**4.15 Denial-of-service attacks**

Denial-of-service (DoS) attacks as the name suggests deny users from accessing or using the service or system. This is mainly done by overwhelming the bandwidth, CPU, or memory wherein the access to the network of the victim machine or server offering the service gets denied. DoS attacks thus interrupt the service of a computer or network systems, making it inaccessible or too inferior in performance.

### **4.16 Distributed DoS**

In distributed DoS (DDoS) attacks, the victim is targeted from a large number of individual compromised systems simultaneously. The DDoS attacks are normally done with the help of botnets. The botmaster is the attacker who indirectly attacks the victim machine using the army of bots or zombies. The DDoS attacks occur when a large number of compromised systems act synchronously and are being coordinated under the control of an attacker in order to totally exhaust its resources and force it to deny service to its genuine users. It is the upsurge in the traffic volume that loads the website or server causing it to appear sluggish [2].

### **4.17 IoT-based attacks**

The last decade has seen exponential increase in the use of Internet of Things (IoT) that are smart devices used at home, organizations, and businesses. The issue with these IoT is its weak security as these devices are often overlooked when it comes to applying security patches that create lead-ins for attackers to seize these devices to infiltrate the networks. An IoT-based attack is any cyberattack that leverages a victim's use of IoT to sneak malware onto a network.

#### **4.18 Session hijacking**

In session hijacking, the hacker takes control of a session going on between two hosts. Session hijacking usually takes place in applications that use TCP with a sequence number prediction. With that sequence number, the attacker sends a TCP packet.

#### **4.19 Blended attacks**

A blended attack is a software exploit that encompasses a mixture of exploit techniques to attack and propagate threats, for example, viruses, worms, and Trojan horses.

#### **4.20 Website attacks**

Website attacks are targeting browser components that are at risk of being unpatched even when the browser is patched. SQL injection attacks are intended to target any website or web application that uses an SQL database such as MySQL, Oracle, etc. by taking advantage of the security flaws in the application's software. This attack is used to obtain and corrupt user's sensitive data.

#### **4.21 Mobile phone and VOIP threats**

Malware target mobile phones, VoIP systems, and the IP PBXs as these devices have plentiful published vulnerabilities. There are attack tools freely available on

**9**

**4.29 Pharming**

*Introductory Chapter: Computer Security Threats DOI: http://dx.doi.org/10.5772/intechopen.93041*

and simple even for a script kiddie.

**4.23 WPA2 handshake vulnerabilities**

**4.22 Wi-Fi eavesdropping**

Wi-Fi network.

**4.24 Insider attacks**

the first level of defense.

**4.25 Supply chain attacks**

ments in the supply network.

**4.26 Buffer overflows**

tion of the program.

**4.27 User to root attack**

**4.28 Man-in-the-middle attacks**

the Internet, and misusing these vulnerabilities makes these attacks too common

Wi-Fi eavesdropping is an attack used by network attackers to grab sensitive information of a target system. It is the act of silently listening on an unencrypted

The key reinstallation attack (KRACK) lets an attacker to decipher the network

One of the prevalent all-time computer security threats faced by any organization is from its own employees. Insider attacks are initiated by disgruntled employees of an organization. Insider usually has certain privileges to the data as well as rights on the systems and networks that they attack, giving them an advantage over external attackers. These attacks can be hard to prevent with firewalls, which are

A supply chain attack seeks to cause harm by targeting the least secured ele-

Buffer overflows are used to exploit programming glitches that do not take care of the buffer size. If a buffer is jam-packed beyond its size, the data overflows into the contiguous memory. This flaw gets smartly used by hackers to change the execu-

User to root attack is a case of privilege escalation where a user gains a higher privilege than that authorized. This is not a class of attack as such, and it is the process of any attack. Every attack will do activities the attacker is not privileged to do.

Man-in-the-middle attacks allow the hacker to snoop on the communication between two systems, affecting the privacy. A common method of doing this is to place the attacker at a point and redirect all the communication through the route

Pharming is a widespread online fraud that will automatically point to a nasty and illicit website by relaying the authentic URL. Even when the URL is correctly

that includes that hacker so that eavesdropping is possible by the hacker.

traffic on Wi-Fi routers. Every device connected to Wi-Fi, such as computers, smartphones, smart devices, and wearables, can be identified by the hacker.

the Internet, and misusing these vulnerabilities makes these attacks too common and simple even for a script kiddie.
