IT Security Attacks and Countermeasures PDF

Summary

This document covers various IT security threats and countermeasures, including malware, social engineering, and password attacks. It explores topics such as malware symptoms, types of malware, and methods of infiltration, providing insights into protecting organizations from cybersecurity risks.

Full Transcript

IT Security and Risk
Management

2.0 IT Security Attacks and Countermeasures

INFORMATION SYSTEMS &
1 COMPUTER SCIENCE
 IT Security Attacks and Countermeasures
2.1 Information Security Threats
2.2 Protecting the Organization

INFORMATION SYSTEMS &
2 COMPUTER SCIENCE
 Information Security Function to Business
Protecting the organization’s ability to function
Protecting the data and information the organization collects and
uses, whether physical or electronic
Enabling the safe operation of applications running on the
organization’s IT systems
Safeguarding the organization’s technology assets

INFORMATION SYSTEMS &
3 COMPUTER SCIENCE
 Types of Sources of Threats
Adversarial
Threats from individuals, groups,
organizations or nations.
Accidental
Actions that occur without a malicious
intent.
Structural
Equipment and software failures.
Environmental
External disasters that can be either
natural or human-caused, such as fires
and floods.
INFORMATION SYSTEMS &
4 COMPUTER SCIENCE
 Malware
Any code that can be used to steal data, bypass access controls, or
cause harm to or compromise a system

INFORMATION SYSTEMS &
5 COMPUTER SCIENCE
 Guess the Malware

INFORMATION SYSTEMS &
6 COMPUTER SCIENCE
 Types of Malware
Designed to track and spy on you
Monitors your online activity and can log every key you
press on your keyboard
Capture almost any of your data, including sensitive
personal information such as your online banking details.

Often installed with some versions of software
Designed to automatically deliver advertisements to a user,
most often on a web browser.

INFORMATION SYSTEMS &
7 COMPUTER SCIENCE
 Types of Malware

Used to gain unauthorized access by bypassing the normal
authentication procedures to access a system
Hackers can gain remote access to resources within an
application and issue remote system commands

Designed to hold a computer system or the data it contains
captive until a payment is made
Usually works by encrypting your data so that you can’t
access it

INFORMATION SYSTEMS &
8 COMPUTER SCIENCE
 Types of Malware

Uses 'scare’ tactics to trick you into taking a specific action
Mainly consists of operating system style windows that pop
up to warn you that your system is at risk and needs to run
a specific program for it to return to normal operation

Designed to modify the operating system to create a
backdoor, which attackers can then use to access your
computer remotely
Take advantage of software vulnerabilities to gain access
to resources that normally shouldn’t be accessible

INFORMATION SYSTEMS &
9 COMPUTER SCIENCE
 Types of Malware

A type of computer program that, when executed,
replicates and attaches itself to other executable files, such
as a document, by inserting its own code

Carries out malicious operations by masking its true intent
Exploit your user privileges and are most often found in
image files, audio files or games

Malware that runs by itself and replicates itself to spread
from one computer to another

INFORMATION SYSTEMS &
10 COMPUTER SCIENCE
 Symptoms of Malware
An increase in CPU usage
Computer freezing or crashing often
A decrease in your web browsing speed
Unexplainable problems with your network connection
Modified or deleted files
Presence of unknown files, programs or desktop icons
Unknown processes running
Programs turning off or reconfiguring themselves
Emails being sent without your knowledge and consent
INFORMATION SYSTEMS &
11 COMPUTER SCIENCE
 Methods of Infiltration

INFORMATION SYSTEMS &
12 COMPUTER SCIENCE
 Social Engineering
PRETEXTING
This is when an attacker calls an individual and lies to them in
an attempt to gain access to privileged data.

TAILGATING
This is when an attacker quickly follows an authorized person
into a secure, physical location.

SOMETHING FOR SOMETHING
This is when an attacker requests personal information from a
person in exchange for something, like a free gift.
INFORMATION SYSTEMS &
13 COMPUTER SCIENCE
 Denial of Service (DoS)

OVERWHELMING QUANTITY OF TRAFFIC
This is when a network, host or application is sent an
enormous amount of data at a rate which it cannot handle.

MALICIOUSLY FORMATTED PACKETS
When a maliciously formatted packet is sent, the receiver
will be unable to process/ handle it.

INFORMATION SYSTEMS &
14 COMPUTER SCIENCE
 Distributed Denial of Service (DDoS)
Similar to a DoS attack but
originates from multiple,
coordinated sources
Example
An attacker builds a network
(botnet) of infected hosts called
zombies, which are controlled by
handler systems.
The zombie computers will
constantly scan and infect more
hosts, creating more and more
zombies.
When ready, the hacker will
instruct the handler systems to
make the botnet of zombies
carry out a DDoS attack INFORMATION SYSTEMS &
15 COMPUTER SCIENCE
 Botnet
A group of computers
which have been
infected by malware and
have come under the
control of a malicious
actor
These bots can be
activated to distribute
malware, launch DDoS
attacks, distribute spam
email, or execute brute-
force password attacks

INFORMATION SYSTEMS &
16 COMPUTER SCIENCE
 On-Path Attacks
Happens when a cybercriminal takes control of a device
without the user’s knowledge.
The attacker, then, intercepts and captures user information
before it is sent to its intended destination.

