Cybersecurity Threat Types

Dr. Greg Bernstein

January 13th, 2021

Threat Types

Seven Broad Classes

From course text

  1. Malware
  2. Security Breaches
  3. DoS attacks
  4. Web Attacks
  5. Session Hijacking
  6. Insider Threats
  7. DNS Poisoning

Malware

Malware 1

From Malwarebytes: Malware

Malware, or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to systems.

Malware 2

From Malwarebytes: Malware

Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations. Like the human flu, it interferes with normal functioning.

Malware 3

From Malwarebytes: Malware

Malware is all about making money off you illicitly. Although malware cannot damage the physical hardware of systems or network equipment (with one known exception—see the Google Android section below), it can steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission.

Malware Types/Characteristics

  • Virus – self replicating and propagating
  • Trojan horse – pretends to be legitimate software
  • Spyware – for example key loggers, that report on your activities, such as what you type
  • Ransomware – Uses encryption to prevent you from accessing your data unless you pay
  • Logic bomb – Remains hidden until a criteria is met then does something bad

Most Common Trojan Horse?

Fake Anti Virus/Malware Software!!!!!!!

Compromising System Security

Attack

From the CISSP Study Guide

An attack is the exploitation of a vulnerability by a threat agent. In other words, an attack is any intentional attempt to exploit a vulnerability of an organization’s security infrastructure to cause damage, loss, or disclosure of assets. An attack can also be viewed as any violation or failure to adhere to an organization’s security policy.

Breach

From the CISSP Study Guide

A breach is the occurrence of a security mechanism being bypassed or thwarted by a threat agent. When a breach is combined with an attack, a penetration, or intrusion, can result. A penetration is the condition in which a threat agent has gained access to an organization’s infrastructure through the circumvention of security controls and is able to directly imperil assets.

Causes of Breaches

Exemplary not exhaustive

  • Security misconfiguration or lack of
  • Password cracking and related, e.g., credential stuffing
  • Social engineering
  • Phishing

More Threats

Denial of Service (DoS) Attacks

  • Goal prevent valid users from gaining access to or using a system or data
  • We will look at these at the different (OSI) layers in a network
  • Many are distributed, i.e., involved multiple machines

Accidental DoS?

Have you ever experienced an unintentional Denial of Service or Degradation of Service?

At which network layer(s) did it occur?

Web Attacks 1

OWASP Top Ten 1-4

  • A1: Injection
  • A2: Broken Authentication
  • A3: Sensitive Data Exposure
  • A4: XML External Entities Not applicable to us

OWASP Top Ten 5-7

  • A5: Broken Access Control
  • A6: Security Misconfiguration
  • A7: Cross-Site Scripting (XSS) A type of injection

OWASP Top Ten 8-10

  • A8: Insecure Deserialization
  • A9: Using Components with Known Vulnerabilities
  • A10: Insufficient Logging & Monitoring

Session Hijacking?

  • In the course text (pg 13) he is referring to TCP sessions
  • More common and important are “web sessions”. This threat and its remediation is discussed in the session management cheat sheet

Session Hijacking Implications

From OWASP

Once an authenticated session has been established, the session ID (or token) is temporarily equivalent to the strongest authentication method used by the application, such as username and password, passphrases, one-time passwords (OTP), client-based digital certificates, smartcards, or biometrics (such as fingerprint or eye retina).

Insider Threats

DNS Poisoning

  • The domain name system (DNS) is used to turn a URL (domain name) into an Internet Protocol (IP) address amongst other duties.
  • Compromising a part of the DNS can allow a one web site to impersonate another.
  • Such impersonations can lead to the theft of user credentials, etc…

DNS Issue?

End of news email mostly on SolarWinds hack…

Security Newsletter

Yes, its an issue!

Security Blog

Patching my Router

OpenWrt mitigation
// reveal.js plugins