Assignment 01

Information security
Group – Ahad Ali, Adarsh Chand, Ayush Singh, Mudit Mani Mishra, Nasir Jeya

Enterprise Network
1. Ransomware Attack on ICBC:
• Overview: ICBC, the world's largest lender by assets fell victim to a sophisticated
ransomware attack. The attackers exploited a vulnerability in the institution's outdated
software, gaining unauthorized access to critical systems. The hackers used LockBit 3.0
as each instance of the malware requires a unique password to run without which analysis
is extremely difficult or impossible. The researchers added that the ransomware is
“heavily protected” against analysis.
• Security Impact:
• Confidentiality: The attackers accessed and encrypted sensitive customer financial
data using lockbit which is a ransomware-as-a-service software threatening to make the
data public unless a ransom was paid.
• Integrity: The integrity of financial transactions was compromised as the attackers
had control over the systems, potentially manipulating or blocking transactions.
• Availability: The institution's systems were paralyzed as files and services were
encrypted, leading to downtime until the ransom was paid or systems were restored from
backups.
• Lessons Learned:
• Regularly update and patch software to eliminate known vulnerabilities.
• Implement robust backup and recovery strategies to minimize the impact of
ransomware attacks.
• Enhance user awareness training to recognize phishing attempts and social
engineering.
2. Supply Chain Attack on SolarWinds:
• Overview: In this case, Attackers injected a backdoor into a software update of
SolarWinds, a popular networking tool used by many high profile companies and
government agencies. The backdoor allowed attackers remote access to thousands of
corporate and government servers.
• Security Impact:
• Confidentiality: Intellectual property and sensitive manufacturing processes were
exposed to unauthorized parties, risking corporate espionage.
• Integrity: The injected code disrupted normal processes, potentially leading to
defective products or safety hazards.
• Availability: Network operations were disrupted, causing delays and financial
losses.
• Lessons Learned:
• Conduct thorough security assessments of third-party vendors, especially those in
the supply chain.
• Implement code review processes to identify and mitigate potentially malicious
code.
• Establish incident response plans for rapid detection and containment of supply
chain attacks.
•
The above case study highlight the importance of regular security assessments, patch
management, user awareness training, supply chain security, and incident response
planning in mitigating and preventing security incidents in enterprise networks. Always
refer to the latest security advisories and industry best practices for the most up-to-date
information.

Cloud
3. Misconfigured S3 Bucket Exposing Sensitive Airport Data:
• Overview: A misconfigured Amazon S3 bucket resulted in 3TB of airport data
(more than 1.5 million files) being publicly accessible, open, and without an
authentication requirement for access, highlighting the dangers of unsecured cloud
infrastructure within the travel sector. The exposed information, uncovered by Skyhigh
Security, includes employee personal identification information (PII) and other sensitive
company data affecting at least four airports in Colombia and Peru
• Security Impact:
• Confidentiality: Sensitive customer data, such as personally identifiable
information (PII), was exposed to unauthorized individuals or entities.
• Integrity: There was a risk of data manipulation or unauthorized changes to the
exposed information, impacting its integrity.
• Availability: The company's reputation suffered, and potential legal consequences
arose due to the exposure of sensitive data.
• Lessons Learned:
• Regularly audit and review cloud configurations to ensure they align with security
best practices.
• Implement proper access controls and encryption on cloud storage services.
• Utilize automated tools for continuous monitoring and alerting of
misconfigurations.

4. Distributed Denial of Service (DDoS) Attack on GitHub:

• Overview: One of the largest verifiable DDoS attacks on record targeted GitHub,
a popular online code management service used by millions of developers. This attack
reached 1.3 Tbps, sending packets at a rate of 126.9 million per second. The GitHub
attack was a memcached DDoS attack, so there were no botnets involved
• Security Impact:
• Confidentiality: While DDoS attacks typically don't compromise confidentiality
directly, they may serve as a distraction for other attacks or create a smokescreen for
malicious activities.
• Integrity: DDoS attacks do not typically target data integrity but can indirectly
impact it by causing chaos and diverting attention from security monitoring.
• Availability: The primary impact is on availability, as the targeted services became
inaccessible and significantly degraded, leading to financial losses and potential damage
to the organization's reputation.
• Lessons Learned:
• Implement DDoS mitigation strategies, such as traffic filtering and load balancing.
• Utilize content delivery networks (CDNs) to distribute and mitigate traffic.
• Regularly conduct DDoS simulations to evaluate the effectiveness of mitigation
measures.
These above cases emphasize the importance of proactive security measures, continuous
monitoring, and adherence to best practices in cloud security. Security professionals
should stay informed about the latest threats and vulnerabilities in the evolving cloud
landscape and regularly update their security strategies accordingly.