Type of attack that takes control over a user’s mobile device.
The mobile device, then, exfiltrate user-sensitive information
and sends it to the attacker.

INFORMATION SYSTEMS &
17 COMPUTER SCIENCE
 SEO Positioning

Attackers take advantage of popular search
terms and use SEO to push malicious sites
higher up the ranks of search results INFORMATION SYSTEMS &
18 COMPUTER SCIENCE
 How will you respond?
You’re enjoying your lunch in the canteen when a colleague
approaches you. They seem distressed.
They explain that they can’t seem to connect to the public Wi-Fi on
their phone and ask if you have the private Wi-Fi password to
hand so that they can check that their phone is working.
How will you respond? Choose 1 of the 3 choices.
“ Yes, of course. Give me your phone and I’ll put it on for you.
“Mmm… I’m not sure if we’re allowed to use private Wi-Fi network.
Let me check with my manager first.
Sure. It’s P@ssw0rd*-!

INFORMATION SYSTEMS &
19 COMPUTER SCIENCE
 Wi-Fi Password Cracking

Brute-force Attack
Testing possible combinations to
try and guess a password
Network Sniffing
Identify unencrypted passwords
by listening in and capturing
packets sent on the network
If a password is encrypted, they
may still be able to reveal it using
a password cracking tool

INFORMATION SYSTEMS &
20 COMPUTER SCIENCE
 Password Attacks
PASSWORD SPRAYING
This technique attempts to gain access to a system by ‘spraying’ a
few commonly used passwords across a large number of accounts
For example, a cybercriminal uses 'Password123' with many
usernames before trying again with a second commonly-used
password, such as ‘qwerty.’

DICTIONARY ATTACKS
A hacker systematically tries every word in a dictionary or a list
of commonly used words as a password in an attempt to break
into a password-protected account.
INFORMATION SYSTEMS &
21 COMPUTER SCIENCE
 Password Attacks
RAINBOW ATTACK
Compares the hash of a password with those stored in the
rainbow table. When an attacker finds a match, they identify
the password used to create the hash
A rainbow table is a large dictionary of precomputed hashes
and the passwords from which they were calculated.

TRAFFIC
INTERCEPTION

BRUTE FORCE ATTACK INFORMATION SYSTEMS &
22 COMPUTER SCIENCE
 Cracking Time
We have to make sure that the password is strong enough to
withstand their attack!
Take a look at the following passwords. Indicate the correct order
according to how long you think it would take an attacker to crack
each one using brute-force.

a. K4km9n2R 3

b. H$1gh#7iD@3 4

c. 3trawberry 2

1 INFORMATION SYSTEMS &
23 d. Password COMPUTER SCIENCE
 Advanced Persistent Threats (APT)

A multi-phase, long term, stealthy
and advanced operation against a
specific target.
Main purpose is to deploy
customized malware on one or
more of the target’s systems and
remain there undetected
Usually, well-funded and typically
targets organizations or nations
for business or political reasons.

INFORMATION SYSTEMS &
24 COMPUTER SCIENCE
 Asset Management in NIST CSF Identify Function

ID.AM: Asset Management
Identifying physical and digital assets.
Ensuring visibility into critical systems and
data.
Why Asset Management Matters:
Supports risk prioritization.
Aligns with organizational objectives.
INFORMATION SYSTEMS &
25 COMPUTER SCIENCE
 Asset Management in NIST CSF Identify Function
Task:
Create an inventory of assets for a fictional organization.
Categorize assets into:
Hardware.
Software.
Data.
Personnel.
External systems.
Output:
A comprehensive list with priorities based on criticality.

INFORMATION SYSTEMS &
26 COMPUTER SCIENCE
 End of Module 2.1

INFORMATION SYSTEMS &
27 COMPUTER SCIENCE
 References
Michael E. Whitman and Herbert J. Mattord. 2021. Principles of Information Security (7th ed.). Cengage
Learning, Massachusetts, USA.

CISCO Networking Academy. Introduction to Cybersecurity. Retrieved January 30, 2024 from
https://skillsforall.com.

Cloudfare, Inc. What is a DDoS botnet. Retrieved January 30, 2024 from
https://www.cloudflare.com/learning/ddos/what-is-a-ddos-botnet.

INFORMATION SYSTEMS &
28 COMPUTER SCIENCE