Scribd Logo
Upload

Welcome to Scribd!

  • IA Presentare 03 2019

    Uploaded by

    Andreea David
    4 views9 pages

    Original Title

    IA-presentare-03-2019

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views9 pages

    IA Presentare 03 2019

    Uploaded by

    Andreea David

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    ARTIFICIAL INTELLIGENCE FOR

    CYBERSECURITY (1)

    © MIHAIL CAZACU 2019


    THE ANATOMY OF AN [„OLD SCHOOL”] CYBER
    ATTACK

    Gain access Propagate Do the Cover the


    to a system through the damage tracks
    network

    (C) MIHAIL CAZACU 2019


    GAINING ACCESS TO A SYSTEM (1)

    • Scouting:
    • Technological scouting:
    • Looking for sloppy administrator’s work (open ports, default passwords, etc);
    • Looking for known [to the attacker] vulnerabilities;
    • Social scouting:
    • Learning about the friends, colleagues, business partners;
    • Learning about hobbies, work procedures, memberships in professional associations, etc

    (C) MIHAIL CAZACU 2019


    GAINING ACCESS TO A SYSTEM (2)

    • Choosing the weapon:


    • Matching an identified vulnerability with a malware;
    • Hiding the malware in a container (Word file, pdf, web page, image/video, executable,
    etc);

    • Delivery:
    • Evade detection before delivery;
    • Ensure the malware is executed after delivery;

    (C) MIHAIL CAZACU 2019


    GAINING ACCESS TO A SYSTEM (3)

    • Exploitation;
    • Persistence;
    • Defense evasion.

    (C) MIHAIL CAZACU 2019


    PROPAGATE THROUGH THE NETWORK

    • Discovery of the network’s structure;


    • Privilege escalation;
    • Execution;
    • Credentials access;
    • Lateral movement.

    (C) MIHAIL CAZACU 2019


    DOING THE DAMAGE

    • Sabotage;
    • Exfiltration;
    • Ransomware;

    (C) MIHAIL CAZACU 2019


    COVER THE TRACKS

    • Delete malware;
    • Delete logs;
    • Patch the exploited vulnerability;
    • Shut down the Command and Control center;
    • Plant other malware;
    • Replace logs.
    (C) MIHAIL CAZACU 2019
    ROOT CAUSES FOR THE EXISTENCE OF
    CYBERATTACKS
    • “There cannot be a set of axioms which is both complete and consistent, nor can the
    system’s consistency be proved using the system’s axioms” (Gödel’s first and second
    incompleteness theorems, 1931)
    • This means we cannot design a system of non-contradictory rules which would cover all the
    possible cases;
    • “There cannot be determined by knowing the description of an arbitrary computer
    program and by knowing an arbitrary input if the program receiving that input
    would halt” (Turing’s Halting Problem, 1936)
    • This means we cannot be sure we can establish all the things a program might do just by
    analyzing its code.
    (C) MIHAIL CAZACU 2019

    You might also like