S3-m1 Flashcards
The goal of a cyber security program is to…
manage the cybersecurity risks by securing and enhancing confidentiality, data integrity, and availability
Data breaches
Occur when information is compromised and utilized without the authorization of the owner. Examples of attack’s that can result in data breaches include ransomware, phishing, malware, comprised passwords
Service Disruptions
are unplanned events that cause a general system or major application to be inoperable for an unacceptable length of time
-malware
-distributed denial of service attacks (DDoS)
-SQL injections
Compliance Risk
Regulators can require organizations to comply with cybersecurity regulations. The failure to comply with these regulations can result in fines and financial penalties.
What is a cyber attack?
any kind of malicious activity that targets computer information systems, infrastructures, computer networks, or personal computer devices, and attempts to collect, disrupt, deny, degrade or destroy information system resources of the information itself.
Attacker, Threat Actor, or Hacker
Threat Agent
Individuals or groups of individuals known as hacking rings Advanced Persistent Threats (APTs) that target people or organizations to gain access to systems, networks, an data
Adversary
Threat Agent
These are actors with interests in conflict with the organization
Government-Sponsored Actors
Threat Agent
These threat actor are funded, directed, or sponsored by nations
Hacktivitis
Threat Agent
Groups of hackers that operate to promote certain social causes or political agendas
Insiders
Threat Agent
Employees who either organically develop into someone with malicious intentions or intentionally infiltrates an organization to achieve nefarious objectives
External Threats
Threat Agent
Threats that occur outside of the organization, entity, or individual that is the source of the cyberattack
Network-based Attacks
These attacks target the infrastructure of a network, including switches, router, servers, and cabling, with the intent to gain unauthorized access or disrupt operations for users
Backdoor and Trapdoors
Methods to bypass security access procedures by creating an entry and exit point to a network that is undocumented. Trapdoors are often installed by a system owners so they can bypass security measures to gain quick access, whereas backdoors may be intentionally installed or unintentionally left available due to product defects
Covert Channels
Mechanisms used to transmit data using methods not originally intended for data transmission by the system designers
-storage channels: data is transmitted by modifying a storage location
-timing channels: the delay in transmitting data packets is used to hide transmission
Buffer Overflows
Attackers overload a programs buffer, the temporary storage, with more input than it is designed to hold. This may cause the program to overwrite the memory of an application or cash
Denial of Service (DOS)
An attacker floods a systems network by congesting it with large volumes of traffic that are greater than the bandwidth it was designed to handle. This excess volume consumes the networks resources so that it cannot respond to service request
Distributed Denial of Services (DDoS) Attacks
These occur when multiple attackers or compromised devices are working in unison to flood an organizations network with traffic. These attacks manipulate the operation of network equipment and services in such a way that they may be more powerful
Man in the Middle (MITM) Attacks
Attacker acts as an intermediary between two parties intercepting communications, acting as a legitimate entity within a typical secure session. As info is passed between two parties, the attacker can read or redirect traffic.
Port Scanning Attacks
Scanning network for open ports is frequently done by attackers to find vulnerabilities that can be exploited.
-attack focuses on logical ports that are used for protocols such as TCP
-normal for companies to have open ports
-common vulnerabilities include unsecured protocols, unpatched protocols, poor login credentials
Ransomware Attacks
Typically come from malware that locks a user or a company’s operating systems, applications, and the ability to access data unless ransom is paid
Reverse Shell Attacks
“Connect back shells” - a victim initiates communication with an attacker from behind a company’s firewall so that the attacker can bypass the firewall and any other network safeguards and remotely control the victims machine.
Replay Attacks (eavesdropping)
A type of MITM attack in which a cybercriminal eavesdrops on a secure network communication, intercepts it, and then replays the message at a later time to the intended target to gain access to the network and the data that is behind the firewall
Spoofing
The act of impersonating someone or something to obtain unauthorized system access by using falsified credential or imitating a legitimate person or entity by using fake IP addresses, domains, or emails
-address resolution spoofing
-DNS Spoofing
-Hyperlink Spoofing
Application based attacks
Target specific software or applications such as databases or websites to gain unauthorized access or disrupt functionality.
