Attacks and Threats (Lecture 6) Flashcards
In identifying threats, what 4 key areas are broken down for assessment?
Hard Assets
Soft Assets
Threat Actors
Third Parties
List some hard assets
Servers Computers Mobile Devices Access Points Routers Firewalls Server Rooms & Data Centres
List some soft assets
Databases Software Personal data Intellectual Property Research Employees Reputation
List types of threat actors ‘bad actors’, ‘Hackers’ or ‘Attackers’
Insider threats Activist groups Competitors Disgruntled Customers Accidental
List some third parties (includes any third party organisations with system access
Supply Chain Organisations
Customers
Consultants
What is the difference between a cyber attack and a cyber threat
A cyber attack is the deliberate exploitation of computer systems, technology-dependent enterprises and networks
Must be knowingly malicious and have victims
A cyber threat is any action which results in the compromise of confidentiality, availability and/or integrity of data or systems
What is an attack surface?
It is the area of exposure to a given threat. Vary in size and availability to attack sources
What is a network attack surface?
Vulnerabilities over an enterprise network, WAN or Internet
Network protocol vulnerabilities, such as those used for a DoS attack, disruption of communication links
What is a software attack surface?
Vulnerabilities in application, utility or operating system code
Web-based applications are an example of a large software attack surface
What is a human attack surface?
Vulnerabilities created by personnel or outsiders, such as social engineering, human error and trusted insiders
Name 4 types (methods) of cyber attack
Interruption- DoS or DDoS attack, Ransomware
Interception - Sniffing
Modification - Man-in-the-middle, persistence
Fabrication - Invoice Fraud, Russian Bride, Stocks and Shares, Spanish Prisoner
What does S.T.R.I.D.E stand for?
Spoofing Tampering Repudiation Information Disclosure Denial of Service Elevation of Privilege
Microsoft developed threat categorisation scheme
Help to ensure all potential threats have been reviewed for each asset type and attack vector
What is spoofing
An attack with the goal of gaining access to a target system using a falsified identity. When attackers spoof their identity as valid they can bypass filters and other defences
Used against IP and MAC addresses, usernames, security names, Wireless network SSID’s, email addresses
What is tampering?
Any action resulting in the unauthorised changes or manipulation of data, whether in storage or transit
Used to falsify communications or alter static information
violates integrity as well as availability
What is repudiation?
The ability for a user or attacker to deny having performed an action or activity
Often attackers engage in repudiation attacks to maintain plausible deniability so as to not be held accountable
Can also result in innocent third parties being blamed for violation.
What is information disclosure?
The revelation or distribution of private, confidential or controlled information to external or unauthorised entities
Can include customer identity information, financial information or proprietary business operation details
Takes advantage of system design and implementation mistakes
(Failing to remove debugging code, leaving sample applications or test accounts
What is DoS and DDoS?
An attack that attempts to prevent authorised/legitimate use of a resource
Can be done through flaw exploitation, connection overloading or traffic flooding
Does not necessarily result in full interruption to a resource. Could reduce throughput or introduce latency to hamper productive use of a resource
DoS attack originates from single machine whereas DDoS attacks originate from multiple attacking machines, often routed through other compromised machines
What is Elevation of Privilege(s)?
An attack where a limited user account is transformed into an account with greater access privileges. Might be accomplished through theft or exploitation of credentials of a higher level account. Also achieved through exploiting vulnerabilities in a system such as privilege file access and scheduled jobs.
It is often required when attempting to set up persistent access to target systems and when looking to exfiltrate data
Once STRIDE has been used to understand threats, what is the next step in the process?
Controls to prevent compromise
Monitoring to detect compromise
Attackers can vary in which ways?
Motive Technical efficiency Financial backing Organisation size Available time/resources
Often have a favourite or preferred attack vector
What is an APT
APT - Advanced Persistent Threat
Specific attackers which are organised, directed, well financed, patient, focus on remaining undetected
Can carry out long term attacks, waiting for outside influences or correct conditions for success (STUXNET)
