Chapter 4: Understanding Information Security Attacks PDF

Summary

This document is a chapter on information security attacks. It covers various attack types, motives, and methodologies. The document focuses on defining and categorizing attacks, providing descriptions of different tactics, techniques, and procedures, as well as related attack methodologies.

Full Transcript

CHAPTER#4:
Understand Information Security Attacks
Chapter Objectives
Understand Information Security Attacks
What is a cyberattack?

A cyberattack is an attempt by cybercriminals, hackers or other digital adversaries to access a computer
network or system, usually for the purpose of altering, stealing, destroying or exposing information.

Cyberattacks can target a wide range of victims from individual users to enterprises or even governments.
When targeting businesses or other organizations, the hacker’s goal is usually to access sensitive and valuable
company resources, such as intellectual property (IP), customer data or payment details.
Motives, Goals, and Objectives of Information Security Attacks
Attack Classification
Classification of Attacks
Classification of Attacks
What are the most common types of cyberattacks?

❑ Malware ❑ Code Injection Attacks
❑ Denial-of-Service (DoS) Attacks ❑ Supply Chain Attacks
❑ Phishing ❑ Social Engineering Attacks
❑ Spoofing ❑ Wireless and Mobile Attacks
❑ Identity-Based Attacks ❑ AI-Powered Attacks
1. Malware

Malware — or malicious software — is any program or code that is created with the intent to do
harm to a computer, network or server. Malware is the most common type of cyberattack, mostly
because this term encompasses many subsets such as ransomware, trojans, spyware, viruses, worms,
keyloggers, bots, cryptojacking, and any other type of malware attack that leverages software in a
malicious way.
1. Malware

Fileless Malware Trojan Ransomware Rootkits

Spyware Adware Worms Scareware

Keylogger Botnet Mobile Malware ………………………
2. Denial-of-service (DoS) attacks

A Denial-of-Service (DoS) attack is a In a DoS attack, users are unable to perform

malicious, targeted attack that floods a routine and necessary tasks, such as
accessing email, websites, online accounts
network with false requests in order to
or other resources that are operated by a
disrupt business operations.
compromised computer or network. While
most DoS attacks do not result in lost data
and are typically resolved without paying a
ransom, they cost the organization time,
money and other resources in order to restore
critical business operations.
2. Denial-of-service (DoS) attacks

The difference between DoS and Distributed Denial of Service (DDoS) attacks has to do with the origin

of the attack.

DoS attacks originate from just one system while DDoS attacks are launched from multiple

systems.

DDoS attacks are faster and harder to block than DOS attacks because multiple systems must be

identified and neutralized to halt the attack.
3. Phishing

Phishing is a type of cyberattack that uses email, SMS, phone, social media, and social
engineering techniques to entice a victim to share sensitive information — such as
passwords or account numbers — or to download a malicious file that will install viruses on
their computer or phone.
3. Phishing

Type Description

Spear-phishing is a type of phishing attack that targets specific individuals or organizations typically through
Spear Phishing malicious emails. The goal of spear phishing is to steal sensitive information such as login credentials or infect the
targets’ device with malware.

A whaling attack is a type of social engineering attack specifically targeting senior or C-level executive employees
Whaling with the purpose of stealing money or information or gaining access to the person’s computer in order to execute
further cyberattacks.

Smishing is the act of sending fraudulent text messages designed to trick individuals into sharing sensitive data such
SMiShing as passwords, usernames and credit card numbers. A smishing attack may involve cybercriminals pretending to be
your bank or a shipping service you use.

Vishing, a voice phishing attack, is the fraudulent use of phone calls and voice messages pretending to be from a
Vishing
reputable organization to convince individuals to reveal private information such as bank details and passwords.
4. Spoofing

Spoofing is a technique through which a cybercriminal disguises themselves as a known or trusted
source. In so doing, the adversary is able to engage with the target and access their systems or devices
with the ultimate goal of stealing information, extorting money or installing malware or other harmful
software on the device.

Type Description

Domain spoofing is a form of phishing where an attacker impersonates a known business or person with fake website or email domain
Domain Spoofing to fool people into the trusting them. Typically, the domain appears to be legitimate at first glance, but a closer look will reveal subtle
differences.

Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient
Email Spoofing
trusts the alleged sender, they are more likely to open the email and interact with its contents, such as a malicious link or attachment.

Address Resolution Protocol (ARP) spoofing or ARP poisoning is a form of spoofing attack that hackers use to intercept data. A hacker
ARP Spoofing commits an ARP spoofing attack by tricking one device into sending messages to the hacker instead of the intended recipient. This
way, the hacker gains access to your device’s communications, including sensitive data.
5. Identity-based attacks

Identity-driven attacks are extremely hard to detect. When a valid user’s credentials have been
compromised and an adversary is masquerading as that user, it is often very difficult to differentiate
between the user’s typical behavior and that of the hacker using traditional security measures and
tools.
5. Identity-based attacks

Some on the most common identity-based attacks include:

is a type of cyberattack in which an attacker eavesdrops on a conversation between two
Man-in-the-Middle targets with the goal of collecting personal data, passwords or banking details, and/or to
(MITM) Attack convince the victim to take an action such as changing login credentials, completing a
transaction or initiating a transfer of funds.
5. Identity-based attacks

