Please enable JavaScript.
Coggle requires JavaScript to display documents.
Threats, Vulnerabilities, and Attacks - Coggle Diagram
Threats, Vulnerabilities, and Attacks
Malware and Malicious Code
Types of Malware
Cyber criminals target user's and devices through the installation of malware
Worms
Malicious code that replicates by independently exploiting vulnerabilities in networks.
Worms usually slow down networks.
Whereas a virus requires a host
program to run, worms can run by themselves.
Other than the
initial infection, worms no longer require user participation.
Trojan Horse
Malware that carries out malicious operations under the guise of a desire operation
such as playing an online game
This malicious code exploits the privileges of the user that runs it. a Trojan horse differs from a virus because the Trojan binds itself to non-executable files
such as images files audio files, or games
Viruses
A virus is malicious executable code attached to another executable file.
ie. a Legitimate program
Most viruses require end-user initiation, and can activate at a specific time or date
Ransomware
Holds a computer system, or the data it contains, captive until the target makes a payment.
Ransomware usually works by encrypting data in the computer with a key unknown to the user
Logic Bomb
malicious programs that uses a trigger to awaken the malicious code
Ex
triggers can be dates, times, other programs running or the deletion of a user account
the logic bomb remains inactive until that trigger event happens.
Once activated, a logic bomb implements a malicious code that causes harm to a computer
Backdoors and Rootkits
refers to the program or code introduced by a criminal who has compromised a system.
the backdoor bypasses the normal authentication used to access a system
a rootkit modifies the OS to create a backdoor.
Attackers then use the backdoor to access the computer remotely
Defending Against Malware
Up-to-Date Software
Many forms of malware achieve their objectives through exploitation of vulnerabilities in software, both in the OS and Applications
Although OS vulnerabilities were the main source of problems, today's application-level vulnerabilities pose the greatest risk.
Antivirus Program
the majority of antivirus suites catch most widespread forms of malware
cyber crims. develop and deploy new threats on a daily basis.
key to an effective antivirus solution is to keep the signatures updated
Email and Browser Attacks
Email is a universal service used by billions worldwide.
As one of the most popular services, email has become a major vulnerability to users and organizations
Spyware
software that enables a criminal to obtain information about a user's computer activities
Often includes activity trackers, keystroke collection, and data capture.
In an attempt to overcome security measures, spyware often modifies security settings
Spam
In most cases, spam
However, spam can send harmful links, malware, or deceptive content
AKA junk mail, is unsolicited email
Adware
Typically displays annoying pop-ups to generate revenue for its authors.
The malware may analyze user interests by tracking the websites visited.
It can then send pop-up advertising pertinent to those sites
Scareware
Scareware persuades the user to take a specific action based on fear.
Scareware forges pop-up windows that resemble OS dialogue windows
Phishing
A form of fraud
cyber criminals use email, instant messaging, or other social media to try to father information
such as
login credential or account information by masquerading as a reputable entity or person
Phishing occurs when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source
The message intent is to trick the recipient into installing malware on his or her device or into sharing personal or financial information
Spear Phishing
Spear phishing is a highly targeted phishing attack.
While phishing and spear phishing both use emails to reach the victims, spear phishing sends customized emails to a specific person
Vishing
Phishing using voice communication technology
Criminals can spoof calls from legitimate sources using Voice over IP (VoIP) technology
Victims may also receive a recorded message that appears legitimate
Pharming
the impersonation of a legitimate website in an effort to deceive users into entering their credentials
Whaling
A Phishing attack that targets high profile targets within an organization such as senior executives
Plugins
The Flash and Shockwave plugins adobe enable the development of interesting graphic and cartoon animations that greatly enhance the look and feel of a web page.
Plugins display the content developed using the appropriate software
SEO Poisoning
Search engines such as Google work by raking pages and presenting relevant results based on users' search queries.
Depending on the relevancy of web site content, it may appear higher or lower in the search result list
SEO (Search Engine Optimization) is a set of techniques used to improve a website's ranking by search engine
While many legitimate companies specialized in optimizing websites to better position them, SEO poisoning uses SEO to make malicious website appear higher in search results
Browser Hijacker
A browser hijacker is malware that alters a computer's browser settings to redirect the user to websites paid for by the cber criminals' customers.
Browser hijackers usually install without the use's permission and is usually part of a drive-by download
Deception
The Art of Deception
Social Engineering
Types of Social engineering attacks
Online, Email, and Web-based Trickery
Forwarding hoax emails at work may violate the company's acceptable use policy and result in disciplinary actions
Piggybacking and Tailgating
tailgating is another term that describes the same practice
Piggybacking occurs when a criminal tags along with an authorized person to gain entry into a secure location or restricted area.
Impersonation and Hoaxes
For example, a recent phone scam targeted taxpayers.
A criminal, posing as an IRS employee, told the victims that they owes money to the IRS
Impersonation is the action of pretending to be someone else.
Shoulder Surfing and Dumpster Diving
refers to picking up PINs, access codes or credit card numbers. An attacker can be in close proximity to his victim or the attacker can use binoculars or closed circuit cameras to shoulder surf
Something for Something (Quid Pro Quo)
When an attacker requests personal information from a party in exchange for something, like a gift
Pretexting
An example involves an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient
This is when an attacker calls an individual and lies to them in an attempt to gain access to privileged data.
Social engineers often rely on people's willingness to be helpful but also prey on people's weaknesses
It Is an attack that attempts to manipulate individuals into performing actions or divulging confidential information
a completely non-technical means for criminals to gather information on a target.
Attacks
Types of Cyber Attacks
Denial-of-Service (DoS) Attacks
are a type of network attack that result in some sort of interruption of network services to users, devices, or applications.
