Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

DADA/Articles/st04_KnowYourEnemy.md

Go to file
 
 
Cannot retrieve contributors at this time
Phishing and Social Engineering Web Based attacks Web Application Attacks The Insider Threat Hardware issues Threat Actors Cyber Criminals Nation States Hacktivists / Cyber Fighters Script Kiddies
182 lines (136 sloc) 7.56 KB
Raw Blame
Open in GitHub Desktop
title
Know your enemy

We begin this week by outlining the most common types of threat a business or individual may face.

Malware is an umbrella term defining any software that is harmful to computers. It's a very broad brush term that covers a wide range of threats, including viruses, spyware, and other exploits.

Generally, malware involves installing some software onto a computer; this may be initiated by the user (i.e. the user installs a compromised version of a legitimate program), or through some other exploit (for example, a worm virus that infects computers over the network).

Below we discuss the common ways security threats such as Malware occour.

Phishing and Social Engineering

Hackers are like Vampires, and are usually need to be invited into our systems.

Having a user install the malware for us is the most common attack vector. Techniques such as Phishing try to trick a user into installing the rogue program. Phishing is a form of social engineering where we try to convince the target we are a legitimate account, service or person, and install the Malware onto their system for us.

It is claimed that around 90% of malware installations are due to Phishing. Personally I take this to include a broad definition of phishing including setting up fake websites or app-stores in the hope of luring people into installing software, rather than the more targeted approach.

Web Based attacks

Are the second most common vector (after Phishing) for installing malware. Web based exploits can also be an attack vector outside of directly attacking websites.

For example, browser based attacks such as clickjacking (injecting software into a website that affects a browsers behaviour), and cryptojacking (installing bitcoin mining software on vulnerable computers that visit a website) are common. Additionally, malware can be installed though malicious browser plugins, or making use of vulnerabilities in the browser itself.

One recent example of malware installed via a browser plugin comes from the "web development toolbar". The toolbar is a very well respected extension, that allows you to examine, and test the functionality on web pages. The author of the toolbar was the victim of a Phishing attack, which compromised his email account, and a malicious version of the toolbar was released. https://www.theregister.co.uk/2017/08/02/chrome_web_developer_extension_hacked/

Other web based vectors include Man In The Middle (MITM) attacks, where the network traffic is intercepted by a third party. This means that "secure" information you send to a site could be seen by a 3rd party. We will discuss methods of protecting against MITM, and eavesdropping in the cryptography section of the course.

Web Application Attacks

Previously we explored web application attacks, with the OWASP top 10. These attacks may not directly affect users of a website, but give the potential for information about users to be revealed though data breaches.

Web application attacks affect the operation of a website and can lead to exploitation or a data breach. Around 30% of data breaches involve vulnerabilities in web applications. Issues with Web applications that allow an attacker to comprimise can involve:

  • SQL (Structured Query Language) injection. Rated the Number 1 threat by OWSAP (51%)
  • File Includes vulnerabilities (35%)
  • XSS (Cross Site Scripting). Places malicious code on the site itself. (9%)
  • Content Management Systems (CMS). Such as WordPress
    • Newly discovered vulnerability affected ~2million sites.

Each of these attacks can lead either to a data breach, where information such as user details is revealed, or a full comprimise of the server, allwing the attacker to take control.

Another interesting trend in web application attacks is through Phishing. Compromised versions of software plugins have been used to gather information about a sites users. Two examples of organisations that have been exploited through the use of an insecure 3rd party plugin include:

  • British Airways
  • Ticketmaster

The Insider Threat

While not a direct threat for exploitation, the insider threat is still the 2nd most common cause of an incident within an organisation. This occurs when an employee uses their authorised access to harm the security of an organisation. While the majority of cases are unwilling (employees being Phished etc), there are still a number of cases when the employee maliciously exploits the systems.

Analysis shows that the majority of insiders tend to ignore security policies to speed productivity. For example they may:

  • Send files to personal accounts
  • Writing down passwords
  • Store data on media external to the organisation

Hardware issues

Security issues with hardware design have always been present, but came to prominence in 2018 with Spectre and Meltdown. These exploit the way the processor has been designed to allow an attacker to read parts of computer memory they should not have access to.

Hardware based issues can be difficult to fix retrospectively. If the flaw is with the physical design of the chip then there is little that can be done, and modifying the behaviour of the code running on the chip itself is difficult.

While not strictly a hardware on the hardware itself, a flaw in the firmware for the Broadcom WiFi chips left billions of devices open to attack. https://thehackernews.com/2017/04/broadcom-wifi-hack.html

Threat Actors

As well as the security flaws themselves, we also need to understand where the threats originate from.

Cyber Criminals

Cyber criminals, commit crime by targeting computers or networks, and can be either lone entities, or part of a larger organised group. Remain the most active threat in cyberspace, and are responsible for 2/3 of all registered incidents.

Analysis of recent trends shows that the behaviour of cyber criminals is becoming more organised, and trending toward monetisation of activity. This is evident in the increase in targeted attacks and data breaches in the business sector, and the rise of ransomware. One interesting trend is the increased number of Phishing campaigns targeting of high value targets, such as the CEO of organisations.

Nation States

Nation state hackers may either be part of an "cyber army" or individuals with a "Licence to Hack"

Organised hacking at a state level, with hackers working for a government to disrupt or compromise other governments, organisations or individuals. It is estimated that nation state hacking is responsible for 20% of all incidents.

This style of attack can include; spreading propaganda on social media, stealing national or industrial secrets, interfering with elections, or compromising the nuclear safety of a country.

https://www.csoonline.com/article/3218104/what-is-stuxnet-who-created-it-and-how-does-it-work.html

Hacktivists / Cyber Fighters

The hacking activist takes their political, religious or social cause onto the internet. This can range from defacing the website of a corporation they disagree with, to directly attacking the infrastructure of an organisation.

There are several large scale hacktivist groups (such as anonymous), that may adopt a cause. It could also be argued that some hacktivist groups are actually a front for nation state activity.

Script Kiddies

Script kiddies are our final threat, these are generally untrained hackers, making use of tools and scripts available on the internet. Generally they are responsible for simple, low impact cyber attacks. However, they can have a significant impact, for example the Talk Talk data breach was caused by teenage hacker using simple tools.