Some on the most common identity-based attacks include:

Credential cybercriminals gather user credentials — such as user IDs, email addresses, passwords,
Harvesting and other login information — then access systems, gather sensitive data, or sell it in the
dark web.

work on the premise that people often use the same user ID and password across
Credential multiple accounts. Therefore, possessing the credentials for one account may be able to
Stuffing grant access to other, unrelated account.
5. Identity-based attacks

Some on the most common identity-based attacks include:

A brute force attack is uses a trial-and-error approach to systematically guess login info,
Brute Force credentials, and encryption keys. The attacker submits combinations of usernames and
Attacks passwords until they finally guess correctly.
Trying all possible combinations to crack passwords.

The attacker uses a list of common passwords or phrases, like those found in a dictionary,
Dictionary Attack
to guess the password.
5. Identity-based attacks

Some on the most common identity-based attacks include:

The basics of a password spraying attack involve a threat actor using a single common
Password password against multiple accounts on the same application. This avoids the account
Spraying lockouts that typically occur when an attacker uses a brute force attack on a single
account by trying many passwords.

Pass the hash (PtH) is a type of attack in which an adversary steals a “hashed” user
Pass-the-Hash credential and uses it to create a new user session on the same network. It does not
Attack require the attacker to know or crack the password to gain access to the system. Rather, it
uses a stored version of the password to initiate a new session.
6. Code injection attacks

Code injection attacks consist of an attacker injecting malicious code into a vulnerable computer or
network to change its course of action. There are multiple types of code injection attacks:

o SQL Injection
o Cross-Site Scripting (XSS)
o Buffer Overflow
o Remote Code Executions
o ActiveX Controls and Java controls
o Malvertising
6. Code injection attacks

SQL Injection

A SQL Injection attack leverages system
vulnerabilities to inject malicious SQL
statements into a data-driven application,
which then allows the hacker to extract
information from a database. Hackers use
SQL Injection techniques to alter, steal or
erase application's database data.
6. Code injection attacks

Cross-Site Scripting (XSS)

Cross Site Scripting (XSS) is a code injection
attack in which an adversary inserts
malicious code within a legitimate website.
The code then launches as an infected script
in the user’s web browser, enabling the
attacker to steal sensitive information or
impersonate the user. Web forums, message
boards, blogs and other websites that allow
users to post their own content are the most
susceptible to XSS attacks.
6. Code injection attacks

Buffer Overflow

A buffer overflow occurs when data goes
beyond the limits of a buffer. Buffers are
memory areas allocated to an application. By
changing data beyond the boundaries of a
buffer, the application accesses memory
allocated to other processes. This can lead to
a system crash, data compromise, or provide
escalation of privileges.
6. Code injection attacks

Remote Code Executions

vulnerabilities allow a cybercriminal to
execute malicious code and take control of a
system with the privileges of the user
running the application. Remote code
execution allows a criminal to execute any
command on a target machine.
6. Code injection attacks

Malvertising

Malvertising attacks leverage many other
techniques, such as SEO poisoning, to carry out
the attack. Typically, the attacker begins by
breaching a third-party server, which allows the
cybercriminal to inject malicious code within a
display ad or some element thereof, such as
banner ad copy, creative imagery or video
content. Once clicked by a website visitor, the
corrupted code within the ad will install malware
or adware on the user’s computer.
6. Code injection attacks

ActiveX Controls and Java controls
ActiveX Controls and Java controls provide
the capability of a plugin to Internet
Explorer.

❑ ActiveX controls are pieces of software installed by users to provide extended capabilities. Third parties write some
ActiveX controls and they may be malicious. They can monitor browsing habits, install malware, or log keystrokes. Active
X controls also work in other Microsoft applications.

❑ Java operates through an interpreter, the Java Virtual Machine (JVM). The JVM enables the Java program’s functionality.
The JVM sandboxes or isolates untrusted code from the rest of the operating system. There are vulnerabilities, which
allow untrusted code to go around the restrictions imposed by the sandbox.
7. Supply chain attacks

A supply chain attack is a type of cyberattack that targets a trusted third-party vendor who offers
services or software vital to the supply chain.
Software supply chain attacks inject malicious code into an application in order to infect all users of an
app, while hardware supply chain attacks compromise physical components for the same purpose.
Software supply chains are particularly vulnerable because modern software is not written from
scratch: rather, it involves many off-the-shelf components, such as third-party APIs, open source code
and proprietary code from software vendors.
8. Social engineering attacks

❑ Social engineering is a technique where attackers use psychological tactics to manipulate people
into taking a desired action. Through the use of powerful motivators like love, money, fear, and
status, attackers can gather sensitive information that they can later use to either extort the
organization or leverage such information for a competitive advantage.

❑ Social engineering is a completely non-technical means for a criminal to gather information on a
target. Social engineering is an attack that attempts to manipulate individuals into performing
actions or divulging (revealing) confidential information.