Mobile
5. Pegasus Mobile Malware Exploiting App Permissions:
• Overview: Pegasus works by exploiting vulnerabilities in popular apps like
WhatsApp, iMessage, and FaceTime. Once the victim clicks on a malicious link or
interacts with an infected message, the spyware is silently installed on their device. This
attack occurred couple years ago and is still very common as it’s easy for the attackers to
distribute a malicious mobile application through an official third-party app store. Once
installed, the app exploited these permissions to exfiltrate sensitive user data, track user
activities, and deliver additional malicious payloads.
• Security Impact:
• Confidentiality: The app compromised user privacy by accessing and transmitting
sensitive data, such as contacts, messages, and location information, without user
consent.
• Integrity: The integrity of user data was at risk as the malware could manipulate or
alter information on the device.
• Availability: The presence of the malicious app on the device lead to performance
issues, and in severe cases, the device become part of a larger botnet contributing to
denial-of-service attacks.
• Lessons Learned:
• Users should be cautious when granting permissions to mobile apps and avoid
downloading apps from unofficial sources.
• Mobile app developers should follow the principle of least privilege when
requesting permissions and provide clear explanations for why each permission is
necessary.
• Mobile device management (MDM) solutions and endpoint protection tools can
help detect and mitigate malicious apps.
6. Bluetooth-Based Attack on Mobile Devices:
Overview: Google, Microsoft, Linux (BlueZ), and Apple have rolled out fixes for a
Bluetooth security flaw in 2022, the Bluetooth-based attack tricks the Bluetooth host
machine into pairing with a fake keyboard without user confirmation, allowing threat
actors to take control of Android, Linux, macOS, and iOS devices.
The flaw tracked as CVE-2023-45866 (CVE-2024-0230 for Apple and CVE-2024-21306
for Microsoft) leaves Android devices vulnerable whenever Bluetooth is enabled, while
Linux devices require Bluetooth to be discoverable or connectable. iOS and macOS
devices become vulnerable to the flaw when Bluetooth is enabled, and a Magic Keyboard
has been paired with the phone or computer.
• Security Impact:
• Confidentiality: Sensitive data transmitted over Bluetooth connections, such as
personal or business-related information, could be intercepted and accessed by the
attackers.
• Integrity: The attackers could manipulate Bluetooth communications, potentially
injecting malicious data into the communication stream or disrupting legitimate
connections.
• Availability: The compromise of Bluetooth functionality impacted the availability
of essential services and communication channels, leading to service disruptions.
• Lessons Learned:
• Keep mobile device operating systems and firmware up-to-date to patch known
vulnerabilities.
• Disable Bluetooth when not in use and avoid using it in public places where
attackers might exploit vulnerabilities.
• Educate users on the risks associated with Bluetooth connections and the
importance of updating device software regularly.

These above case studies underscore the importance of user awareness, secure app
development practices, and regular software updates in mitigating security risks in the
mobile domain. Security professionals should stay vigilant, educate users on best
practices, and adopt security measures to protect against evolving threats in the mobile
ecosystem.

Operating system/Database
7. SQL Injection Attack on Cisco Database:
• Overview: In 2018, a SQL injection vulnerability was found in Cisco Prime
License Manager. The vulnerability allowed attackers to gain shell access to systems on
which the license manager was deployed. Cisco has patched the vulnerability.
• Security Impact:
• Confidentiality: The attacker gained unauthorized access to sensitive data stored in
the database, including user credentials, and personal information.
• Integrity: The integrity of the database was compromised as the attacker could
modify, delete, or insert unauthorized data.
• Availability: The whole application became unavailable and users experienced
disruptions.
• Remediation Strategies:
• Use parameterized queries or prepared statements to prevent SQL injection
attacks.
• Regularly conduct security audits and code reviews to identify and address
vulnerabilities in application code.
• Implement least privilege access controls to limit the impact of a successful attack.