DoS attacks are a major risk because they can easily interrupt communication and cause significant loss of time and money.
These attacks are relatively simple to conduct, even by an unskilled attacker
Sniffing
Sniffing is similar to eavesdropping on someone.
It occurs when attackers examine all network traffic as it passes through their NIC, independent of whether or not the traffic is addressed to them or not.
Criminals accomplish network sniffing with a software application, hardware device, or a combination of the two
Spoofing
An impersonation attack, and it takes advantage of a trusted relationship between two systems.
If two systems accept the authentication accomplished by each other, an individual logged onto one system might not go through an authentication process again to access the other system
Man-in-the-Middle
A criminal performs a MitM attack by intercepting communications between computers to steal information crossing the network.
The criminal can also choose to manipulate messages and relay false information between hosts since the hosts are unware that a modification to messages occurred.
MitM allows the criminal to take control over a device without the user's knowledge
Man-in-the-Mobile
MitMo is the mobile variation of MitM
Zero-Day Attacks
Sometimes referred to as a Zero-Day Threat, is a computer attack that tries to exploit software vulnerabilities that are unknown or undisclosed by the software vendor.
The term Zero Hour describes the moment when someone discovers the exploit
Keyboard Logging
A software program that records or logs the keystrokes of the user of the system.
Criminals can implement keystroke loggers through software installed on a computer system or through hardware physically attached to a computer.
Wireless and Mobile Attacks
Grayware and SMiShing
Grayware includes applications that behave in an annoying or undesirable manner.
Grayware may not have recognizable malware concealed within, but it still may pose a risk to the user.
SmiShing is short of SMS phishing.
It uses Short Message Service (SMS) to send fake text messages.
the criminals trick the user into visiting a website or calling a phone number.
Unsuspecting victims may then provide sensitive information such as credit card information.
Rogue Access Points
A rogue access point is a wireless access point installed on a secure network without explicit authorization.
A rogue access point can be set up in two ways
RF Jamming
Wireless signals are susceptible to Electromagnetic Interference (EMI), Radio Frequency Interference (RFI), and may be susceptible to lighting strikes or noise from fluorescent lights
Wireless signals are also susceptible to deliberate jamming.
Radio frequency (RF) jamming disrupts the transmission of a radio or satellite station so that the signal does not reach the receiving station
Bluejacking and Bluesnarfing
Bluejacking is the term used for sending unauthorized messages to another Bluetooth device.
Bluesnarfing occurs when the attacker copies the victim's info from his device. This Info can include emails and contact lists
WEP and WPA Attacks
Wired Equivalent Privacy (WEP)
A security protocol that attempted to provide a WLAN with the same level of security as a wired LAN.
Since physical security measures help to protect a wired LAN, WEP seeks to provide similar protection for data transmitted over the WLAN with encryption
WEP uses a key for encryption
There is no provision for key management with WEP, so the number of people sharing the key will continually grow
It is a 24bit field, which is too small
It is in cleartext, which means it is readable
It is static so identical key streams will repeat on a busy network
Wi-Fi Protected Access (WPA) and the WPA2
Came out as improved protocols to replace WEP. WPA2 does not have the same encryption problems because an attacker cannot recover the key by observing traffic
WPA2 is susceptible to attack because cyber criminals can analyze the packets going between the access point and a legitimate user
Cyber criminals use a packet sniffer and then run attacks offline on the passphrase
Defending Against Wireless and Mobile Devices Attacks
There are several steps to take to defend against wireless and mobile device attacks
Restrict AP placement with a network by placing these devices outside the firewall or within a Demilitarized Zone (DMZ)
WLAN tools like NetStumbler may discover rogue APs or unauthorized workstations.
Develop a guest policy to address the need when legitimate guests need to connect to the internet while visiting
Change Default Settings
Utilize a remote access virtual private network (VPN) for WLAN
Application Attacks
Cross-site Scripting (XSS)
A vulnerability found in web applications
XSS allows scripts containing malicious code to be injected into web pages
Cross-site scripting has three participants
The Criminal
The Victim
The Website
A malicious script of this type can access any cookies, session tokens, or other sensitive information.
If criminals obtain the victim's session cookie, they can impersonate that user
Code Injections Attack
one way to store data at a website is to use a database
Structured Query Language (SQL)
Extensible Markup Language (XML)
Both XML and SQL injection attacks exploit weaknesses in the program such as not validating database queries properly
Buffer Overflow
A buffer overflow occurs when data goes beyond the limits of a buffer
Buffer are memory areas allocated to an application.
By changing data beyond the boundaries of a buffer, the application accesses memory allocated to other processes.
this can lead to a system crash, data compromise, or provide escalation
Remote Code Executions
vulnerabilities allow a cybercriminal to execute malicious code and take control of a system with the privileges of the user running the app
allows criminals to execute any command on a target machine
ActiveX Controls and Java
ActiveX controls are pieces of software installed by users to provide extended capabilities.
Third parties write some ActiveX controls, and they may be malicious.
they can monitor browsing habits, install malware, or log keystrokes.
Active X controls also work in other microsoft apps
Java operates through an interpreter, the Java Virtual Machine (JVM).
The JVM enables the Java program's functionality.
The JVM sandboxes or isolates untrusted code from the rest of the OS.
There are vulnerabilities, which, allow untrusted code to go around the restrictions imposed by the sandbox
Defending Against Application Attacks
Validate all inputs as if they were hostile
Keep all software including operating systems and applications up-to-date, and do not ignore update prompts
Regardless of the language used, or the source of outside input, prudent programming practice is to treat all input from outside a function as hostile
Not all programs update automatically, so at the very least, always select the manual update option
The first line of defense against an application attack is to write solid code