Attacks and Threats (Lecture 6)

Question 1

In identifying threats, what 4 key areas are broken down for assessment?

Answer 1

Hard Assets

Soft Assets

Threat Actors

Third Parties

Question 2

List some hard assets

Answer 2

Servers
Computers
Mobile Devices
Access Points
Routers
Firewalls
Server Rooms & Data Centres

Question 3

List some soft assets

Answer 3

Databases
Software
Personal data
Intellectual Property
Research
Employees
Reputation

Question 4

List types of threat actors ‘bad actors’, ‘Hackers’ or ‘Attackers’

Answer 4

Insider threats
Activist groups
Competitors
Disgruntled Customers
Accidental

Question 5

List some third parties (includes any third party organisations with system access

Answer 5

Supply Chain Organisations

Customers

Consultants

Question 6

What is the difference between a cyber attack and a cyber threat

Answer 6

A cyber attack is the deliberate exploitation of computer systems, technology-dependent enterprises and networks

Must be knowingly malicious and have victims

A cyber threat is any action which results in the compromise of confidentiality, availability and/or integrity of data or systems

Question 7

What is an attack surface?

Answer 7

It is the area of exposure to a given threat. Vary in size and availability to attack sources

Question 8

What is a network attack surface?

Answer 8

Vulnerabilities over an enterprise network, WAN or Internet

Network protocol vulnerabilities, such as those used for a DoS attack, disruption of communication links

Question 9

What is a software attack surface?

Answer 9

Vulnerabilities in application, utility or operating system code

Web-based applications are an example of a large software attack surface

Question 10

What is a human attack surface?

Answer 10

Vulnerabilities created by personnel or outsiders, such as social engineering, human error and trusted insiders

Question 11

Name 4 types (methods) of cyber attack

Answer 11

Interruption- DoS or DDoS attack, Ransomware

Interception - Sniffing

Modification - Man-in-the-middle, persistence

Fabrication - Invoice Fraud, Russian Bride, Stocks and Shares, Spanish Prisoner

Question 12

What does S.T.R.I.D.E stand for?

Answer 12

Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege

Microsoft developed threat categorisation scheme

Help to ensure all potential threats have been reviewed for each asset type and attack vector

Question 13

What is spoofing

Answer 13

An attack with the goal of gaining access to a target system using a falsified identity. When attackers spoof their identity as valid they can bypass filters and other defences

Used against IP and MAC addresses, usernames, security names, Wireless network SSID’s, email addresses

Question 14

What is tampering?

Answer 14

Any action resulting in the unauthorised changes or manipulation of data, whether in storage or transit

Used to falsify communications or alter static information

violates integrity as well as availability

Question 15

What is repudiation?

Answer 15

The ability for a user or attacker to deny having performed an action or activity

Often attackers engage in repudiation attacks to maintain plausible deniability so as to not be held accountable

Can also result in innocent third parties being blamed for violation.

Question 16

What is information disclosure?

Answer 16

The revelation or distribution of private, confidential or controlled information to external or unauthorised entities

Can include customer identity information, financial information or proprietary business operation details

Takes advantage of system design and implementation mistakes
(Failing to remove debugging code, leaving sample applications or test accounts

Question 17

What is DoS and DDoS?

Answer 17

An attack that attempts to prevent authorised/legitimate use of a resource

Can be done through flaw exploitation, connection overloading or traffic flooding

Does not necessarily result in full interruption to a resource. Could reduce throughput or introduce latency to hamper productive use of a resource

DoS attack originates from single machine whereas DDoS attacks originate from multiple attacking machines, often routed through other compromised machines

Question 18

What is Elevation of Privilege(s)?

Answer 18

An attack where a limited user account is transformed into an account with greater access privileges. Might be accomplished through theft or exploitation of credentials of a higher level account. Also achieved through exploiting vulnerabilities in a system such as privilege file access and scheduled jobs.

It is often required when attempting to set up persistent access to target systems and when looking to exfiltrate data

Question 19

Once STRIDE has been used to understand threats, what is the next step in the process?

Answer 19

Controls to prevent compromise

Monitoring to detect compromise

Question 20

Attackers can vary in which ways?

Answer 20

Motive
Technical efficiency
Financial backing
Organisation size
Available time/resources

Often have a favourite or preferred attack vector

Question 21

What is an APT

Answer 21

APT - Advanced Persistent Threat

Specific attackers which are organised, directed, well financed, patient, focus on remaining undetected

Can carry out long term attacks, waiting for outside influences or correct conditions for success (STUXNET)