⚠️ Security Threats & Attacks

Understand the most common cyber threats — how they work and how to defend against them.

🔍

💥 Network Attacks

Q1What is a DDoS attack?Intermediate▼

A DDoS (Distributed Denial of Service) attack floods a server, service or network with massive amounts of traffic from many sources simultaneously, overwhelming it until it becomes unavailable to legitimate users.

Unlike a DoS (single source), DDoS uses thousands/millions of compromised devices (a botnet) making it much harder to block.

Volume-based — Flood bandwidth with junk traffic (UDP floods, ICMP floods)
Protocol attacks — Exploit protocol weaknesses (SYN floods)
Application layer — HTTP request floods targeting web apps

💡 Defences include Cloudflare (absorbs traffic), rate limiting, firewalls, and having excess capacity. Even large companies like GitHub and Amazon have been hit.

Q2What is a Man-in-the-Middle (MITM) attack?Intermediate▼

A MITM attack occurs when an attacker secretly intercepts and possibly alters communication between two parties who believe they are communicating directly with each other.

Common scenarios:

Attacker on public Wi-Fi intercepts your HTTP traffic
ARP poisoning on a local network redirects traffic through attacker's machine
SSL stripping — downgrading HTTPS to HTTP

💡 HTTPS prevents most MITM attacks because the encryption can't be read without the private key. Never trust HTTP sites on public Wi-Fi — always use a VPN.

🎣 Social Engineering

Q3What is phishing?Beginner▼

Phishing is a cyberattack where criminals impersonate trusted entities (banks, tech companies, colleagues) via email, SMS or fake websites to trick victims into revealing passwords, credit card numbers or other sensitive information.

Email phishing — Fake email from "your bank" with a link to a fake login page
Spear phishing — Targeted attack personalised for specific individuals
Smishing — Phishing via SMS text messages
Vishing — Phishing via phone call

⚠️ Red flags: urgent language, mismatched sender domain, links that don't match the displayed text, requests for passwords or payment. Always check the actual URL before clicking.

Q4What is ransomware?Intermediate▼

Ransomware is malicious software that encrypts the victim's files, making them inaccessible. The attacker then demands a ransom (usually cryptocurrency) in exchange for the decryption key.

Famous examples: WannaCry (2017), NotPetya, Colonial Pipeline attack (2021).

Typically spreads via phishing emails with malicious attachments
Can also exploit unpatched software vulnerabilities
Once encrypted, files are extremely difficult to recover without the key

💡 Best defences: regular offline backups (so you can restore without paying), keeping software patched, and user security training.