Chapter 2 - 01 - Understand Information Security Attacks_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Module Flow Understand Social Engineering Understand Information Security Attacks Attacks Describe Hacking Methodologies Understand Wireless Network- and Frameworks Understand Network-level Attacks specific Attacks 3 z ’ L Understand IoT, OT, and Cloud Attacks 4 Understand Applicationlevel and OS-level Attacks Understand Cryptographic Attacks Understand Information Security Attacks Information security refers to the protection or safeguarding of information and information systems that use, store, and transmit alteration, and destruction. Information information from unauthorized access, disclosure, is a critical asset that organizations must secure. If sensitive information falls into the wrong hands, then the respective organization may suffer huge losses in terms of finances, brand reputation, customers, or in other ways. To provide an understanding of information security attacks, this module starts with an overview of such attacks. This section introduces the motives, goals, and objectives of information-security attacks, as well as the classification of attacks. Module 02 Page 146 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Motives, Goals, and Objectives of Information Security Attacks = Motive (Goal) + Method + Vulnerablliity A motive originates out of the notion that the and this leads to the threat of an attack on the system something valuable, Attackers try various tools and attack techniques to security policy and controls in order to fulfil their motives « in @ computer system or its Motives behind information security attacks v’ Disrupting business continuity v’ Stealing information and manipulating data v’ Creating fear and chaos by disrupting critical infrastructures v’ Causing financial loss to the target v Damaging the reputation of the target Motives, Goals, and Objectives of Information Security Attacks Attackers generally attacks. A motive have motives originates out (goals), and of the objectives notion that behind a target their information system stores or security processes something valuable, which leads to the threat of an attack on the system. The purpose of the attack may be to disrupt the target organization’s business operations, to steal valuable information for the sake of curiosity, or even to exact revenge. Therefore, these motives or goals depend on the attacker’s state of mind, their reason for carrying out such an activity, as well as their resources and capabilities. Once the attacker determines their goal, they can employ various tools, attack techniques, and methods to exploit vulnerabilities in a computer system or security policy and controls. Attacks = Motive (Goal) + Method + Vulnerability Motives behind information security attacks = Disrupt business continuity = Propagate religious or political beliefs = Perform information theft = Achieve a state’s military objectives * Manipulating data = Damage the reputation of the target = (Create fear and chaos by disrupting = Take revenge * Bring financial loss to the target critical infrastructures Module 02 Page 147 = Demmaid tARCom Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Lf“ Q\.\)n ll oLfi:‘(“ 1; ['1101 (0 1/’n\[I] r(‘ I{CuK Passive @ Attacks » Do not tamper with the data and involve intercepting and monitoring network traffic and data flow on the target network » Examples include sniffing and eavesdropping » Tamper with the data in transit or disrupt the communication or services between the systems to bypass or break into secured systems » Examples include DoS, Man-in-the-Middle, session hijacking, and SQL injection Close-in Attacks » » Are performed when the attacker is in close physical proximity with the target system or network in order to gather, modify, or disrupt access to information Examples include social engineering such as eavesdropping, shoulder surfing, and dumpster diving Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. (C\_,,] {("‘ L\)‘QJ_]JI Eq_ o l] u 1(\1 L (o 1}',} \(!Lr[/:f"? c{‘l K: i(&mfij/:"’—(al)\} Distribution » Involve using privileged access to violate rules or intentionally cause a threat to the organization’s information or information systems Examples include theft of physical devices and » Attacks Occur when attackers tamper with hardware or software prior to installation Attackers tamper with the hardware or software at its source or in transit planting keyloggers, backdoors, and malware Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. Classification of Attacks According to IATF, security attacks are classified into five categories: passive, active, close-in, insider, and distribution. = Passive Attacks Passive attacks involve intercepting and monitoring network traffic and data flow on the target network and do not tamper with the data. Attackers perform reconnaissance on Module 02 Page 148 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 network activities using sniffers. These attacks are very difficult to detect as the attacker has no active interaction with the target system or network. Passive attacks allow attackers to capture the data or files being transmitted in the network without the consent of the user. For example, an attacker can obtain information such as unencrypted data in transit, clear-text credentials, or other sensitive information that is useful in performing active attacks. Examples of passive attacks: = o Footprinting o Sniffing and eavesdropping o Network traffic analysis o Decryption of weakly encrypted traffic Active Attacks Active attacks tamper with the data in transit or disrupt communication or services between the systems to bypass or break into secured systems. Attackers launch attacks on the target system or network by sending traffic actively that can be detected. These attacks are performed on the target network to exploit the information in transit. They penetrate or infect the target’s internal network and gain access to a remote system to compromise the internal network. Examples of active attacks: o Denial-of-service (DoS) attack o Firewall and IDS attack o Bypassing protection mechanisms o Profiling o Malware attacks (such as viruses, worms, ransomware) o o Arbitrary code execution Privilege escalation o Modification of information o Backdoor access o Spoofing attacks o Cryptography attacks o Replay attacks o SQLinjection Password-based attacks o XSS attacks o Directory traversal attacks o Exploitation of application and OS software o = o Session hijacking o Man-in-the-Middle attack o DNS and ARP poisoning o Compromised-key attack (Close-in Attacks Close-in attacks are performed when the attacker is in close physical proximity with the target system or network. The main goal of performing this type of attack is to gather or modify information or disrupt its access. For example, an attacker might shoulder surf Module 02 Page 149 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks user credentials. Exam 212-82 Attackers gain close proximity through surreptitious entry, open access, or both. Examples of close-in attacks: o Social engineering (Eavesdropping, shoulder surfing, dumpster diving, and other methods) = |Insider Attacks Insider attacks are performed by trusted persons who have physical access to the critical assets of the target. An insider attack involves using privileged access to violate rules or intentionally cause a threat to the organization’s information or information systems. Insiders can easily bypass security rules, corrupt valuable resources, and access sensitive information. They misuse the organization’s assets to directly affect the confidentiality, integrity, and availability of information systems. These attacks impact the organization’s business operations, reputation, and profit. It is difficult to figure out an insider attack Examples of insider attacks: = o Eavesdropping and wiretapping o Pod slurping o Theft of physical devices o Planting keyloggers, backdoors, o Social engineering o Data theft and spoliation or malware Distribution Attacks Distribution attacks occur when attackers tamper with hardware or software prior to installation. Attackers tamper the hardware or software at its source or when it is in transit. Examples of distribution attacks include backdoors created by software or hardware vendors at the time of manufacture. Attackers leverage these backdoors to gain unauthorized access to the target information, systems, or network. o Maodification of software or hardware during production o Madification of software or hardware during distribution Module 02 Page 150 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.