Knight Talks Tech

Introduction to cyber security – Week 1, Threat Landscape

Terminology

CIA – guiding principal

Information assets

Malware

Phising

Spear phising

Vulnerability

Threat

Countermeasure

Describing a cyber-security breach

CIA concepts, malware involvement, asset attacked
With regards to the attack on Target a specific form of phising, called spear phising, was employed against a contractor working for the organisation rather than Target themselves. The spear phising involved sending an email to an employee of the contractor which seemed legitimate, when this email was opened malware was deployed on their computer. The type of malware used would have been spyware which gathered information about the network including server addresses, login credentials etc. This information was then used by the attacker to gain unauthorised access to Targets internal network where they were able to steal sensitive user information.
Confidentiality was breached as sensitive information was read by people it was not intended for. Authenticate was in place and working but it was circumvented by the attacker by using the contractors credentials obtained by spyware. The case for non-repudiation would be strong as transactions carried out with the stolen information may have been made with the customer being unaware.

Knowing your enemies

A threat to your communications

The free pizza spam mail supposedly from Pizza Hut lures victims into clicking what they think is a link for a voucher but in fact is a zip file which contains an executable. This executable installs a botnet which then searches for vulnerable web servers which it then infects which in turn infect more computers. The likely source of the attack would be cyber criminals looking to infect as large a number of computers as possible while remaining just off the radar. There is potential to infect each compromised computer with a secondary form of malware perhaps to obtain personal information or to gain unauthorised access to corporate information assets. Reference: http://www.fireeye.com/blog/technical/malware-research/2014/06/a-not-so-civic-duty-asprox-botnet-campaign-spreads-court-dates-and-malware.html

A threat to your information

The Win32/Crowti ransomware is delivered by spam but also exploit kits directly attacking vulnerable computers. Once installed it locks files on the computer and directs users to a Tor (anonymous) page to make payment for release of their files. This affects both home users and those in working organisations. This kind of attack by cyber criminals highlights the need to keep software up to date, in this case Java and Flash. Reference: http://www.infosecurity-magazine.com/news/crowti-ransomware-blooms-in-the-us/

Securing your digital information

Online banking

The main security issues which could threaten actions such as checking your balance or making a payment would likely come from malware. This could be in the form of a phising attack with an email pertaining to be from your bank requesting that you verify key personal information via a spoofed website. This information could then be used to gain unauthorised access to your accounts where the cyber criminal could then clean out your funds. Another way criminals may attempt to gain your information assets would be by spyware which could be installed via a spam email of a direct attack by a root kit. The spyware would sit passively collecting login credentials for your banking websites and then send this information back to the attacker. This type of attack would breach confidentiality and integrity as unauthorised people would gain access to your sensitive information.

Links

Microsoft Security Response Centrehttp://technet.microsoft.com/en-us/security/dn440717
Apple Product Security https://ssl.apple.com/support/security/

Exit mobile version