Please enable JavaScript.
Coggle requires JavaScript to display documents.
Modulo 2 Networks Threats, Types of Reconnaissance Attacks - Coggle Diagram
Modulo 2 Networks Threats
2.1 Who is Attacking Our Network?
2.1.1 Threat, Vulnerability, and Risk
Threat:
Threats are potential dangers that could exploit vulnerabilities to cause harm. They are actions or events that could jeopardize assets.
Vulnerability:
Vulnerabilities are weaknesses or gaps in a system that can be exploited by threats. These can be flaws in software, hardware, or procedural weaknesses.
Risk:
Risk is the likelihood that a threat will exploit a vulnerability and cause damage. It combines the potential impact of a threat and the probability of that threat exploiting a vulnerability.
Risk Management:
Risk management is the process of balancing the cost of protective measures against the benefits of protecting assets. Four common ways to manage risk are:
Avoidance:
Changing plans to eliminate the risk.
Mitigation:
Implementing controls to reduce the impact or likelihood of the risk.
Acceptance:
Acknowledging the risk without taking any action to reduce it.
Transfer:
Shifting the risk to another party (e.g., insurance)
2.1.2 Hacker vs. Threat Actor
The term "hacker" can refer to several different types of individuals, as follows:
Network Professional:
Uses skills to ensure networks are secure.
Unauthorized Access Seeker:
Attempts to gain unauthorized access to devices.
Malicious Attacker:
Uses programs to disrupt or corrupt data.
Clever Programmer:
Develops and optimizes programs.
Types of Hackers:
White Hat Hackers:
Ethical hackers who use their skills for good. They perform penetration tests to find and report vulnerabilities to improve security.
Gray Hat Hackers:
May commit crimes but not for personal gain. They might disclose vulnerabilities after compromising systems to prompt fixes.
Black Hat Hackers:
Unethical individuals who exploit vulnerabilities for personal gain or to cause harm.
2.1.3 Evolution of Threat Actors
1960s: Phreaking
Manipulating phone systems using audio frequencies to make free calls.
Mid-1980s: War Dialing
Using dial-up modems to find vulnerable systems by scanning telephone numbers.
Types of Threat Actors:
Script Kiddies:
Inexperienced hackers using existing tools to cause harm, typically not for profit.
Vulnerability Brokers:
Buy and sell information about vulnerabilities.
Hacktivists:
Attack systems for political or social causes.
Cybercriminals:
Attack systems for financial gain.
State-sponsored Actors:
Conduct attacks on behalf of a government for political or economic reasons.
2.1.4 Cybercriminals
Cybercriminals are motivated by financial gain and often operate within criminal organizations. They are involved in:
Stealing:
Personal information, intellectual property, and financial data.
Underground Economy:
Buying, selling, and trading exploits, tools, and stolen data.
Targeting:
Small businesses, consumers, and large enterprises
2.1.5 Cybersecurity Tasks
Cybersecurity is a shared responsibility that involves:
User Actions:
Reporting cybercrime, being aware of email and web threats, and protecting personal information.
Organizational Actions: Implementing security measures like:
Trustworthy IT Vendor:
Ensuring reliable technology partners.
Up-to-date Security Software:
Keeping software current.
Regular Penetration Tests:
Testing systems for vulnerabilities.
Backup:
Regularly backing up data to cloud and hard disk.
Password Management:
Periodically changing passwords.
Security Policy:
Maintaining an updated security policy.
Strong Passwords:
Enforcing strong password use.
Two-factor Authentication:
Adding an extra layer of security.
Complete 2.1.6 Cyber Threat Indicators
Indicators of Compromise (IOC):
Evidence of an attack, such as:
Unique attributes of attacks.
Malware file details (e.g., filename, hash values).
IP addresses.
DNS requests.
Filenames and system changes.
2.1.7 Threat Sharing and Building Cybersecurity Awareness
Topics covered:
Social media safety.
Privacy settings.
App security.
Software updates.
Safe online shopping.
Wi-Fi safety.
Customer data protection.
2.2 Threat Actor Tools
2.2.1 Introduction of Attack Tools
1985: Attack tools were less sophisticated, requiring high technical knowledge.
Over time, the sophistication of attack tools increased, while the technical knowledge needed decreased.
As tools became more automated, less expertise was required to carry out cyberattacks.
2.2.2 Evolution of Security Tools
Ethical Hacking:
Involves using various tools to test networks and end devices.
Network penetration testing tools are developed to validate security, but can also be exploited by malicious actors.
Ethical hackers and cybersecurity personnel need to be familiar with these tools, as well as threat actor tools, for defense.
Categories of Common Network Penetration Testing Tools:
Password Crackers:
Tools like John the Ripper, Ophcrack, and THC Hydra are used to recover or crack passwords. These tools can bypass encryption or brute-force passwords.
