Cybersecurity Attack Vectors

            
Cybersecurity Attack Vectors
├── 1. Buffer Overflow Attacks
│   ├── Stack Overflows
│   ├── String Overflows
│   ├── Heap Overflows
│   └── Integer Overflows
│
├── 2. Internal Attacks
│   ├── Emails
│   ├── Mobile Phones
│   ├── Instant Messengers
│   ├── FTP Uploads
│   ├── Dumpster Diving
│   └── Shoulder Surfing
│
└── 3. DoS (Denial of Service) Attacks
    ├── Ping of Death
    ├── Teardrop
    ├── SYN Flooding
    ├── Land Attacks
    ├── Smurf Attacks
    ├── UDP Flooding
    ├── Hybrid DoS Attacks
    ├── Application Specific Attacks
    └── Distributed DoS (DDoS) Attacks

When we talk about cybersecurity, one of the most important things to understand is how systems are attacked — these methods are known as attack vectors. In simple terms, an attack vector is the path or technique used by a hacker to break into a system or cause harm. In this unit, we’ll explore different categories of attack vectors that every IT or security student should know.
We’ll start with Buffer Overflow Attacks, which are more technical and involve manipulating memory to crash a system or take control of it — things like stack overflows, string overflows, and even heap or integer overflows fall under this.
Then we’ll move into Internal Attacks, which are all about threats that come from within the organization or through common user channels — like suspicious emails, mobile apps, instant messengers, and even physical methods like dumpster diving or shoulder surfing.
Finally, we’ll cover Denial of Service (DoS) Attacks, which are designed to overwhelm or crash systems so that real users can't access them. This includes notorious attacks like Ping of Death, SYN flooding, and even modern Distributed DoS (DDoS) methods that use multiple devices to attack at once.

Understanding Buffer Overflow Attacks

Definition: Occurs when more data is written to a buffer than it can hold, possibly overwriting critical memory and enabling code execution.

Types of Buffer Overflow Attacks

1. Stack Overflows

Mechanism: Overwrites return address on the stack using local buffer overflow.
Risk: Can redirect program execution to malicious code.
Unsafe functions: gets(), strcpy()

2. String Overflows

Mechanism: Unbounded input overflows fixed-size string buffer (null-terminated).
Impact: Can corrupt data, crash programs, or enable exploits.

3. Heap Overflows

Mechanism: Data exceeds allocated heap space, corrupts metadata or function pointers.
Impact: May alter program behavior or execute arbitrary code.

4. Integer Overflows

Mechanism: Arithmetic operations exceed variable limits, causing miscalculated buffer sizes.
Impact: Leads to buffer overflows during memory operations.

Protecting Against Buffer Overflow Attacks

Write Safe Code: Validate inputs and use secure functions.
Memory Safety Features: Use ASLR, non-executable memory, and DEP.
Analysis Tools: Employ static and dynamic code analysis tools.
Sandboxing: Restrict program capabilities to limit exploit impact.
Runtime Monitoring: Detect and stop abnormal memory behavior.

Real-World Examples of Buffer Overflow Attacks

Stack Overflow – Morris Worm (1988): Used buffer overflow in the finger service to spread malware.
String Overflow – Microsoft IIS Unicode Bug (2001): Caused full server compromise through long Unicode strings.
Heap Overflow – Microsoft GDI+ (2004): Allowed code execution via malicious image files.
Integer Overflow – Apple & Adobe: Integer overflows led to memory mismanagement and remote code execution.

Understanding Buffer Overflow Attacks

Buffer overflow attacks are a classic yet serious type of security vulnerability, especially in low-level languages like C and C++. These attacks happen when a program writes more data into a memory buffer than it was meant to hold. But why is that so dangerous?

In most systems, memory is organized in predictable ways. If too much data spills into the wrong place, it can overwrite critical information — like where the program should go next. In some cases, attackers can even insert their own code and take control of the program.

Types of Buffer Overflow Attacks

Let’s break down the different ways buffer overflows can happen, and how attackers use them.

1. Stack Overflows

The stack is where your program stores local variables and keeps track of function calls. It works like a stack of plates — last-in, first-out (LIFO). A stack overflow occurs when too much data is pushed onto this stack.

Attackers often aim to overwrite the return address stored on the stack.
They do this by overflowing a local buffer (like a character array) with their own data.
When the function finishes and tries to return, it jumps to the attacker's code instead of the original location.

This is one of the most common and dangerous types of buffer overflow. That’s why unsafe functions like gets() or strcpy() (which don’t check input size) are avoided in secure coding.

2. String Overflows

String overflows are a type of buffer overflow where unbounded input overflows a string buffer. These are especially common in C-style strings (null-terminated character arrays).

If a function copies too many characters into a fixed-size string buffer, it can overwrite nearby memory.
This can crash the program, corrupt data, or open up security holes — just like a stack overflow.

One of the first big internet worms — the Morris Worm — used string overflow to spread. That’s why functions like strncpy() and proper input validation are important.

3. Heap Overflows

The heap is used for dynamically allocated memory — the kind created with malloc() or new. Heap overflows happen when data written to the heap goes beyond its allocated space.

These don’t overwrite return addresses but can corrupt things like heap metadata or function pointers.
This allows attackers to change how the program works or even execute their own code.

Heap overflows are trickier to exploit than stack overflows, but just as dangerous. Luckily, modern protections like heap canaries help detect and prevent them.

4. Integer Overflows

Integer overflows occur when a calculation exceeds the maximum value a variable type can store. Alone, they aren’t buffer overflows — but they often lead to one.

For example, if a program calculates a buffer size using a multiplication that overflows, the result may be too small.
Then, when it tries to store a large amount of data in the too-small buffer, a buffer overflow happens.

These bugs are easy to overlook but can be a stepping stone to more serious vulnerabilities.

Protecting Against Buffer Overflow Attacks

Developers and security teams use several strategies to prevent buffer overflows. Here’s how they keep things safe:

1. Write Safe Code: Always check input sizes and use safer functions. Don’t blindly trust user input — always validate it!
2. Use Memory Safety Features: Techniques like ASLR (Address Space Layout Randomization) make it harder for attackers to predict where their code will land. Marking memory as non-executable also helps stop attacks.
3. Use Static and Dynamic Analysis Tools: These tools scan your code (either while writing or during testing) to catch buffer overflow bugs early.
4. Sandboxing: Running programs in a restricted environment limits damage if something goes wrong.
5. Monitor Runtime Behavior: Some systems watch how programs behave as they run. If something suspicious happens — like weird memory access — they can stop the program before it causes harm.

Real-World Examples of Buffer Overflow Attacks

These attacks aren’t just theoretical. Let’s look at some famous real-world cases where buffer overflows caused serious damage:

Stack Overflow – Morris Worm (1988): One of the first internet worms used a stack buffer overflow in the finger service on Unix to execute remote code and spread rapidly.
String Overflow – Microsoft IIS Unicode Bug (2001): A long Unicode string in a web request caused a buffer overflow in Microsoft’s web server, leading to full server compromise.
Heap Overflow – Microsoft Windows GDI+ (2004): A flaw in how Windows handled image files allowed attackers to execute code just by tricking users into opening a malicious JPG.
Integer Overflow – Apple's "goto fail" & Adobe Flash: Integer overflows in Apple and Adobe software caused memory mismanagement, leading to code injection via malicious video or network data.

These examples show that buffer overflow vulnerabilities can affect any system — from personal computers to massive web servers. That’s why secure coding, proper testing, and memory protection features are absolutely essential.

Internal Attacks

When we think of cyberattacks, we often picture hackers trying to break in from the outside. But surprisingly, some of the most serious security threats come from within the organization itself. These are known as internal attacks — and they’re especially risky because the attacker usually has legitimate access and is trusted.

Internal threats can come from employees, contractors, or even careless behavior. Let’s take a closer look at how common tools like emails, mobile phones, or even trash bins can be misused to compromise security.

Emails

Email is a vital tool for communication — and unfortunately, it’s also one of the easiest ways for insiders to cause damage.

An employee might attach confidential files and send them to a personal or competitor's email address.
Even well-intentioned staff can be tricked by phishing emails that appear to come from internal sources but are actually crafted to steal login credentials.

