What Is a Replay Attack?
Sometimes known as a man in the middle attack, a replay attack is a type of security issue in which a third party intercepts data transmissions with the purpose of making use of that data in some manner. Typically, this type of attack involves copying and possibly altering the data in some manner before releasing it for delivery to the intended recipient. This method can be used to collect login credentials or other information that is intended to be proprietary, and use that information to gain unauthorized access to additional data.
One of the more common examples of a replay attack involves capturing and making copies of login information. With this strategy, the hacker is able to intercept the data used to log into a network and capture a mirror image of that data. At a later time, the captured data can be used to log into that network, allowing the hacker to easily access, copy, and otherwise make use of any files or other data that can be opened and viewed using those credentials.
It is important to note that the hacker launching a replay attack does not necessary have to view the actual keystrokes or the passcodes that are captured. In many instances, making use of the captured image of the data is sufficient to gain access to the network. The only way to prevent the use of that image is to deactivate the captured login credentials and issue new credentials to the legitimate user, once the breach has been identified and closed.
The replay attack is known by a variety of other names, most of them having to do with the fact that the captured credentials can be used to appear as if a legitimate user is making use of them. At times, this type of malicious attack is known as a masquerade attack or even as a network attack. By any name, the end result is till the breach of security and the possible theft of proprietary data. Over time, various modes of encrypting the data so that capturing information during a transmission have been developed, including the use of scrambling technology that can only be unscrambled by users at each end of the legitimate transmission. A replay attack is not limited to use in corporate espionage; hackers may utilize this method to capture information from private users as well, including email login credentials, credit card numbers, and other type of proprietary data that can be used for illegal purposes.
One development is something that can't turn off updated definitions -- a new generation of virus scanners that tap into the cloud to pull in new definitions in real time. There are a lot of possibilities there.
One more thing. It's not enough to have a strict "virus scanner" anymore. One should also look for a package that cracks down on spyware, adware and malware in general. A lot of the techniques used to pull off a replay attack aren't strictly viruses -- they fall into the malware category and users are often tricked into authorizing their installation. A complete virus protection suite will alert the user that what he or she is about to install is malware and warn them against it.
Scary stuff, but keep in mind that good antivirus software can go a long way toward defeating such tactics. Make sure to do some research and find a package that is both highly rated and is updated often. Hackers are always coming up with new methods to pull information out of computers and virus software companies are always coming up with new ways to defeat those methods. It's a constant game and it's worth mentioning that the people must vulnerable to attacks are the ones who don't update their virus scanners regularly or don't have any protection at all.
Post your comments