Wireless Hacking Tools:
Tools like Aircrack-ng and Kismet are used to exploit vulnerabilities in wireless networks.
Network Scanning and Hacking Tools:
Tools like Nmap and Angry IP Scanner probe devices and networks for open TCP or UDP ports to identify weaknesses.
Packet Crafting Tools:
Tools like Hping and Scapy are used to test firewalls by sending specially crafted packets to probe weaknesses.
Packet Sniffers:
Tools like Wireshark, Tcpdump, and Ettercap capture and analyze packets within a network.
Rootkit Detectors:
Tools like AIDE and OpenBSD Packet Filter help detect rootkits used to exploit system vulnerabilities.
Fuzzers to Search Vulnerabilities:
Tools like Skipfish and Wapiti are used to find vulnerabilities in a system by inputting random data to see what breaks.
Forensic Tools:
White hat hackers use tools like Sleuth Kit and Helix to analyze systems for evidence of security breaches.
Debuggers:
Tools like GDB and Immunity Debugger help black hats reverse-engineer binary files and are also used by white hats to analyze malware.
Hacking Operating Systems:
Systems like Kali Linux and Parrot OS are specifically designed with tools optimized for hacking.
Encryption Tools:
Tools like VeraCrypt and OpenVPN safeguard data by encoding it to prevent unauthorized access.
Vulnerability Exploitation Tools:
Tools like Metasploit and Social Engineer Toolkit are used to exploit discovered security weaknesses.
Vulnerability Scanners:
Tools like Nessus and OpenVAS are used to scan for open ports and identify security vulnerabilities in networks, virtual machines, and databases.
2.3 Malware
2.3.1 Types of Malware
Virus
Unwanted, harmful actions on a computer
Worm
Replicates and spreads across the network
Trojan Hourse
Appears legitimate but contains malicious code
2.3.2Viruses
Spreads by inserting a copy of itself into programs
Requires human help to spread (e.g., USB drive, email)
Can lay dormant or cause damage (e.g., deleting files)
2.3.3 Trojan Horses
Exploits user privileges
Attached to games or legitimate software
Can create backdoor access, cause damage, or steal information
2.3.4 Trojan Horse Classification
Remote Access
Data-Sending
Destructive
Proxy
FTP
Security Software Disabler
Denial of Service (DoS)
Keylogger
2.3.5 Worms
Exploits network vulnerabilities to replicate
Can run independently without user action
Famous worms: Code Red, SQL Slammer
Code red
Initial code red worm infection
Code Red Infection 19 hours later
SQL Slammer
Intial SQL Slammer Infection
SQL Slammer Infection 30 minutes later
2.3.6 Worm Components
Enabling Vulnerability
Propagation Mechanism
Payload (e.g., DoS attack, backdoor creation)
Code Red Worm Propagation
2.3.7 Ransomware
Denies access to system/data until payment is made
Uses encryption algorithms that are difficult to decrypt
Frequently spread via email, social engineering, and malvertising
Other Malware
Spyware
Adware
Scareware
Phishing
Rootkits
Common Malware Behaviors
Strange files, programs, or icons appear
Antivirus/firewall settings
changed
System crashes or freezes
Unintended emails sent to contacts
Files modified or deleted
Slow computer or web speeds
Unknown processes or services running
2.4 Common Network Attacks
Reconnaissance Attacks
Information gathering process, similar to a thief surveying a neighborhood.
Techniques
Internet Information Queries (e.g., WHOIS search)
Ping Sweeps
Port Scans
Mapping Systems and Services
Acces Attacks
Exploiting vulnerabilities in authentication, FTP, and web services.
Password Attacks: Using password-cracking tools to discover system passwords.
Spoofing Attacks: Falsifying data to pose as another device (IP, MAC, or DHCP spoofing).
Trust Exploitation: Gaining access through exploiting trust relationships between systems.
Port Redirection
Man-in-the-Middle Attacks
Buffer Overflow Attacks
2.5 Network Attaks
Denial of Service (DoS) Attacks
Overwhelming Quantity of Traffic: Sending a massive amount of data to overload the network or device.
Maliciously Formatted Packets: Sending improperly formatted data that the target cannot handle, causing crashes or slowdowns.
Distributed Denial of Service (DDoS) Attacks
Zombies: Compromised hosts controlled by attackers.
Handlers: Servers that coordinate the zombies.
Botmaster: The threat actor controlling the botnet.
Buffer Overflow Attacks
Sending more input than expected, causing memory overflow and system crashes.
Ping of Death: Sending an oversized ping packet that exceeds 65,535 bytes, causing system crashes.
Types of Reconnaissance Attacks
Unauthorized discovery attacks
Denial of Service (DoS) attacks
Access attacks
