Unit 5

Security
Assets and Security threats
Discussion

 T. J . Max
Security

 The basic assumptions of security are as follows:

 We want to protect our assets.
 There are threats to our assets.
 We want to mitigate those threats.
 Assets
conventional assets
 What are you trying to protect?
 Data
 Information
 Properties
 Asset is a resource or information that is to be
protected.

information asset

Difference is invisibility and duplicability.

 Security Threat
• A threat is defined as the capabilities, intentions and
attack methods of adversaries to exploit or cause harm to
assets .
• threat to organizational continuity originating from
• malicious internet attacks
• poor quality security policies and testing/audit
procedures.
• Write down a threat you face in your daily life.
• https://atlas-cybersecurity.com/cyber-threats
Threat vector

• A threat vector is a term used to describe where a threat originates and the path it takes
to Reach a target.
• Example- an e-mail message sent from outside the Organization to an inside employee
containing an executable attachment that happens to be a trojan program, which will
compromise the Recipient’s computer if opened.
• Understanding threat vectors is also important for explaining to others, such as
management, how the protective mechanisms work and why they are important.
• Insider threat vectors take many forms.
Types of security threats

https://www.stealthlabs.com/
blog/cyber-security-threats-all-you-
need-to-know/
Malware

 any type of malicious

software designed to harm
or exploit any
programmable device,
service or network.
Virus

 Viruses typically arrive in documents, executable files, and e-mail.

 They may include trojan components that allow direct outside access, or they may
automatically send private information, such as ip addresses, personal information, and
system configurations, to a receiver on the internet.
 These viruses usually capture and send password keystrokes as well.
Computer Worms

 A computer worm uses its own coding to replicate, although it may rely on the
existence of other related code to do so.
 The key to a worm is that it does not directly modify other host code to replicate.
 A worm may travel the internet trying one or more exploits to compromise a computer,
and if successful, it then writes itself to the computer and begins replicating again.
Ransomware
 Wannacry ransomware (May 2017)
 Over 45k compromises across 74 countries
 Remote code execution in smbv1 using eternal blue exploit
 445/TCP, or via netbios (135-139/UDP&TCP), smbv1 deprecated
 Patch released on 14 March 2017 (MS17-010)
 Exploit released on 14 april 2017
Advance
persistent theft

 an advanced persistent
threat is a sustained,
human intensive attack
that leverages the full
range of computer
intrusion techniques.
Trojan
 Trojan programs and viruses compromise computers on the trusted internal network
 Trojan programs are covertly installed pieces of software that perform functions with
the privileges of authorized users, but unknown to those users.
 Common functions of trojans include stealing data and passwords, providing remote
access and/or monitoring to someone outside the trusted network, or performing
specific functions such as spamming.
 When trojans are installed on a trusted system, they run with the same credentials and
privileges as the user whose account they exploit, so they constitute a form of insider
threat.
 Trojans are dangerous because they can hide themselves in authorized communication
channels such as web browsing.
 Trojans may be installed by authorized internal staff, by unauthorized people who gain
physical or network access to systems, or by viruses.
rootkits
 collections of software programs used to hide the existence of malicious software on
computer systems .
 refers to a software toolkit that gives an unauthorized user root access (root is the
administrative account on UNIX systems), while hiding the actions of the unauthorized
user.
 replace existing system tools (such as those used to list processes (top) and folder
contents (ls)) such that the modified versions conceal the existence of the unauthorized
user.
 One of the goals of malware programs is to install a rootkit on the victim machine.
 Of all software threats, rootkits are particularly insidious because of their ability to
subvert standard operating system protections.
 For this reason, it can be almost impossible to remove rootkits

https://blog.malwarebytes.com/threat-analysis/2016/12/simple-userland-rootkit-a-case-study/
Zombies/ bots

 A zombie is a computer connected to the internet that has been compromised in such a
way that it performs malicious tasks at the direction of a remote controller.
 their unquestioning compliance with remote directions gives them the name of
zombies.
 The owners of zombie computers are generally unaware of the compromise until they
are informed by their system administrators.
 Botnets are quite affordable.
 Twenty-four-hour rental rates for 100,000–2,000,000 zombies are approximately $200.
21 zombies are generally used to perform three kinds of activities – send spam, launch
denial of service attacks, and perform dictionary attacks to break passwords.
STUNEX

 Stuxnet reportedly destroyed numerous centrifuges in iran’s natanz uranium enrichment

facility by causing them to burn themselves out.
 Over time, other groups modified the virus to target facilities including water treatment
plants, power plants, and gas lines.
 Stuxnet was a multi-part worm that traveled on usb sticks and spread through microsoft
windows computers.
Dos attack

 Denial of service is the

unauthorized prevention
of access to resources or
the delaying of time-
critical operations .
 Distributed denial-of-
service (ddos) is the use
of many compromised
systems to cause denial
of service for users of
the targeted system .
Packet sniffing

 packet sniffing is the act of

intercepting and monitoring
data passing through a
computer network.
Other attacks

 Zero-day exploits : A zero-day exploit compromises a previously unknown

vulnerability in computer software
 Password guessing : password guessing is the act of repeatedly trying different
password associated with a user account until the correct password is found
 Social engineering : social engineering is the art of manipulating people into
performing desired actions .
Threats model