-sql injections
-cross site scripting (XSS)
-race condition
-Mobile code: overwrite virus, multi partite virus, parasitic virus, polymorphic virus
Host Based Attacks
Target a single host such as a laptop, mobile device to disrupt functionality or obtain unauthorized access
-Brute force
-keystroke logging
-malware
-rogue mobile apps
Social Engineering Attacks
These attacks involve the use of psychological manipulation or deception to get employees to divulge sensitive information, provide unauthorized access, or assist an attacker in committing fraud. Interaction through email, text, direct messaging, or social media
-Phishing
-Spear Phishing
-Business Email Compromise BEC
-Catfishing
-Pharming
-Vishing
Physical (on-premise) Attacks
A security breach carried out on an organizations premises or performed in some way that physically involves a bad actor gaining control of sensitive data, hardware, and or software
-Intercepting Discard Equipment
-Piggybacking
-Targeted by attackers
-Tampering
-Theft
Supply Chain Attacks
Use cyber tactics to target the production and distribution of goods within a supply chain so that there are larger disruptions in the normal operations of a company, government, or other entity
-embedded software code
-Foreign sourced attacks
-Pre installed Malware on Hardware
-Vendor Attacks
-Watering Hole Attacks
Reconnaissance
Stages in a Cyberattack
Fist stage, attackers discover and collect as much information about the target IT system as possible. Information obtained may include the location of facilities, the type of network and infrastructure deployed, security measures in place, and the names of employees as well as the management hierarchy. Search for open ports
Gaining Access
Stages in a Cyberattack
The is the step in a cyberattack when the information collected in the previous steps is used to gain access to the target of an attack using a variety of techniques
Escalation of Privileges
Stages in a Cyberattack
Once unauthorized access into a system is obtained, attackers attempt to gain high levels of access in this stage. This may be done by obtaining the credentials of a user with higher privileges.
Maintaining Access
Stages in a Cyberattack
The attacker remains in the system for a sustained period of time until the attack is completed and looks for alternative ways to prolong access or return later
Network Explotation and Exfiltration
Stages in a Cyberattack
Attackers proceed with the objective of disrupting system operations by stealing sensitive data, modifying data, disabling access to systems or data, or preforming other malicious activities
Covering Tracks
Stages in a Cyberattack
This step occurs while the attack is in progress or after the attack is completed and involves the attacker concealing the entry or exit points in which access was breached.
-Clearing logs
-modifying logs and registry files
-removing all files
Additional Industry Exposure
Cloud Computing Risk
By nature of design, organizations subscribing to a clod provider may be exposed to other subscribing organizations and their unique industry risks. Cyber threats that one company might not be exposed to become a risk to the other companies that share the same cloud computing provider
Cloud Malware Injection Attacks
Cloud Computing Risk
An attack specific to cloud computing based systems in which an attacker gains access to the cloud environment and then injects malware so that data can be stolen, services disrupted, or further access gained.
Compliance Violations
Cloud Computing Risk
Cloud computing relies on third party hosts, and there is the other hosts or service providers do not have the security protocols and procedures in place to meet regulations or privacy and confidentiality.
Loss of Control
Cloud Computing Risk
Not having physical or logical access to computing equipment means an organization using cloud computing services will relinquish some control over its infrastructure. As a result changes or upgrades to the cybersecurity measures may not be timely or up to the standard
Loss of data
Cloud Computing Risk
The third party cloud computing services provider is susceptible, albeit less likely than most businesses, to data breaches, losing data, or exposing data
Loss of Visibility
Cloud Computing Risk
Loss of full visibility of the company’s IT infrastructure comes with a loss of control. The only entity that has full visibility is the cloud provider, which means the subscribing organization does not know all of its risks
Multi-cloud and Hybrid Management Issues
Cloud Computing Risk
A company subscribes to various cloud based solutions and or maintains some on premise IT infrastructure. May be challenging to integrate and monitor multiple environments which could make detecting a cyberattack difficult
Theft or Loss of Intellectual Property
Cloud Computing Risk
Cloud Applications store various types of data for companies, including proprietary information, and there is the risk that the service provider lacks sufficient controls over the data, which results in theft or loss of intellectual property.
Application Malware
Risks Related to Mobile Technologies
This threat occurs when a user downloads an app that appears to be ligit but gives an unauthorized user access to the device.
