychology and is often the weakest security link
  • DDoS attacks use botnets of compromised devices to overwhelm targets
  • Evasion techniques help attackers avoid detection by security systems
  • Risk management involves acceptance, avoidance, reduction, or transfer strategies
Back to top

References

  • Module 2: Network Threats - Introduction (Ch. 2.0)
  • Who is Attacking Our Network? (Ch. 2.1)
  • Threat Actor Tools (Ch. 2.2)
  • Malware (Ch. 2.3)
  • Common Network Attacks - Reconnaissance, Access, and Social Engineering (Ch. 2.4)
  • Network Attacks - Denial of Service, Buffer Overflows, and Evasion (Ch. 2.5)
Back to top