2.0 Threats, Vulnerabilities, and Mitigation Flashcards
The entity responsible for an event that has an impact on the safety of another entity
– Also called a malicious actor
– Describes characteristics of the attacker
* Useful to categorize the motivation – Why is this attack happening?
– Is this directed or random?
2.0 Threat Actors
External entity
– Government and national security
* Many possible motivations
– Data exfiltration, philosophical, revenge, disruption,
war
* Constant attacks, massive resources
– Commonly an Advanced Persistent Threat (APT)
* Highest sophistication
– Military control, utilities, financial control
– United States and Israel destroyed 1,000 nuclear
centrifuges with the Stuxnet worm
Nation states
Runs pre-made scripts without any knowledge of what’s really happening
– Anyone can do this
* Motivated by the hunt
– Disruption, data exfiltration, sometimes philosophical
Can be internal or external – But usually external
* Not very sophisticated
– Limited resources, if any
* No formal funding
– Looking for low hanging fruit
Unskilled attackers/Script Kiddie
A hacker with a purpose
– Motivated by philosophy, revenge, disruption, etc.
* Often an external entity
– Could potentially infiltrate to also be an insider threat
* Can be remarkably sophisticated
– Very specific hacks
– DoS, web site defacing, private document release
* Funding may be limited
– Some organizations have fundraising options
Hacktivist
More than just passwords on sticky notes – Motivated by revenge, financial gain
* Extensive resources
– Using the organization’s resources against themselves
* An internal entity
– Eating away from the inside
* Medium level of sophistication
– The insider has institutional knowledge
– Attacks can be directed at vulnerable systems – The insider knows what to hit
Insider threat
Going rogue
– Working around the internal IT organization – Builds their own infrastructure
* Information Technology can put up roadblocks
– Use the cloud
– Might also be able to innovate
* Limited resources – Company budget
* Medium sophistication
– May not have IT training or knowledge
Shadow IT
Professional criminals
– Motivated by money
– Almost always an external entity
* Very sophisticated
– Best hacking money can buy
* Crime that’s organized
– One person hacks, one person manages the exploits,
another person sells the data, another handles customer support
* Lots of capital to fund hacking efforts
Organized crime
Client-based
– Infected executable
– Known (or unknown) vulnerabilities – May require constant update
Agentless
– No installed executable
– Compromised software on the server
would affect all users
– Client runs a new instance each time
Vulnerable software vectors
Patching is an important prevention tool – Ongoing security fixes
* Unsupported systems aren’t patched – There may not even be an option
* Outdated operating systems
– Eventually, even the manufacturer won’t help
* A single system could be an entry
– Keep your inventory and records current
Unsupported systems vectors
The network connects everything – Ease of access for the attackers – View all (non-encrypted) data
* Wireless
– Outdated security protocols (WEP, WPA, WPA2) – Open or rogue wireless networks
* Wired
– Unsecure interfaces - No 802.1X
* Bluetooth
– Reconnaissance, implementation vulnerabilities
Unsecure network vectors
Most network-based services connect over a TCP or UDP port
– An “open” port
* Every open port is an opportunity for the attacker – Application vulnerability or misconfiguration
* Every application has their own open port – More services expand the attack surface
* Firewall rules
– Must allow traffic to an open port
Open service ports
Most devices have default usernames and passwords – Change yours!
* The right credentials provide full control – Administrator access
* Very easy to find the defaults for your access point or router – https://www.routerpasswords.com
Default credentials
amper with the underlying infrastructure – Or manufacturing process
* Managed service providers (MSPs)
– Access many different customer networks from one
location
* Gain access to a network using a vendor – 2013 Target credit card breach
* Suppliers
– Counterfeit networking equipment
– Install backdoors, substandard performance and availability – 2020 - Fake Cisco Catalyst switches
Supply chain vectors
ocial engineering with a touch of spoofing – Often delivered by email, text, etc.
– Very remarkable when well done
* Don’t be fooled – Check the URL
* Usually there’s something not quite right – Spelling, fonts, graphics
Phishing
We trust email sources
– The attackers take advantage of this trust
* Spoofed email addresses
– Not really a legitimate email address – professor@professormessor.com
* Financial fraud
– Sends emails with updated bank information – Modify wire transfer details
* The recipient clicks the links
– The attachments have malware
Business email compromise
How are they so successful?
– Digital slight of hand - It fools the best of us
* Typosquatting
– A type of URL hijacking - https://professormessor.com
* Pretexting - Lying to get information
– Attacker is a character in a situation they create
– Hi, we’re calling from Visa regarding an automated payment
to your utility service…
Tricks and misdirection