8. Zero-Day Exploit on Equifax:

• Overview: The exploitation of a vulnerability in Apache Struts in the year 2017
resulted in a significant data breach at Equifax, which compromised the personal
information of more than 147 million individuals.
• Security Impact:
• Confidentiality: The attacker could access sensitive files, login credentials and
other confidential information on the compromised system.
• Integrity: The integrity of the operating system was compromised, enabling the
attacker to manipulate system settings, install malware, or modify critical files.
• Availability: The availability of the system was compromised and the risk to use
the compromised system as launchpad for new attacks increased
• Remediation Strategies:
• Regularly update and patch operating systems to address known vulnerabilities.
• Employ intrusion detection and prevention systems to detect and block malicious
activity.
• Conduct vulnerability assessments and penetration testing to identify and address
potential weaknesses.

The above cases highlight the importance of proactive security measures, including
regular patching, secure coding practices, and ongoing monitoring to detect and respond
to potential threats in the operating system and database environments.
Web Applications
9. Cross-Site Scripting (XSS) Attack on an E-commerce Website (2023):
• Overview: In 2018, British Airways was a target by Magecart, a hacker group
known for their credit card skimming tactics. They exploited an XSS flaw in Feedify’s
JavaScript library, modifying the script and sending private client information to a fake
server. The fake server had an SSL certificate, deceiving consumers into believing
transactions were safe. The hackers stole 380,000 booking transactions before anyone
discovered the malware flaw.
• Security Impact:
• Confidentiality: Passenger data, including login credentials and personal
information, was exposed to the attackers.
• Integrity: The injected scripts manipulated the content of web pages, potentially
which lead to unauthorized transactions and modifications.
• Availability: The availability of the British airways website was compromised and
people couldn’t book, cancel or modify flights using the webpage
• Remediation Strategies:
• Implement input validation and output encoding to prevent the injection of
malicious scripts.
• Utilize security mechanisms like Content Security Policy (CSP) to mitigate the
impact of XSS attacks.
• Regularly scan and test web applications for vulnerabilities, including XSS.

10. SQL Injection Attack on Yahoo:

• Overview: Yahoo, another multinational company, also suffered a similar data
breach due to a SQL injection attack in 2013. The attackers were able to gain
unauthorized access to sensitive information, such as email addresses, telephone
numbers, and dates of birth, of over 3 billion Yahoo user accounts.

• Security Impact:
• Confidentiality: User records, including email address and personal details, were
compromised by the attacker.
• Integrity: The attacker could manipulate user data, impacting the accuracy and
integrity of medical records.
• Availability: The Yahoo portal experience downtime and disruptions as a result of
the attack, affecting web services
• Remediation Strategies:
• Use parameterized queries or prepared statements to prevent SQL injection
attacks.
• Implement strict input validation to ensure that user inputs do not contain
malicious SQL code.
• Conduct regular security audits and penetration testing on web applications to
identify and address vulnerabilities.

These above situations show the importance of robust security measures in web
applications, including secure coding practices, input validation, output encoding, and
regular security testing.

Embedded
11. Firmware Manipulation in IoT Devices:
• Overview: In this scenario, attackers exploited vulnerabilities in the update
mechanism of Internet of Things (IoT) devices. By tampering with the firmware update
process, they injected malicious code into the firmware, enabling them to take control of
the devices remotely.
• Security Impact:
• Confidentiality: Depending on the type of device, confidential user data (e.g.,
home security footage, personal information) could be exposed to unauthorized entities.
• Integrity: The integrity of the devices' functionality was compromised, as the
attackers could manipulate their behavior or purpose.
• Availability: IoT devices could be rendered non-functional or repurposed for
malicious activities, impacting their availability and usability.
• Remediation Strategies:
• Implement secure firmware update mechanisms, including digital signatures and
secure boot processes.
• Regularly audit and update the embedded software to patch known vulnerabilities.
• Utilize encryption to protect sensitive data stored or transmitted by embedded
devices.
12. Side-Channel Attack on Embedded Systems:
• Overview: In this case, attackers exploited side-channel vulnerabilities in
embedded systems, extracting information by analyzing unintended side-channel signals
such as power consumption or electromagnetic emissions. This technique can be used to
compromise cryptographic keys or sensitive data processed by the embedded system.
• Security Impact:
• Confidentiality: Sensitive data, particularly cryptographic keys or authentication
information, could be exposed to attackers.
• Integrity: The integrity of encrypted communication or secure processes relying
on the compromised keys could be compromised.
• Availability: While side-channel attacks typically do not directly impact
availability, the compromised cryptographic keys could lead to unauthorized access or
manipulation of data, indirectly affecting availability.
• Remediation Strategies:
• Implement countermeasures such as random delays, noise injection, or other
techniques to obfuscate side-channel signals.
• Use hardware-level protections, such as secure elements or Trusted Platform
Modules (TPMs), to safeguard critical operations.
• Regularly evaluate and update cryptographic algorithms and implementations to
address known vulnerabilities.
These case studies underscore the importance of securing embedded systems, particularly
in IoT and critical infrastructure.

