Cybersecurity Threat Types
Dr. Greg Bernstein
January 13th, 2021
Threat Types
Seven Broad Classes
From course text
- Malware
- Security Breaches
- DoS attacks
- Web Attacks
- Session Hijacking
- Insider Threats
- DNS Poisoning
Malware
Malware 1
Malware, or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to systems.
Malware 2
Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations. Like the human flu, it interferes with normal functioning.
Malware 3
Malware is all about making money off you illicitly. Although malware cannot damage the physical hardware of systems or network equipment (with one known exception—see the Google Android section below), it can steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission.
Malware Types/Characteristics
- Virus – self replicating and propagating
- Trojan horse – pretends to be legitimate software
- Spyware – for example key loggers, that report on your activities, such as what you type
- Ransomware – Uses encryption to prevent you from accessing your data unless you pay
- Logic bomb – Remains hidden until a criteria is met then does something bad
Most Common Trojan Horse?
Fake Anti Virus/Malware Software!!!!!!!
Compromising System Security
Attack
From the CISSP Study Guide
An attack is the exploitation of a vulnerability by a threat agent. In other words, an attack is any intentional attempt to exploit a vulnerability of an organization’s security infrastructure to cause damage, loss, or disclosure of assets. An attack can also be viewed as any violation or failure to adhere to an organization’s security policy.
Breach
From the CISSP Study Guide
A breach is the occurrence of a security mechanism being bypassed or thwarted by a threat agent. When a breach is combined with an attack, a penetration, or intrusion, can result. A penetration is the condition in which a threat agent has gained access to an organization’s infrastructure through the circumvention of security controls and is able to directly imperil assets.
Causes of Breaches
Exemplary not exhaustive
- Security misconfiguration or lack of
- Password cracking and related, e.g., credential stuffing
- Social engineering
- Phishing
More Threats
Denial of Service (DoS) Attacks
- Goal prevent valid users from gaining access to or using a system or data
- We will look at these at the different (OSI) layers in a network
- Many are distributed, i.e., involved multiple machines
Accidental DoS?
Have you ever experienced an unintentional Denial of Service or Degradation of Service?
At which network layer(s) did it occur?
Web Attacks 1
- Web sites, apps, systems, etc are a prime target (why?)
- Extensive resources on securing and testing: Open Web Application Security Project
- Cheat Sheet Series is particularly good for web developers
- OWASP Top 10 Web Application Security Risks
OWASP Top Ten 1-4
- A1: Injection
- A2: Broken Authentication
- A3: Sensitive Data Exposure
- A4: XML External Entities Not applicable to us
OWASP Top Ten 5-7
- A5: Broken Access Control
- A6: Security Misconfiguration
- A7: Cross-Site Scripting (XSS) A type of injection
OWASP Top Ten 8-10
- A8: Insecure Deserialization
- A9: Using Components with Known Vulnerabilities
- A10: Insufficient Logging & Monitoring
Session Hijacking?
- In the course text (pg 13) he is referring to TCP sessions
- More common and important are “web sessions”. This threat and its remediation is discussed in the session management cheat sheet
Session Hijacking Implications
From OWASP
Once an authenticated session has been established, the session ID (or token) is temporarily equivalent to the strongest authentication method used by the application, such as username and password, passphrases, one-time passwords (OTP), client-based digital certificates, smartcards, or biometrics (such as fingerprint or eye retina).
Insider Threats
- Disgruntled or compromised employees
- Naive or untrained employees
- Contractors, partners, etc…
- Example article The Dark Triad and Insider Threats in Cyber Security. Gives a bit of an overview of insider threats then relates to personality traits.
DNS Poisoning
- The domain name system (DNS) is used to turn a URL (domain name) into an Internet Protocol (IP) address amongst other duties.
- Compromising a part of the DNS can allow a one web site to impersonate another.
- Such impersonations can lead to the theft of user credentials, etc…
DNS Issue?
End of news email mostly on SolarWinds hack…
Yes, its an issue!
Patching my Router
DNSmasq Vulnerabilities Links
- DNSpooq: Cache Poisoning and RCE inPopular DNS Forwarder dnsmasq, technical white paper.
- The A Register, security blog
- OpenWrt Security Advisory, Report and mitigation procedure.
- An Illustrated Guide to the Kaminsky DNS Vulnerability