Malicious Attacks, Threats and Vulnerabilities
Keystroke Logger
Can be software or Hardware (USB etc.) Records every keystroke to a text Logfile and then EMAILS it or sends it out to the "Hacker".
Grey Hat Hackers
Can go BLACK hat or white hat. Will sell vulnerabilities to companies or to other hackers depending on the $$
Protocol Analyzers
packet sniffer (or just sniffer) software program that enables computer to monitor & capture network traffic, whether on LAN or wireless network. Attackers can capture and compromise passwords and cleartext data Ex. Wireshark & TCPDUMP
Worm
self contained program that REPLICATES and spreads across networks on it's own. Does NOT NEED A HOST PROGRAM (like a virus does)
Pharming
"Poisoning a DNS Cache on a target network to direct users to an imposter website to gather information" DNS: www.mybank.com = 201.11.11.22 --> 22.111.44.201
Exploit Software
Application that incorporates known software vulnerabilities, data, and scripted commands to "exploit" a weakness in a computer system or IP host device. It is a program that can be used to carry out some form of malicious intent Metaspliot
Brute Force Cracking
Attack Software tries every possible character combination until the "cracked" password succeeds in granting access. John the Ripper
Malicious Attacks
Attack on Computer System or Network that succeeds by exploiting vulnerability in system. Examples: • Brute-Force Password Attacks • Dictionary Password Attacks • Man-In-the-Middle Attack • Social Engineering • Phishing • Pharming
Phishing
Attack, usually EMAIL based, where target is tricked into sending info or opening an infected attachment or going to fake website to give information.
Man in the Middle attack
Attacker inserts themselves in between the victim and the other party (web site or PC etc.). Victim thinks they are talking directly to target when they are actually going through attacker. Complex attack using MAC spoofing/IP Spoofing or DNS Poisoning.
Social Engineering
Authorized use of organization's systems User has legit access to Info they use Bypassing security and control processes User knows security and kills cameras or firewalls etc. Comprised accounts Make Bogus accounts or steal others
Who are the attackers?
China • Source of 30%+ of all Cyber attacks - USA Number 1 target Brazil • Poverty and the use of phone/ online payment systems Russia • US Political Party Hacking...etc. United States • Home of "Anonymous" (Maybe) - and Stuxnet (Probably) Iran India Romania • Ramnicu Valcea - "Hackerville"
Unintentional Insider Threat
Current or former employee who has or has had authorized access to organization's network and who, through action or inaction without malicious intent, causes harm or substantially increases probability of future serious harm to "CIA" of Organization.
Countermeasures against Malware
Create an Employee/User Education Program to keep them aware of how Malware infects. Keep users up to date on Malware News/Trends Never transfer files from unknown sources with no antivirus installed Test new files and software on a "quarantined" computer (a sandbox) Install Anti-Malware software on all hosts. KEEP IT UP TO DATE! Use secure logon and password policies (change passwords often)
Spear Phishing
Directed attack at a specific target where known information is used as bait
Dictionary password attack
Hackers try shorter and simpler combinations from a dictionary file, because such passwords are so common. In Forensics can create dictionary from subject's entire hard drive. ophcrack
White hat Hackers
Information Security Professional Penetration tester Conduct operations with AUTHORIZATION. Help protect systems by Hacking Them.
DDOS Example: BOTNET Attacks
Largest known BotNet: BREDOLAB 30 Million+ computers used to send SPAM email -- operators leased out large chunks for use to Other Users -- Reportedly Made over $190K a month in 2010.
Cryptolocker Malware
Malware that encrypts data or entire computer. Holds the data "HOSTAGE" until bitcoin ransom is paid. Upon payment a decryption key "MAY BE" send to rescue your data.
TROJAN HORSE (Trojan)
Malware that masquerades like useful program. (Ex. Email attachment, simple game app etc.) Need to be run by a user and spread by users. (not a Virus)
Script Kiddie
NOT SKILLED. Just vindictive. Teen based revenge hackers. Use Premade Hacks or "SCRIPTS" and run against easy targets. These types of hackers love to target online video game networks, or other gamers.
Denial of Service (DoS)
One Attacker & Internet connection targeting single system or resource - attacking System Flaw to take resource down. Low Level threat - Patch system/Update Firmware on Hardware
BLACK HAT Hackers
Security Breakers No Authorization Exploiters General Bad Guys Very Computer Smart and Skilled. Respect SKILL
Firewalls
Software or Hardware will detect traffic both INTO your network and OUT OF YOUR NETWORK. Could Signal an early attack or infection.
Vulnerability Scanners
Software program that is used to identify and, when possible, verify vulnerabilities. From this info, vulnerability scanner compares known software vulnerabilities in its database with what it has just found. NESSUS, METASPLOIT, OPEN VAS CVE's can be FREE and COMMUNITY or PAID ..subscription based..$$$
DOS Example: SYN FLOOD ATTACK
TCP 3-Way Hand Shake Target waits for "ACK" response but never gets one. These PENDING requests fill up targets Buffer potentially causing DOS for legit traffic
Port Scanners / OS Fingerprint Scanners
Tool used to scan IP host devices for open ports. Gives intel on if a machine exists as well as what possible vulnerable services are running. OS "Fingerprint" Scanners - Can tell by the returned results of a Port Scan what OS the target host is running. -Gives attakers Intel on what possible vulnderabilities there are on target hosts. Ex. NMAP
Distributed Denial of Service (DDoS)
Use of Hundreds or Thousands of computers to overwhelm a system. •Often uses BOTNETS to do the attacking. •This can take down entire sites etc
Insider threat
malicious criminal who has or had legitimate access to organization's computing environment, & has intentionally exceeded or intentionally used access in manner that negatively affected confidentiality, integrity, or availability of organization's information or information systems
What are Cyber Security Pros Protecting ?
• Customer Data • PII (Personally Identifying Information) of Customers & Employees • IT assets & network infrastructure • Intellectual Property • Patents, Plans, Source Code, Formula's etc. • Financial Data • Bank Accounts, Credit Card Info • Service availability • Up Time of Services to Do what they are supposed to do (Availability) • REPUTATION • Potentially most valuable of all resources. Hardest to gain back..