Skip to content

Introduction to cyber security – Week 1, Threat Landscape

04/11/2014

Terminology

CIA – guiding principal

  • Confidential – only to be read by right people
  • Integrity – only changed by authorised people/processes
  • Availability – available to read/use whenever we want

Information assets

  • Information asset could be customer data amongst other things
  • Authentication – necessary to verify identity of source of request of information.
  • Non-repudiation – ensuring users cannot deny sending message or performing action e.g. denying a money transfer was requested form a bank.

Malware

  • Ransomware – malware demands payment to refrain from doing something or to under effects of harmful action.
  • Spyware – records user activity e.g. password logging, transmits information to malware writer.
  • Botnets – allow attacker to take control of computer to send spam email or to attack servers with DDOS attacks.

Phising

  • Form of social engineering.
  • Method to obtain personal information including usernames and passwords.

Spear phising

  • A very targeted phising attack, e.g. against a specific individual or organisation.

Vulnerability

  • Potential point for security breach

Threat

  • Some danger that can exploit vulnerability

Countermeasure

  • Action taken to protect information assets from vulnerabilities and threats.

Describing a cyber-security breach

CIA concepts, malware involvement, asset attacked

With regards to the attack on Target a specific form of phising, called spear phising, was employed against a contractor working for the organisation rather than Target themselves. The spear phising involved sending an email to an employee of the contractor which seemed legitimate, when this email was opened malware was deployed on their computer. The type of malware used would have been spyware which gathered information about the network including server addresses, login credentials etc. This information was then used by the attacker to gain unauthorised access to Targets internal network where they were able to steal sensitive user information.

Confidentiality was breached as sensitive information was read by people it was not intended for. Authenticate was in place and working but it was circumvented by the attacker by using the contractors credentials obtained by spyware. The case for non-repudiation would be strong as transactions carried out with the stolen information may have been made with the customer being unaware.

Knowing your enemies

A threat to your communications

The free pizza spam mail supposedly from Pizza Hut lures victims into clicking what they think is a link for a voucher but in fact is a zip file which contains an executable. This executable installs a botnet which then searches for vulnerable web servers which it then infects which in turn infect more computers. The likely source of the attack would be cyber criminals looking to infect as large a number of computers as possible while remaining just off the radar. There is potential to infect each compromised computer with a secondary form of malware perhaps to obtain personal information or to gain unauthorised access to corporate information assets. Reference: http://www.fireeye.com/blog/technical/malware-research/2014/06/a-not-so-civic-duty-asprox-botnet-campaign-spreads-court-dates-and-malware.html

A threat to your information

The Win32/Crowti ransomware is delivered by spam but also exploit kits directly attacking vulnerable computers. Once installed it locks files on the computer and directs users to a Tor (anonymous) page to make payment for release of their files. This affects both home users and those in working organisations. This kind of attack by cyber criminals highlights the need to keep software up to date, in this case Java and Flash. Reference: http://www.infosecurity-magazine.com/news/crowti-ransomware-blooms-in-the-us/

Securing your digital information

Online banking

The main security issues which could threaten actions such as checking your balance or making a payment would likely come from malware. This could be in the form of a phising attack with an email pertaining to be from your bank requesting that you verify key personal information via a spoofed website. This information could then be used to gain unauthorised access to your accounts where the cyber criminal could then clean out your funds. Another way criminals may attempt to gain your information assets would be by spyware which could be installed via a spam email of a direct attack by a root kit. The spyware would sit passively collecting login credentials for your banking websites and then send this information back to the attacker. This type of attack would breach confidentiality and integrity as unauthorised people would gain access to your sensitive information.

Links

Microsoft Security Response Centrehttp://technet.microsoft.com/en-us/security/dn440717

Apple Product Security https://ssl.apple.com/support/security/

Advertisements

From → Cyber Security

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: