Types of Cyber Attacks on Each OSI Layer

Layer 1 — Physical
✔ Traffic eavesdropping

Layer 2 — Data Link
✔ MAC spoofing
✔ ARP spoofing
✔ VLAN hopping
✔ DHCP spoofing
✔ Rogue access points

Layer 3 — Network
✔ IP spoofing
✔ Manipulating routing tables
✔ ICMP redirect
✔ TCP/UDP flood (DDoS)
✔ SYN flood (DDoS)
✔ Smurf attack (DDos)

Layer 4 — Transport
✔ Lateral Movement
✔ TCP/UDP port scanning
✔ DNS poisoning
✔ TCP/UDP flood (DDoS)

Layer 5 — Session
✔Access control bypass
✔ Adversary-in-the-middle attack

Layer 6 — Presentation
✔Cracking encryption
✔Injection attacks
✔File inclusion vulnerabilities
✔Cross-site scripting (XSS)
✔Cross-site request forgery (CSRF)

Layer 7 — Application
✔Phishing
✔Password cracking
✔Buffer overflow
✔Format string attack

Layer 1 — Physical:
At this foundational layer, cyber attackers may engage in traffic eavesdropping, exploiting vulnerabilities in physical infrastructure such as cables or network devices to intercept data transmissions. By tapping into these communication channels, attackers can gather sensitive information without detection, potentially compromising data integrity and confidentiality.

Layer 2 — Data Link:
Within the data link layer, attackers can employ various techniques such as MAC spoofing, ARP spoofing, VLAN hopping, DHCP spoofing, and setting up rogue access points. These tactics allow attackers to manipulate network traffic, intercept communications, and gain unauthorized access to network resources, all by exploiting weaknesses in the link layer protocols and configurations.

Layer 3 — Network:
At the network layer, attackers may utilize IP spoofing to impersonate trusted entities, manipulate routing tables to redirect traffic to malicious destinations, launch ICMP redirect attacks to manipulate routing paths, and orchestrate various forms of DDoS attacks such as TCP/UDP floods and SYN floods to overwhelm network resources and disrupt service availability.

Layer 4 — Transport:
In the transport layer, attackers can engage in lateral movement within the network, probing for vulnerabilities and exploiting open ports through TCP/UDP port scanning. Additionally, they may perform DNS poisoning to redirect legitimate traffic to malicious destinations and perpetrate DDoS attacks by flooding targeted servers with excessive traffic.

Layer 5 — Session:
Attackers targeting the session layer may attempt to bypass access controls, gaining unauthorized entry into network sessions, or execute adversary-in-the-middle attacks to intercept and manipulate communication between parties. By exploiting vulnerabilities in session management mechanisms, attackers can compromise the confidentiality and integrity of data exchanges.

Layer 6 — Presentation:
Within the presentation layer, attackers may focus on cracking encryption algorithms to gain access to encrypted data, exploiting injection vulnerabilities to inject malicious code into data streams, exploiting file inclusion vulnerabilities to access sensitive system files, and launching attacks such as cross-site scripting (XSS) and cross-site request forgery (CSRF) to manipulate user interactions with web applications.

Layer 7 — Application:
At the application layer, attackers can employ a wide range of tactics including phishing to deceive users into disclosing sensitive information, password cracking to gain unauthorized access to accounts, exploiting buffer overflow vulnerabilities to execute arbitrary code, and leveraging format string attacks to manipulate program execution flow. These attacks target vulnerabilities in application logic and user input validation mechanisms, posing significant risks to data security and system integrity.