IOT
13. Mirai Botnet Attack on IoT Devices:
• Overview: An IoT botnet was used to execute the worst DDoS attack against
Internet performance management services provider Dyn back in October 2016. As a
result, several websites went offline, including majors like Netflix.
• Security Impact:
• Confidentiality: While the primary impact may not be on confidentiality,
compromised devices could potentially be used to collect sensitive data from their
environments, depending on the IoT device's capabilities.
• Integrity: The integrity of the compromised devices is compromised as the
malware takes control, potentially manipulating their behavior or functionality.
• Availability: The devices become part of a botnet, and their resources were used to
launch large-scale DDoS attacks, impacting the availability of online services.
• Remediation Strategies:
• Change default credentials on IoT devices and enforce strong, unique passwords.
• Regularly update and patch IoT device firmware to fix known vulnerabilities.
• Implement network segmentation to isolate IoT devices from critical
infrastructure.
14. Ransomware Attack on Ring Smart Home Devices:
• Overview: The Amazon-owned company Ring has made quite a name for itself in
recent years for two separate security incidents. Once for accidentally revealing user
data to both Facebook and Google via third party trackers embedded into their android
application, and secondly due to an IoT security breach whereby cybercriminals
successfully hacked into several families’ connected doorbell and home monitoring
systems.
• Security Impact:
• Confidentiality: Video footage or audio recordings from compromised smart home
devices may be accessed or monitored by attackers, violating user privacy.
• Integrity: The integrity of smart home device functionality is compromised as the
attackers can manipulate their settings or behavior.
• Availability: The devices =was rendered non-functional, impacting the
availability of essential services like home security or automation.
• Remediation Strategies:
• Regularly update the firmware of smart home devices to patch vulnerabilities.
• Employ strong authentication mechanisms, such as two-factor authentication, for
accessing smart home devices.
• Regularly monitor and audit smart home device activities for unusual behavior.
The above real life breaches emphasize the importance of securing IoT devices, which
are often vulnerable due to weak security practices. Security professionals should focus
on securing device credentials, regularly updating firmware, and implementing measures
to detect and respond to anomalous behavior in the IoT environment.

Wireless
15. KRACK Attack on Wi-Fi Protocols in 2023:
• Overview: In this scenario, a variant of the KRACK (Key Reinstallation Attack)
targets Wi-Fi networks. The attacker exploits vulnerabilities in the WPA2 and WPA3
protocols, allowing them to reinstall a key used in the initial handshake. This could lead
to unauthorized access to encrypted communication, enabling the attacker to intercept or
manipulate data.
• Security Impact:
• Confidentiality: The attacker could decrypt and eavesdrop on Wi-Fi traffic,
potentially gaining access to sensitive information such as login credentials, personal
data, or confidential communications.
• Integrity: By intercepting and manipulating data in transit, the attacker could
compromise the integrity of the information exchanged over the Wi-Fi network.
• Availability: While the primary impact is on confidentiality and integrity, the
availability of Wi-Fi networks is indirectly affected as users may be reluctant to use
compromised networks.
• Remediation Strategies:
• Apply patches and updates to Wi-Fi-enabled devices and networking equipment to
address known vulnerabilities.
• Use WPA3 with the latest security enhancements when available.
• Monitor Wi-Fi networks for unusual activities and implement intrusion detection
and prevention systems.
16. Evil Twin Attack on Public Wi-Fi in USA:
• Overview: An attacker set up a rogue Wi-Fi hotspot with a name similar to a
legitimate public Wi-Fi network, enticing users to connect.Once connected, the attacker
can intercept and manipulate the communication between the user and the internet.
• Security Impact:
• Confidentiality: The attacker can eavesdrop on all the traffic passing through the
rogue Wi-Fi hotspot, potentially capturing sensitive information such as login credentials,
emails, or financial transactions.
• Integrity: By intercepting and modifying data in transit, the attacker could
compromise the integrity of the information being exchanged.
• Availability: While the primary impact is on confidentiality and integrity, the
availability of the legitimate Wi-Fi network is indirectly affected as users may be
deceived into connecting to the rogue hotspot.
• Remediation Strategies:
• Educate users about the risks of connecting to unsecured or unknown Wi-Fi
networks.
• Use Virtual Private Networks (VPNs) to encrypt communication, even on public
Wi-Fi.
• Implement strong authentication mechanisms for Wi-Fi networks to prevent
unauthorized access.
The above case studies highlight the importance of implementing strong security
practices in wireless networks, including timely updates, encryption, and user awareness.