To stay protected, organizations rely on tools like email monitoring, employee training, and data loss prevention (DLP) systems.

Mobile Phones

Smartphones are everywhere — and while they make life easier, they also introduce security risks inside the workplace.

Someone could take pictures of confidential screens or documents.
Phones can be connected to computers via USB or Bluetooth to transfer data without permission.
Some apps, if granted access, could secretly record conversations or track keystrokes.

That’s why many companies use Mobile Device Management (MDM) solutions and limit phone use in sensitive areas.

Instant Messengers

Messaging tools like Slack, WhatsApp, or Microsoft Teams help teams communicate faster — but they can also become invisible routes for data leaks.

Someone inside the company could paste sensitive data into a private chat or group.
Attackers might use messenger tools to coordinate their activities during an internal breach.

Even innocent-looking messages or links can lead to serious issues if not properly monitored.

FTP Uploads

FTP (File Transfer Protocol) is used to transfer files quickly — but it can also be misused by insiders.

Someone might upload private company documents to an external FTP server under their control.
If FTP activity isn’t properly logged, these actions can go unnoticed for a long time.

Secure alternatives like SFTP, along with access control and logging, can help stop this kind of misuse.

Dumpster Diving

Not all threats involve computers. Dumpster diving means going through physical trash to find sensitive materials that were thrown away carelessly.

Someone could retrieve printed emails, reports, or even old USB drives from the trash.
Sticky notes with passwords or access codes can be a goldmine for attackers.

Simple steps like shredding documents and using secure disposal bins can prevent such risks.

Shoulder Surfing

Sometimes, all an attacker needs is to quietly watch someone at work. Shoulder surfing involves observing a person as they enter passwords, view sensitive data, or type private information — often without realizing they're being watched.

This can happen in shared offices, elevators, or even coffee shops.
Insiders might memorize or photograph what they see for later use.

Using screen privacy filters, auto-lock settings, and training employees to stay alert can reduce this kind of risk.

Bringing It All Together

Internal attacks aren’t always high-tech hacks — they’re often subtle, everyday actions that go unnoticed. What makes them dangerous is that the person involved often knows the system and already has access.

From emails and mobile devices to physical trash and peeking eyes, there are many ways an insider threat can take shape. That’s why building a strong defense means not just using the right tools, but also creating a culture of awareness among employees.

Internal Attacks

Internal Attacks: Security threats from within an organization by trusted insiders like employees or contractors.

Internal Threat Sources: Can arise from misuse of emails, phones, messengers, file uploads, or careless behavior.

Emails

Email Risks: Insiders may send confidential data or fall for phishing disguised as internal communication.

Mitigation: Use email monitoring, employee training, and data loss prevention systems.

Mobile Phones

Phone Risks: Can be used to capture confidential data or transfer files via USB/Bluetooth or malicious apps.

Mitigation: Enforce MDM policies and restrict usage in sensitive areas.

Instant Messengers

Messenger Risks: Sensitive data can be shared in chats or used by attackers to coordinate breaches.

Mitigation: Monitor internal communication channels for suspicious activity.

FTP Uploads

FTP Risks: Used to transfer confidential data to external servers without detection.

Mitigation: Use secure file transfer (SFTP), logging, and access controls.

Dumpster Diving

Physical Threats: Sensitive info like reports, USBs, or passwords may be retrieved from trash.

Mitigation: Shred documents and use secure disposal practices.

Shoulder Surfing

Visual Snooping: Attackers may observe passwords or sensitive data in public or shared spaces.

Mitigation: Use screen filters, auto-locks, and employee awareness training.

Understanding DoS (Denial of Service) Attacks

Imagine trying to enter a shop, but someone keeps blocking the doorway so customers can’t get in. That’s exactly what a Denial of Service (DoS) attack does to websites or online services — it overwhelms them with fake traffic or corrupted requests, preventing real users from accessing them.

DoS attacks come in various types, each targeting the system in a unique way. Let’s explore some of the most common kinds and how they work.

Ping of Death

Ping is a basic network tool that sends a small message to another computer to check if it’s reachable and how fast it responds. It’s like tapping someone on the shoulder to see if they’re there.

