Professional Documents
Culture Documents
Security
Assets and Security threats
Discussion
T. J . Max
Security
information asset
• A threat vector is a term used to describe where a threat originates and the path it takes
to Reach a target.
• Example- an e-mail message sent from outside the Organization to an inside employee
containing an executable attachment that happens to be a trojan program, which will
compromise the Recipient’s computer if opened.
• Understanding threat vectors is also important for explaining to others, such as
management, how the protective mechanisms work and why they are important.
• Insider threat vectors take many forms.
Types of security threats
https://www.stealthlabs.com/
blog/cyber-security-threats-all-you-
need-to-know/
Malware
A computer worm uses its own coding to replicate, although it may rely on the
existence of other related code to do so.
The key to a worm is that it does not directly modify other host code to replicate.
A worm may travel the internet trying one or more exploits to compromise a computer,
and if successful, it then writes itself to the computer and begins replicating again.
Ransomware
Wannacry ransomware (May 2017)
Over 45k compromises across 74 countries
Remote code execution in smbv1 using eternal blue exploit
445/TCP, or via netbios (135-139/UDP&TCP), smbv1 deprecated
Patch released on 14 March 2017 (MS17-010)
Exploit released on 14 april 2017
Advance
persistent theft
an advanced persistent
threat is a sustained,
human intensive attack
that leverages the full
range of computer
intrusion techniques.
Trojan
Trojan programs and viruses compromise computers on the trusted internal network
Trojan programs are covertly installed pieces of software that perform functions with
the privileges of authorized users, but unknown to those users.
Common functions of trojans include stealing data and passwords, providing remote
access and/or monitoring to someone outside the trusted network, or performing
specific functions such as spamming.
When trojans are installed on a trusted system, they run with the same credentials and
privileges as the user whose account they exploit, so they constitute a form of insider
threat.
Trojans are dangerous because they can hide themselves in authorized communication
channels such as web browsing.
Trojans may be installed by authorized internal staff, by unauthorized people who gain
physical or network access to systems, or by viruses.
rootkits
collections of software programs used to hide the existence of malicious software on
computer systems .
refers to a software toolkit that gives an unauthorized user root access (root is the
administrative account on UNIX systems), while hiding the actions of the unauthorized
user.
replace existing system tools (such as those used to list processes (top) and folder
contents (ls)) such that the modified versions conceal the existence of the unauthorized
user.
One of the goals of malware programs is to install a rootkit on the victim machine.
Of all software threats, rootkits are particularly insidious because of their ability to
subvert standard operating system protections.
For this reason, it can be almost impossible to remove rootkits
https://blog.malwarebytes.com/threat-analysis/2016/12/simple-userland-rootkit-a-case-study/
Zombies/ bots
A zombie is a computer connected to the internet that has been compromised in such a
way that it performs malicious tasks at the direction of a remote controller.
their unquestioning compliance with remote directions gives them the name of
zombies.
The owners of zombie computers are generally unaware of the compromise until they
are informed by their system administrators.
Botnets are quite affordable.
Twenty-four-hour rental rates for 100,000–2,000,000 zombies are approximately $200.
21 zombies are generally used to perform three kinds of activities – send spam, launch
denial of service attacks, and perform dictionary attacks to break passwords.
STUNEX
Agent/
Actors Action
Assets
Threat agents/actor
Internal agents
External agents
Partners
External agent
Outside the organization and no link to organization
itself
Activist group - “ hacktivist ” organization, groups
that mix political activism with hacking activities
Foreign government
Cybercrime – 419 Nigerian scam
Organized groups - threats require the cooperation of
multiple agents acting together
e.g., CarderPlanet - most sophisticated organizations
of online financial criminals in the world
External
threats
Competitors
customers
Natural causes and
infrastructure failure
Former employee
Internal threats
Malware - Intentional
Hacking - Intentional
Social engineering - Intentional
Physical – Intentional/ accidental
Error- Accidental – Malfunction, user error
Environment - Natural – Natural disaster, earthquake, storms/ flood
Hacking
Brute-force attack - method by which a hacker tries to gain access to an
account on the target system by trying to “guess” the correct password
Default credential attack - refer to incidents in which a hacker gains
access to the system or software protected by standard preset (and
therefore widely known) usernames and passwords.
Buffer overflow attack -violating programming languages and
overwriting the bounds of the buffers they exist on
Cross-site scripting - occurs when a website allows a malicious user to
enter information with malicious content in it.
SQL injection attack - an attack technique used to exploit how web
pages communicate with back-end databases
Misuse – Abuse of privileges, Fraud of embezzlement, use of
unapproved software
Cross site scripting
<?php
$name = $_GET['name'];
echo "My name is $name<br>";
echo "<a href="http://xssattackexamples.com/">Click to
Download</
a>";
?>
A malicious hacker could craft the following URL to
index.php?name=guest<script>alert('owned')</script>
SQL injection
pretexting
pretexting is a technique in which the attacker uses a fictitious scenario to manipulate
someone into performing an action or divulging information. pretexting is also known
outside the technical area as “con game” or “scam.”
One type of pretexting is phishing
Physical Attack
Physical Attacks
A physical action involves the tangible or palpable aspect of an asset.
In today’s world of interconnectedness, the least popular means of attack is direct
physical access, but if an attacker can physically access a computer, it’s game over.
They literally can do anything, including physically damage the computer, steal
passwords, plant keystroke logging trojans, and steal data.
Unauthorized access - many organizations require to have certain areas protected by
card access mechanisms but there are many people unaware of this and unauthorized
access can occurred.
Theft - or another study area. You will notice how
Easy it would be to take someone ’s laptop when they step out quickly to go to the
restroom.
https://youtu.be/Mk9CA8MkUXY
Physical attack
During microsoft certified magazine’s 2002 security summit conference, the conference
leaders then invited anyone at the conference, and on the internet, to hack the servers.
After several days, the servers did not suffer a single successful hack, except for a
physical access attack one of the participants, a trusted conference presenter no less,
sent
The security guard soda after soda during the night.
After five sodas, the security guard went to the bathroom, and the gray hat attacker
placed a bootable diskette in one of the
Servers and exploited it.
It taught two lessons.
First, physical security is a necessity.
And second, it is often those we trust that break our security.
Error
Air conditioning
failure
Hurricanes
Flooding
Earthquake
Wildfire
Natural disaster
Threat and vulnerability
VULNREBILITY
Pandemic attack
Ransomware attack
Cloud breaches
Mobile security threats
IoT attacks
https://www.stealthlabs.com/blog/cyber-security-
threats-all-you-need-to-know/
Summary
Asset
Threat
Threat vector
Types of Threat
Threat model
Agent, action, asset
Mind map