Agent/
Actors Action

Assets
Threat agents/actor

 Internal agents

 External agents

 Partners
External agent
 Outside the organization and no link to organization
itself
 Activist group - “ hacktivist ” organization, groups
that mix political activism with hacking activities
 Foreign government
 Cybercrime – 419 Nigerian scam
 Organized groups - threats require the cooperation of
multiple agents acting together
 e.g., CarderPlanet - most sophisticated organizations
of online financial criminals in the world
External
threats

 Competitors
 customers
 Natural causes and
infrastructure failure
 Former employee
Internal threats

 Internal agents are people linked to the organization, often as

employees
 Help desk - assigned certain privileges that, either through error or
misuse, could affect the operations of a company
 Human resource - assignment and removal of privileges in IT systems
 Janitorial services
 Internal auditors
 Upper management
Partner
 any third party sharing a business relationship with the
organization
 Consulting services and contractors
 Cloud services – dropbox - software bug in its authentication
system.
 Venders and suppliers
 not able to provide needed resources,
 or do not exercise proper quality control on devices,
 or do not properly evaluate the business relationships
 they maintain, the effect to a business may be
considerable
Threat Action

 Malware - Intentional
 Hacking - Intentional
 Social engineering - Intentional
 Physical – Intentional/ accidental
 Error- Accidental – Malfunction, user error
 Environment - Natural – Natural disaster, earthquake, storms/ flood
Hacking
 Brute-force attack - method by which a hacker tries to gain access to an
account on the target system by trying to “guess” the correct password
 Default credential attack - refer to incidents in which a hacker gains
access to the system or software protected by standard preset (and
therefore widely known) usernames and passwords.
 Buffer overflow attack -violating programming languages and
overwriting the bounds of the buffers they exist on
 Cross-site scripting - occurs when a website allows a malicious user to
enter information with malicious content in it.
 SQL injection attack - an attack technique used to exploit how web
pages communicate with back-end databases
 Misuse – Abuse of privileges, Fraud of embezzlement, use of
unapproved software
Cross site scripting

<?php
$name = $_GET['name'];
echo "My name is $name<br>";
echo "<a href="http://xssattackexamples.com/">Click to
Download</
a>";
?>
A malicious hacker could craft the following URL to
index.php?name=guest<script>alert('owned')</script>
SQL injection

 SELECT fname, phone FROM contacts WHERE lname = ‘doe’

 But what if we entered the following in the text box:
 Doe’ OR ‘1=1’;
 Since the ‘1 = 1’ condition is always true, the database would return all of its contents.
 ButiIt gets worse.
 Doe' exec master.Dbo.Xp_cmdshell 'iisreset/stop'
 If the database server allows shell escapes (commands could be executed outside the
database environment, on the actual operating system itself), the above input would
stop the IIS web server on the machine.
Social engineering

 pretexting
 pretexting is a technique in which the attacker uses a fictitious scenario to manipulate
someone into performing an action or divulging information. pretexting is also known
outside the technical area as “con game” or “scam.”
 One type of pretexting is phishing
Physical Attack
 Physical Attacks
 A physical action involves the tangible or palpable aspect of an asset.
 In today’s world of interconnectedness, the least popular means of attack is direct
physical access, but if an attacker can physically access a computer, it’s game over.
 They literally can do anything, including physically damage the computer, steal
passwords, plant keystroke logging trojans, and steal data.
 Unauthorized access - many organizations require to have certain areas protected by
card access mechanisms but there are many people unaware of this and unauthorized
access can occurred.
 Theft - or another study area. You will notice how
 Easy it would be to take someone ’s laptop when they step out quickly to go to the
restroom.

https://youtu.be/Mk9CA8MkUXY
Physical attack
 During microsoft certified magazine’s 2002 security summit conference, the conference
leaders then invited anyone at the conference, and on the internet, to hack the servers.
 After several days, the servers did not suffer a single successful hack, except for a
physical access attack one of the participants, a trusted conference presenter no less,
sent
 The security guard soda after soda during the night.
 After five sodas, the security guard went to the bathroom, and the gray hat attacker
placed a bootable diskette in one of the
 Servers and exploited it.
 It taught two lessons.
 First, physical security is a necessity.
 And second, it is often those we trust that break our security.
Error

 Includes everything done incorrectly and unintentionally

 Data entry errors come in two varieties: omission or commission. With
errors of omission, a value is not entered in the appropriate manner.
Errors of commission refer to the integrity of the data entry.
 Misconfiguration
 Special care must be taken by system administrators when dealing with
servers containing personally identifiable information.
Environment

 Air conditioning
failure
 Hurricanes
 Flooding
 Earthquake
 Wildfire
 Natural disaster
Threat and vulnerability

VULNREBILITY

ASSETS CONTROL THREAT

Threats in 2021

 Pandemic attack
 Ransomware attack
 Cloud breaches
 Mobile security threats
 IoT attacks

https://www.stealthlabs.com/blog/cyber-security-
threats-all-you-need-to-know/
Summary

 Asset
 Threat
 Threat vector
 Types of Threat
 Threat model
 Agent, action, asset
Mind map

 Types of security threat and their impact on an organization

 “Employee theft Of intellectual property”
 “malware causing outages on networks”
 “competitor espionage of e-mail”?
 How about “cleaning staff theft of trade secrets”?
 “software bugs leading to corruption Of financial data”?
 There are things you can do to defend against these threats, detect them, Or even deter
them.
Group Discussion

 Finding examples and

situations where and how
damage to data and
equipment can occur
 Group 1
 Group 2
 Group 3
 15 minutes for preparation
 5 minutes discussion for each
group