The Ping of Death attack sends very large or broken ping messages that a computer can’t handle properly. Normally, a computer easily responds to pings, but when bombarded with these oversized or damaged packets, it can freeze or crash. Imagine getting confusing or incomplete messages repeatedly until your brain just stops working—that’s what this attack does to a computer.

Teardrop Attack

Here, data packets are broken into fragments but not properly reassembled by the target system. When the system tries to put the pieces back together, it fails and may crash. It’s like trying to fit jigsaw pieces that simply don’t belong together — pretty frustrating, right?

SYN Flooding

This attack exploits how two computers start communication through a "three-way handshake." The attacker sends many half-open connection requests but never completes them. This leaves the server waiting, eventually running out of resources to serve legitimate users.

Step 1: Attacker sends a SYN request (saying "Hi!")
Step 2: Server replies with SYN-ACK ("Hi back!")
Step 3: Attacker never responds with ACK, leaving the server hanging

This keeps repeating until the server can’t handle any more real connections.

Land Attacks

A Land Attack fools a computer by sending a network request where the source and destination IP addresses are exactly the same. This confuses the system, making it try to communicate with itself over and over without stopping. It’s like calling your own phone number and getting stuck in an endless loop of ringing and answering your own call.

Smurf Attacks

This clever attack spoofs the attacker’s IP address and sends ping requests to multiple devices, asking them all to reply to the victim’s IP address. The victim is then flooded with replies from hundreds or thousands of devices.

The attacker sends an ICMP (ping) request to a broadcast address.
All devices on that network reply to the victim’s IP.
The victim is overwhelmed by responses they never requested.

UDP Flooding

In this attack, the target is flooded with numerous UDP packets sent to random ports. The system looks for applications to handle these packets but, failing to find any, sends back error messages that quickly consume resources.

Hybrid DoS Attacks

Some attackers combine several attack methods simultaneously — like SYN flooding mixed with ping floods or other techniques. These hybrid attacks are harder to detect because they use multiple strategies to overwhelm the system.

Application-Specific Attacks

These attacks target specific applications — such as a web server, database, or login page — rather than the entire network. They overload the part of the app that handles the most work, causing it to slow down or become unusable.

Distributed Denial of Service (DDoS) Attacks

DDoS attacks are like DoS attacks on steroids. Instead of one attacker, a network of many compromised devices (called a "botnet") flood the target simultaneously. Imagine hundreds of people trying to enter a small shop at once — no one else can get in, and the system collapses.

Thousands of infected computers usually participate in these attacks.
DDoS attacks can take down major websites, online stores, and even government services.

Protecting against DoS and DDoS attacks is essential because these attacks don’t just crash websites — they cost money, damage trust, and sometimes even disrupt critical services.

Understanding DoS (Denial of Service) Attacks

DoS Attack: Overwhelms websites or services with fake traffic or corrupted requests to block legitimate access.

Types of DoS Attacks: Various methods target systems differently to cause disruption.

1. Ping of Death: Floods system with oversized or malformed ping packets causing crashes or freezes.

2. Teardrop Attack: Sends fragmented packets that the system fails to reassemble, causing crashes.

3. SYN Flood: Sends many half-open connection requests, exhausting server resources.

Step 1: Attacker sends SYN request.
Step 2: Server replies with SYN-ACK.
Step 3: Attacker never completes handshake with ACK.

Effect: Server is left waiting, denying legitimate connections.

4. Land Attack: Sends packets with identical source and destination IPs, causing system to loop endlessly.

5. Smurf Attack: Spoofs attacker IP to send ICMP requests to multiple devices, flooding victim with replies.

Attacker sends ICMP to broadcast address.
Devices reply to victim’s IP.
Victim overwhelmed by traffic.

6. UDP Flood: Sends many UDP packets to random ports causing resource exhaustion from error replies.

7. Hybrid DoS: Combines multiple attack methods simultaneously to evade detection and increase impact.

8. Application-Specific Attack: Targets specific applications to overload and disrupt service.

9. DDoS Attack: Uses many compromised devices (botnet) to flood target, causing system collapse.

Thousands of infected computers participate.
Can disable major websites and services.

Protection Importance: DoS/DDoS attacks cause downtime, financial loss, reputational damage, and service disruption.