Chapter 2 - 01 - Understand Information Security Attacks - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Lf“ Q\.\)n ll oLfi:‘(“ 1; ['1101 (0 1/’n\[I] r(‘ I{CuK Passive @ Attacks » Do not tamper with the data and involve intercepting and monitoring network traffic and data flow on the target network » Examples include sniffing and eavesdropping » Tamper with the data in transit or disrupt the communication or services between the systems to bypass or break into secured systems » Examples include DoS, Man-in-the-Middle, session hijacking, and SQL injection Close-in Attacks » » Are performed when the attacker is in close physical proximity with the target system or network in order to gather, modify, or disrupt access to information Examples include social engineering such as eavesdropping, shoulder surfing, and dumpster diving Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. (C\_,,] {("‘ L\)‘QJ_]JI Eq_ o l] u 1(\1 L (o 1}',} \(!Lr[/:f"? c{‘l K: i(&mfij/:"’—(al)\} Distribution » Involve using privileged access to violate rules or intentionally cause a threat to the organization’s information or information systems Examples include theft of physical devices and » Attacks Occur when attackers tamper with hardware or software prior to installation Attackers tamper with the hardware or software at its source or in transit planting keyloggers, backdoors, and malware Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. Classification of Attacks According to IATF, security attacks are classified into five categories: passive, active, close-in, insider, and distribution. = Passive Attacks Passive attacks involve intercepting and monitoring network traffic and data flow on the target network and do not tamper with the data. Attackers perform reconnaissance on Module 02 Page 148 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 network activities using sniffers. These attacks are very difficult to detect as the attacker has no active interaction with the target system or network. Passive attacks allow attackers to capture the data or files being transmitted in the network without the consent of the user. For example, an attacker can obtain information such as unencrypted data in transit, clear-text credentials, or other sensitive information that is useful in performing active attacks. Examples of passive attacks: = o Footprinting o Sniffing and eavesdropping o Network traffic analysis o Decryption of weakly encrypted traffic Active Attacks Active attacks tamper with the data in transit or disrupt communication or services between the systems to bypass or break into secured systems. Attackers launch attacks on the target system or network by sending traffic actively that can be detected. These attacks are performed on the target network to exploit the information in transit. They penetrate or infect the target’s internal network and gain access to a remote system to compromise the internal network. Examples of active attacks: o Denial-of-service (DoS) attack o Firewall and IDS attack o Bypassing protection mechanisms o Profiling o Malware attacks (such as viruses, worms, ransomware) o o Arbitrary code execution Privilege escalation o Modification of information o Backdoor access o Spoofing attacks o Cryptography attacks o Replay attacks o SQLinjection Password-based attacks o XSS attacks o Directory traversal attacks o Exploitation of application and OS software o = o Session hijacking o Man-in-the-Middle attack o DNS and ARP poisoning o Compromised-key attack (Close-in Attacks Close-in attacks are performed when the attacker is in close physical proximity with the target system or network. The main goal of performing this type of attack is to gather or modify information or disrupt its access. For example, an attacker might shoulder surf Module 02 Page 149 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks user credentials. Exam 212-82 Attackers gain close proximity through surreptitious entry, open access, or both. Examples of close-in attacks: o Social engineering (Eavesdropping, shoulder surfing, dumpster diving, and other methods) = |Insider Attacks Insider attacks are performed by trusted persons who have physical access to the critical assets of the target. An insider attack involves using privileged access to violate rules or intentionally cause a threat to the organization’s information or information systems. Insiders can easily bypass security rules, corrupt valuable resources, and access sensitive information. They misuse the organization’s assets to directly affect the confidentiality, integrity, and availability of information systems. These attacks impact the organization’s business operations, reputation, and profit. It is difficult to figure out an insider attack Examples of insider attacks: = o Eavesdropping and wiretapping o Pod slurping o Theft of physical devices o Planting keyloggers, backdoors, o Social engineering o Data theft and spoliation or malware Distribution Attacks Distribution attacks occur when attackers tamper with hardware or software prior to installation. Attackers tamper the hardware or software at its source or when it is in transit. Examples of distribution attacks include backdoors created by software or hardware vendors at the time of manufacture. Attackers leverage these backdoors to gain unauthorized access to the target information, systems, or network. o Maodification of software or hardware during production o Madification of software or hardware during distribution Module 02 Page 150 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.