❑ Social engineers often rely on people’s willingness to be helpful but also prey on people’s
weaknesses.
8. Social engineering attacks -types

This is when an attacker calls an individual and lies to them in an attempt to gain
Pretexting access to privileged data. An example involves an attacker who pretends to need
personal or financial data in order to confirm the identity of the recipient.

Something for This is when an attacker requests personal information from a party in exchange
Something for something, like a gift.
(Quid pro quo)

Shoulder Surfing refers to picking up PINs, access codes or credit card numbers. An attacker can be
and in close proximity to his victim or the attacker can use binoculars or closed circuit
Dumpster Diving cameras to shoulder surf.
8. Social engineering attacks -types

Impersonation Impersonation is the action of pretending to be someone else. For example, a recent
and phone scam targeted taxpayers. A criminal, posing as an IRS employee, told the
Hoaxes victims that they owed money to the IRS.

Piggybacking Piggybacking occurs when a criminal tags along with an authorized person to gain
and entry into a secure location or a restricted area. Tailgating is another term that
Tailgating describes the same practice.

Online, Email, and Forwarding hoax emails and other jokes, funny movies, and non-work-related
Web-based Trickery emails at work may violate the company's acceptable use policy and result in
disciplinary actions.
9. Wireless and Mobile Attacks

Rogue Access Points RF Jamming Bluejacking and Bluesnarfing

Wireless signals are susceptible to
electromagnetic interference (EMI),
A rogue access point is a wireless Bluejacking is the term used for
radio-frequency interference (RFI), and
access point installed on a secure sending unauthorized messages to
may even be susceptible to lightning
network without explicit authorization. another Bluetooth device. Bluesnarfing
strikes or noise from fluorescent lights.
occurs when the attacker copies the
Wireless signals are also susceptible to
victim's information from his device.
deliberate jamming. Radio frequency
This information can include emails
(RF) jamming disrupts the transmission
and contact lists.
of a radio or satellite station so that
the signal does not reach the receiving
station.
9. Wireless and Mobile Attacks

WEP and WPA Attacks
Wired Equivalent Privacy Wi-Fi Protected Access (WPA) and
(WEP) then WPA2

o WEP is a security protocol that attempted to provide a o WPA came out as improved protocols to replace WEP.
wireless local area network (WLAN) with the same level of WPA2 does not have the same encryption problems
security as a wired LAN. Since physical security measures because an attacker cannot recover the key by observing
help to protect a wired LAN, WEP seeks to provide similar traffic.
protection for data transmitted over the WLAN with o WPA2 is susceptible to attack because cyber criminals can
encryption. analyze the packets going between the access point and a
o WEP uses a key for encryption. legitimate user.
o There is no provision for key management with WEP, so the o Cyber criminals use a packet sniffer and then run attacks
number of people sharing the key will continually grow. offline on the passphrase.
10. AI-powered attacks

As AI and ML technology improves, the number of use cases has also increased. Just as cybersecurity professionals
leverage AI and ML to protect their online environments, attackers also leverage these tools to get access to a network or
steal sensitive information. Examples of AI-powered cyberattacks include:

Attack Description

Adversarial artificial intelligence and machine learning seek to disrupt the operations of AI and ML systems by
Adversarial AI/ML
manipulating or misleading them. They can do this by introducing inaccuracies in training data.

Dark AI is specifically engineered to leverage the benefits of incorporating AI and ML technology to exploit
Dark AI
vulnerabilities. Dark AI usually goes unnoticed until the damage is done.

Deep fakes are AI-generated forgeries that appear very real and have the potential to reshape public opinion,
Deepfake damage reputations, and even sway political landscapes. These can come in the form of fake images, videos,
audio, or more.

AI-generated social Attackers create fake chatbots or virtual assistants capable of having human-like interactions and engaging in
engineering conversations with users to get them to provide sensitive information.
Describe Hacking Methodologies
and Frameworks
What is Hacking?
What is Hacking?

Hacking on computer networks is generally done using scripts or other network programming.
Network hacking techniques include creating viruses and worms, performing denial-of-service
(DoS) attacks, establishing unauthorized remote access connections to a device using Trojans or
backdoors, creating botnets, packet sniffing, phishing, and password cracking.
The motive behind hacking could be to steal critical information or services, for thrill, intellectual
challenge, curiosity, experiment, knowledge, financial gain, prestige, power, peer recognition,
vengeance, and vindictiveness, among other reasons.
Hacking Methodology

❑ EC-Council HACKING METHODOLOGY

❑ Cyber Kill Chain Methodology

❑ Tactics, Techniques, and Procedures (TTPs)

❑ MITRE Attack Framework

❑ Diamond Model of Intrusion Analysis
EC-COUNCIL Hacking Methodology
EC-COUNCIL Hacking Methodology
EC-COUNCIL Hacking Methodology
EC-COUNCIL Hacking Methodology
EC-COUNCIL Hacking Methodology
EC-COUNCIL Hacking Methodology
Cyber Kill Chain Methodology
Tactics, Techniques, and Procedures (TTPs)
MITRE Attack Framework
Diamond Model of Intrusion Analysis
End OF Chapter