Understand and be able to explain the following cyber security threats:
|Explain what penetration testing is and what it is used for.||
Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access. Students should understand that the aim of a white-box penetration test is to simulate a malicious insider who has knowledge of and possibly basic credentials for the target system. Students should understand that the aim of a black-box penetration test is to simulate an external hacking or cyber warfare attack. (more..)
Unlike consumer phishing email campaigns (high volume, broad in scope), spear phishing attacks are highly targeted. These attacks use carefully crafted emails combined with social engineering tactics to convince the victim to open and engage with the email.
Spear phishers will often leverage data from breaches and social network sites, as well as public data about an organization and its employees. Their emails appear to come from a trusted sender, and ask the recipient to perform an action, which typically is to open a webpage and enter a password.
Once this action is taken, the cybercriminal is able to steal confidential information from the victim and the enterprise. According to a recent Gartner report, spear phishing is the most common targeted method of cyberattack. A recent example is the spear phishing attack on the DNC.
In a phishing attack, a criminal sends a large number of consumers a deceptive email appearing to come from a respected brand — typically a financial service provider or an email service provider.
The email uses social engineering techniques to attempt to mislead the recipients to visit a web page appearing to belong to the impersonated brand, where the user will be asked to enter her username and password — and sometimes other information as well. Having stolen this information, the criminal now controls the victim’s account.
A good example of a large scale consumer phishing attack is the recent attack targeting customers of GoDaddy
Business Email Compromise (BEC), also known as CEO fraud, is a sophisticated email attack in which a criminal sends targeted emails to an organization’s employees. These emails, which appear to come from a key figure, ask the recipients to transfer funds or send information. The last few years have seen a dramatic upswing in BEC attacks, fueled by the tremendous profits these attacks generate. In fact, according to the FBI, losses from BEC attacks have spiraled out of control, increasing by 2,300% in the two years preceding December 2016. Examples of companies that have fallen for BEC attacks include FACC, Mattel, Snapchat and Ubiquity.
Ransomware is a form of malware that infects victims’ computers, encrypts their content, and issues a demand that the victim pay a ransom to the attacker in order to regain access to their content.
Most ransomware attacks are based on computer trojans, which rely on tricking a victim to install the malware. Attackers use social engineering methods to coerce their intended victims to expose themselves to ransomware, often impersonating a trusted contact to entice the victim to take action, e.g., opening an attachment.
Ransomware attacks have been steadily rising, with criminals targeting specific industries, such as hospitals and healthcare organizations.
A data breach is an incident where sensitive, protected, or confidential data is stolen, viewed, or used by an unauthorized party. Data breaches have been in the news frequently in the last year, and many wonder what the reason is for their dramatic rise. This is probably best explained by the value the stolen data has to attackers wishing to mount targeted attacks on large numbers of people.
It is believed that much of the data stolen in breaches is sold and resold, thereby broadly enabling more sophisticated attacks — some of which may be years in the making. Many breaches are the result of intrusions caused by credential theft or malware installation, which in turn is fueled by social engineering and identity deception — and the value of being able to mount targeted attacks.
An example of a data breach is that of Yahoo! where 1 billion Yahoo! credentials were stolen.
Social engineering makes use of the users' greed, curiosity or limited credulity to enable the payload to find its target. Some of the "greatest" social engineering hackers such as Mitnick never actually used a computer really.
The current WannaCrypt attack exploits out of data software as discovered by the NSA of all people and apparently re-discovered when the NSA was hacked and their research distributed. Apparently if Windws Defender is up-to-date it is sufficient to prevent the exploit's success. The main exploit is a weakness in a 30 year old protocol called SMBv1 (Sever Message Block version 1) found in all Windows systems but regarded as active in Windows 7 and XP. Windows 10 is unaffected.
Infoseceye (Read the blog entries!)
Malicious code and malware.
Misconfigured access rights
Risks of portable devices
Advert of sorts
The Story of Alice and Bob
(Short extract from after-dinner speech by John Gordon at The Zurich Seminar April 1984) I go to lots of conferences on Coding Theory in which complicated protocols get discussed. You know the sort of thing:
"A communicates with someone who claims to be B. So to be sure, A tests that B knows a secret number K. So A sends to B a random number X. B then forms Y by encrypting X under key K and sends Y back to A." and so on.
Because this sort of thing is is quite hard to follow, a few years ago theorists stopped using the letters A and B to represent the main players, and started calling them Alice and Bob.
So now we say "Alice communicates with someone claiming to be Bob. So to be sure, Alice tests that Bob knows a secret number K. Alice sends to Bob a random number X. Bob then forms Y by encrypting X under key K and sends Y back to Alice."
It's supposed to make it easier to understand. Now there are hundreds and hundreds of papers written about Alice and Bob. Alice and Bob have been used to illustrate all sorts of protocols and bits of coding theory in scientific papers. Over the years Alice and Bob have tried to defraud insurance companies, they've exchanged secret messages over a tapped line, and the've played poker for high stakes by mail. Now if we put together all the little details from lots of papers - a snippet from here, a snippet from there - we get a facinating picture of their lives.
This may be the first time in the history of coding theory that a definitive biography of Alice and Bob has been given.
Take Bob. Bob is often selling securities to speculators so we can be pretty sure he's a stockbroker. But from his concern about eavesdropping he is probably into something subersive on the side too.
Take Alice. From the number of times Alice tries to buy stock from him we can say she is probably a speculator. And she's also worried that her husband doesn't get to find out about her financial dealings.
So Bob is a subversive stockbroker and Alice is a two-timing speculator. But Alice has a number of serious problems. She and Bob only get to talk by telephone or by email. And in the country where they live the phone service is very expensive. And Alice and Bob are cheapskates.
So the first thing Alice must do is MINIMISE THE COST OF THE PHONE CALL.
The telephone in their country is also pretty lousy. The interference is so bad that Alice and Bob can hardly hear each other. So the second thing Alice must do is to PROTECT HER MESSAGES AGAINST ERRORS in transmission. On top of that Alice and Bob have very powerful enemies. One of their enemies the is the Tax Authority. Another is the Secret Police.
These enemies have almost unlimited resources. They always listen in to telephone conversations between Alice and Bob. This is a pity since Bob and Alice are always plotting tax frauds and overthrowing the government.
So the third thing ALICE must do is PROTECT HER COMMUNICATIONS FROM EAVESDROPPING. And these enemies are very sneaky. One of their favourite tricks is to telephone Alice and pretend to be Bob. So the fourth thing Alice has to do is to BE SURE SHE IS COMMUNICATING WITH WHOM SHE THINKS SHE IS. Well, you think, so all Alice has to do is listen very carefully to be sure she recognises Bob's voice. But no. You see Alice has never met Bob. She has no idea what his voice sounds like.
All in all Alice has a whole bunch of problems. Oh yes, and there is one more thing I forgot so say - Alice doesn't trust Bob.
Now most people in Alice's position would give up. Not Alice.She has courage which can only be described as awesome. Against all odds, over a noisy telephone line, tapped by the tax authorities and the secret police, Alice will happily attempt, with someone she doesn't trust, whom she can't hear clearly, and who is probably someone else, to fiddle her tax return and to organise a cout d'etat, while at the same time minimising the cost of the phone call.
A coding theorist is someone who doesn't think Alice is crazy. (C) John Gordon 1984