Chapter 2 - 07 - Understand IoT, OT, and Cloud Attacks - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Module Flow Understand Information Understand Social Engineering Security Attacks Attacks Describe Hacking Methodologies and Frameworks Understand Network-level Attacks Understand Wireless Network- specific Attacks 8 b fi ‘ ‘ Understand IoT, OT, and Cloud Attacks - Understand Cryptographic Attacks Understand Applicationlevel and OS-level Attacks Understand IoT, OT, and Cloud Attacks This section discusses various 10T, OT and cloud-specific attacks. Module 02 Page 358 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Information Security Attacks IoT and OT Specific Attacks Attackers implement various techniques to launch attacks on target loT devices or networks. With evolving security threats and security posture of organizations using OT, organizations need to attach the utmost importance to OT security and adopt appropriate strategies to address security issues due to OT/IT convergence. This section discusses various |oT and OT attacks such as rolling code attacks, BlueBorne attacks, and HMI-based attacks. Module 02 Page 359 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 DDos Attack () i Devices (botnets) > O Attacker initiates the attack by in the devices and installing a in their operating systems - _ Multiple infected IoT devices g : - are referred to as an : %] = r - S EEEEE— i : $§ g =l =3 & ’ = fi = Q | ' srrr: : % P11 naalnsd % control center Piiiltolaunch Pl atack \AAAAS. The target is attacked with a. = ‘ m : 4---.-.----;;;;-:;;. from mt{ltup!e loT devices present in different —— o - = Tasget Sasver locations DDoS Attack A distributed denial-of-service (DDoS) attack is an attack in which multiple infected systems are used to bombard a single online system or service, rendering the server useless, slow, or unavailable for a legitimate user for a short period of time. The attacker initiates the attack by first exploiting vulnerabilities in devices and then installing malicious software in their operating systems. These multiple compromised devices are referred to as an army of botnets. Once an attacker decides on his/her target, he/she instructs the botnets or zombie agents to send requests to the target server that he/she is attacking. The target is attacked by a large volume of requests from multiple IoT devices present in different locations. As a result, the target system is flooded with more requests than it can handle. Therefore, it either goes offline, suffers a loss in performance, or shuts down completely. Given below are the steps followed by an attacker to perform a DDoS attack on loT devices: = Attacker gains remote access to vulnerable devices = After gaining access, he/she injects malware botnets = Attacker uses a command and control center to instruct botnets and to send multiple into the IoT devices to turn them into requests to the target server, resulting in a DDoS attack = Target server goes offline and becomes unavailable to process any further requests Module 02 Page 360 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Compromised loT Devices (botnets) @ =& s Attacker gains remote access to the vulnerable devices mew %R , 7 \:'_""- _[ H: ' @ = malware into loT devices to turn o them into bots lgclll--ncnl----.l.l !.\ o o Z 2 ’._.:...' ) _| H : C&C instruct botnets Command and Control Center /\! P 0_ ---e----.----------u..--lol'-: Attacker P * Attacker uses : : e : &. control center s &+ & & 1 tolaunch attack i = & : command and YVYVVY k&\ - A Target Server (lllllllllll.'l.ll.l.l. Server goes offline and unable to process any further requests ‘ Mo........}ox On the second attempt by the victim, an attacker forwards the first code that unlocks the car the second code v - a: — v - — o m—s i Attacker with Jamming Device 'Ie'.'lllll.'lll.l.l.l..l...llll.") The recorded second code is used later by an attacker to. unlock and steal the vehicle Car Figure 2.71: lllustration of rolling-code attack Module 02 Page 363 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.