CNET 1105 Ch2

Security Vulnerabilities

• A security vulnerability is a software or hardware defect that can be exploited by malicious users.
• After a vulnerability is discovered, malicious users attempt to exploit it using an exploit, which is a program written to take advantage of the known vulnerability.

Software Vulnerabilities

• Software vulnerabilities are usually introduced by errors in the operating system or application code.
• Despite efforts to find and patch software vulnerabilities, new ones often surface.
• Companies like Microsoft and Apple release patches and updates frequently to address software vulnerabilities.
• In 2015, the SYNful Knock vulnerability was discovered in Cisco IOS, allowing attackers to gain control of enterprise-grade routers.
• To avoid exploitation, it's essential to verify the integrity of downloaded IOS images and limit physical access to authorized personnel.
• The goal of software updates is to stay current and avoid exploitation of vulnerabilities.
• Penetration testing teams and third-party security researchers, like Google's Project Zero, search for and patch software vulnerabilities before they can be exploited.

Hardware Vulnerabilities

• Hardware vulnerabilities are often introduced by hardware design flaws.
• An example is the design flaw in RAM memory, where constant changes to one capacitor can influence neighboring capacitors.
• The Rowhammer exploit was created based on this design flaw, allowing data to be retrieved from nearby address memory cells, even if they are protected.
• Hardware vulnerabilities are specific to device models and are not generally exploited through random compromising attempts.
• While hardware exploits are more common in highly targeted attacks, traditional malware protection and physical security are sufficient protection for everyday users.

Buffer Overflow

• Occurs when data is written beyond the limits of a buffer, a memory area allocated to an application.
• Can lead to system crashes, data compromise, or escalation of privileges.
• Happens when an application accesses memory allocated to other processes.

Non-Validated Input

• Malicious input can force a program to behave in an unintended way.
• Example: a maliciously crafted image file with invalid image dimensions can force a program to allocate buffers of incorrect sizes.
• Programs must validate input data to prevent exploitation.

Race Conditions

• Occurs when the output of an event depends on ordered or timed outputs.
• Becomes a vulnerability when the required ordered or timed events do not occur in the correct order or proper timing.
• Can lead to system crashes, data compromise, or escalation of privileges.

Weaknesses in Security Practices

• Developers should not create their own security algorithms, as it can introduce vulnerabilities.
• Use security libraries that have already been created, tested, and verified.
• Proper security practices, such as authentication, authorization, and encryption, are essential to protect systems and sensitive data.

Access-Control Problems

• Access control is the process of controlling who does what and ranges from physical access to equipment to dictating access to a resource.
• Improper use of access controls can create security vulnerabilities.
• Physical access to target equipment can overcome access controls, making encryption and restricted physical access essential to protect data.

Types of Malware

• Spyware: tracks and spies on the user, often includes activity trackers, keystroke collection, and data capture, and can modify security settings.
• Adware: automatically delivers advertisements, often bundled with legitimate software or Trojan horses, and can come with spyware.

Bots and Botnets

• Bot: malware designed to automatically perform actions, usually online, and can be harmless or malicious.
• Botnet: a network of infected computers programmed to quietly wait for commands from an attacker.

Ransomware

• Designed to hold a computer system or data captive until a payment is made.
• Encrypts data with a key unknown to the user, or takes advantage of system vulnerabilities to lock down the system.
• Spread through downloaded files or software vulnerabilities.

Scareware

• Designed to persuade the user to take a specific action based on fear.
• Forges pop-up windows that resemble operating system dialogue windows, conveying false messages about system risks.

Rootkits

• Designed to modify the operating system to create a backdoor for remote access.
• Take advantage of software vulnerabilities to perform privilege escalation and modify system files.
• Often, a computer infected by a rootkit must be wiped and reinstalled.

Viruses

• Malicious executable code attached to other executable files, often legitimate programs.
• Require end-user activation, can activate at a specific time or date, and can be harmless or destructive.
• Can mutate to avoid detection, and are now spread by USB drives, optical disks, network shares, or email.

Trojan Horses

• Malware that carries out malicious operations under the guise of a desired operation.
• Exploits the privileges of the user that runs it, and is often found in image files, audio files, or games.

Worms

• Malicious code that replicate themselves by independently exploiting vulnerabilities in networks.
• Can slow down networks, and can spread quickly over the network without requiring user participation.
• Share similar patterns, including an enabling vulnerability, a way to propagate, and a payload.

Man-In-The-Middle (MitM) Attacks

• Allow the attacker to take control over a device without the user's knowledge.
• Enable the attacker to intercept and capture user information before relaying it to its intended destination.

Man-In-The-Mobile (MitMo) Attacks

• A variation of man-in-the-middle, used to take control over a mobile device.
• Enable the attacker to capture user-sensitive information and send it to the attackers.

Social Engineering Attacks

• Social engineering is an access attack that manipulates individuals into performing actions or divulging confidential information.
• Social engineers exploit people's willingness to be helpful and their weaknesses.

Types of Social Engineering Attacks

• Pretexting: Attackers call individuals, lie to them, and attempt to gain access to privileged data.
  • Examples: Pretending to need personal or financial data to confirm the recipient's identity.
• Tailgating: Attackers quickly follow an authorized person into a secure location.
• Something for Something (Quid pro quo): Attackers request personal information from a party in exchange for something, like a free gift.
• Social engineers may use tactics like:
  • Appealing to the target's vanity.
  • Invoking authority using name-dropping techniques.
  • Appealing to the target's greed.

Phishing

• Phishing involves sending fraudulent emails that appear to be from a legitimate, trusted source.
• The goal of phishing is to trick recipients into installing malware or sharing personal/financial information.
• Phishing emails often use tactics like claiming a prize or reward to lure victims into clicking a link or providing sensitive information.
• Clicking on such links may redirect to a fake site that requests personal information or installs a virus on the device.

Spear Phishing

• Spear phishing is a highly targeted form of phishing that involves customizing emails to a specific individual.
• Attackers research their target's interests and behavior before sending the email.
• Spear phishing emails are tailored to the target's specific interests, increasing the likelihood of a successful attack.
• An example of spear phishing is an attacker posing as a car seller on a discussion forum, sending an email with a malware-laden link to the target.

Distributed Denial of Service (DDoS) Attack

• A DDoS attack is similar to a DoS attack but originates from multiple, coordinated sources.
• A DDoS attack can be carried out using a botnet, which is a network of infected hosts, also known as zombies.
• The zombies are controlled by handler systems.
• The zombies constantly scan and infect more hosts, creating more zombies and expanding the botnet.
• The attacker instructs the handler systems to make the botnet of zombies carry out a DDoS attack.
• The goal of the attack is to overwhelm the targeted system with traffic from multiple sources, making it difficult or impossible for it to function.