Lack of Updates
Risks Related to Mobile Technologies
There could be uninstalled patches and security fixes that have yet to be installed at a given point in time that leave the device vulnerable
Lack of Encryption
Risks Related to Mobile Technologies
many mobile devices are not encrypted and only rely on a passcode for secure access. Once access is gained, passwords can be rest on the web by using the victims email on the mobile device
Physical Threats
Risks Related to Mobile Technologies
Examples of physical threats include loss or theft
Unsecured Wi-fi networks
Risks Related to Mobile Technologies
Users of mobile devices often connect to public unsecured networks which means anyone on the same network could potentially access that device, steal sensitive info, or infect the device with malware
Location Tracking
Risks Related to Mobile Technologies
Unauthorized tracking is a risk that involves a threat actor using GPS tech to locate people, devices, or other assets
What is the Internet of Things (IoT)
Smart devices connected to the internet that provide automation and remote control for other devices in a home or office setting such as cameras, tablets, wearable devices.
Device Mismanagement
IoT Risks
Insufficient password controls and device mismanagement can increase the risk of a cyberattack. Loss of critical info
Device Spoofing
IoT Risks
When an attacker creates an illegitimate or phony device and introduces it to a company network, to gain info or network access
Escalated Cyberattacks
IoT Risks
IoT devices can be used as an attack base to infect more machines, or as an entry point for access into a connected network
Expanded Footprint
IoT Risks
IoT devices paired with other devices that are directly connected to a company’s core network expand the footprint of total devices under a company’s purview, thus increasing the number of points subjected to attack
Information Theft
IoT Risks
They have the potential for sensitive data to be stolen or exploited because that data is either stored in the cloud or on other devices
Outdated Firmware
IoT Risks
Attackers can intercept IoT firmware updates or manipulate firmware with known weaknesses to gain access and control a device.
Malware
IoT Risks
IoT networks and devices are susceptible to cyberattacks due to the often limited computing power among the individual devices connected to the network. ransomware
Network Attacks
IoT Risks
Threat actors can launch DoS attacks on IoT networks and devices just as they can with traditional networks.
What is threat modeling?
the process of identifying, analyzing, and mitigating threats to a network, system, or application. The goal is to understand all risks a system could face and develop controls and countermeasures to minimize the impact
Identify Assets
Phases of Threat Modeling
Inventorying all assets that need to be protected
Identify Threats
Phases of Threat Modeling
identifying the threat types and characteristics, such as intent, targeting, and potential method of attack
Perfom Reduction Analysis
Decomposing the asset being protected from the threat. The inent is to gain a greater understanding of how the asset interacts with potential threats whether they are systems, applications, or networks. Understanding trust and security changes, the flow of data, where input can be received, security clearances, and any related policies.
Analyze Impact of an Attack
Phases of Threat Modeling
Quantifying the impact of an attack in terms of dollars will help prioritize solutions. Understanding other qualitative effects should also be considered
Develop Countermeasures and Controls
Phases of Threat Modeling
this may include implementing security controls like intrusion detection systems, contingency plans, and security protocols in the event of a successful attack
Review and Evaluate
Phases of Threat Modeling
Periodically evaluating the threat model should be done so that updated can be made based on new risks in the threat landscape
Process for Attack Simulation and Threat Analysis (PASTA)
1.definition of the objectives (DO) for the analysis of risks
2. definition of the technical scope (DTS)
3. applications decomposition and analysis (ADA)
4. threat analysis (TA)
5. Weakness and vulnerability analysis (WVA)
6. attack modeling and simulation (AMS)
7. risk analysis and management (RAM)
Visual, Agile, and Simple Threat model (VAST)
based on the Agile project management methodology. Its goal is to integrate threat management into programming environment on a scalable basis
Spoofing, Tampering, Repudiations, Information Disclosure, Denial of service Attack, and Elevation of privilege threat model (STRIDE)
developed by Microsoft that is used for assessing threats related to applications and operating systems.
Cloud Security Alliances Cloud Controls Matrix
-provide security principles to guide cloud vendors
-assists prospective cloud customers in assessing the overall security risk of a cloud provider
-utilize industry accepted security standards, regulations, and controls frameworks such as COBIT, NIST, etc