Bluetooth
17. BlueBorne Attack on Bluetooth enabled Devices:
• Overview: In this scenario, a variant of the BlueBorne attack targets Bluetooth-
enabled devices. BlueBorne is an attack vector that allows unauthorized access and
control over devices via Bluetooth. The attacker can exploit vulnerabilities in Bluetooth
implementations to execute arbitrary code on the target device, potentially leading to
unauthorized access, data theft, or malware installation.
• Security Impact:
• Confidentiality: The attacker may gain access to sensitive information on the
compromised device, such as contacts, messages, or files.
• Integrity: By executing arbitrary code, the attacker could manipulate or modify
data on the device, compromising its integrity.
• Availability: Depending on the nature of the attack, the compromised device might
experience disruptions or become unusable.
• Remediation Strategies:
• Keep Bluetooth-enabled devices updated with the latest firmware and security
patches.
• Disable Bluetooth when not in use, especially in public places, to minimize
exposure to potential attacks.
• Implement network segmentation to isolate Bluetooth devices from critical
infrastructure.
18. Bluetooth Impersonation Attack on IFA home devices:
• Overview: Attackers employed a Bluetooth impersonation attack to establish a
connection with a target device by impersonating a trusted device. The attacker may
exploit weaknesses in the Bluetooth pairing process, gaining unauthorized access to the
target device and potentially launching further attacks.
• Security Impact:
• Confidentiality: The attacker may gain access to sensitive information on the
compromised device, depending on the capabilities of the target device.
• Integrity: The attacker could manipulate or inject data into the communication
between the target device and other devices, compromising the integrity of exchanged
information.
• Availability: The compromised device was used to disrupt communication or
services, indirectly impacting availability.
• Remediation Strategies:
• Use strong authentication and encryption protocols during Bluetooth pairing to
prevent impersonation attacks.
• Regularly update device firmware to address known vulnerabilities in Bluetooth
implementations.
• Educate users about the risks of connecting to untrusted Bluetooth devices.
The importance of securing Bluetooth-enabled devices and networks, including regular
updates, strong authentication, and user awareness. Security professionals should stay
informed about the latest Bluetooth vulnerabilities and implement measures to protect
against evolving threats in the Bluetooth domain.

Hardware attacks
19. Thunderstrike 2 Firmware Attack in EFI:
• Overview: Thunderstrike Attack, developed by security engineer Trammell
Hudson, actually took advantage of a vulnerability in Thunderbolt Option ROM that was
used to infect Apple Extensible Firmware Interface (EFI) by allocating a malicious code
into the boot ROM of an Apple computer through infected Thunderbolt devices
• Security Impact:
• Confidentiality: The attacker gains access to sensitive data stored on the
compromised device, potentially exposing personal information, login credentials, or
other confidential data.
• Integrity: The integrity of the device's firmware is compromised, allowing the
attacker to manipulate the firmware to suit their malicious objectives.
• Availability: The firmware could lead to system instability, crashes, or disruptions,
impacting availability.
• Remediation Strategies:
• Regularly update firmware to the latest, secure versions provided by the hardware
manufacturer.
• Implement secure boot mechanisms and digital signatures to verify the integrity of
firmware during the boot process.
• Employ hardware-level protections, such as physical write-protect mechanisms, to
prevent unauthorized firmware modifications.

20. USB-based BadUSB Attack:

• Overview: Rubber Ducky was used to carry out attack by using a flash drive
created with a hidden exploit, that allows it to mimic a keyboard. This device can be pre-
programmed to then inject numerous keystrokes into the unsuspecting users' computer.
• Security Impact:
• Confidentiality: Depending on the attacker's payload, confidential information on
the compromised system may be accessed or exfiltrated.
• Integrity: The attacker can manipulate or alter files and settings on the
compromised system, compromising data integrity.
• Availability: The system was disrupted and malicious actions lead to denial of
service, impacting availability.
• Remediation Strategies:
• Be cautious about plugging in unknown or untrusted USB devices.
• Disable unnecessary USB ports or use endpoint security solutions that can monitor
and control USB device usage.
• Implement network and endpoint security measures to detect and block malicious
activity.
These above real life examples illustrate the importance of securing hardware
components, especially firmware and USB interfaces, and implementing measures to
prevent unauthorized access and manipulations