Photo by Michael Dziedzic on Unsplash
#CyberPodYoruba - Domain 1: Threats, Attacks and Vulnerabilities Contd
CompTIA Security+ Exam Domains
In our last article, please read here; we discussed the Domain 1 of CompTIA Security+ exam which is tagged Threats, Attacks and Vulnerabilities and we discussed some of the keywords that the exam is based on.
Worthy of note: This article can help greatly in the ISC2 One Million Certified in Cybersecurity Certification.
We are going to touch on more social engineering techniques. Let’s dive in.
Keywords explanations and definitions: CompTIA Security+ Domain 1
Spam: This is usually an unsolicited commercial email or message generally considered as an irritant from someone trying to sell something.
SPIM: This means SPam over an Instant Messaging. This is usually delivered through instant messages.
Spam and SPIM can both be delivery channels for ransomware.
Dumpster Diving: A dumpster is a large trash container. Dumpster diving is looking for treasure inside this container. Usually considered legal, dumpster diving is a technique used to extract information that an attacker could later use to carry out an attack on a computer network or a system. A good countermeasure is to have a document shredder.
Tailgating:
Tailgating is a security breach physically whereby an unauthorized person gains access to an office or a building or other protected area, most often by waiting for an authorized person to open and pass through a protected or secured entry and then following the person right behind inside the secured area. This is usually not an accident.
Eliciting information or elicitation:
This is a strategy an attacker uses to extract information without suspicion by the target through a normal casual conversation. It can involve co-conspirators and cover stories to make it look real. One of the most popular ways of eliciting important data is actually social engineering. Some other techniques used include: pretending not to understand and requesting for more detailed explanation, flattery, false statements etc.
Shoulder surfing:
This means an attacker peeking or checking over a victim’s shoulders while he or she is entering his or her credentials or passwords via a mobile phone or a computer.
Pharming:
This implies the combination of phishing and farming. Pharming aims to redirect users/victims to fraudulent websites without their consent.
A good example is an employee of a company who always login to an accounting platform is then redirected to a forged site instead. If the fraudulent site looks like the one he/she is familiar with without a proper check, the employee who is now the victim can end up getting tricked.
The motives behind pharming and phishing attacks are the same, although the techniques used to carry out these fraudulent attacks are quite different. In pharming, an attacker carries out a two-step procedure in order to execute the process.
Step one is that, the attacker pushes a malicious code on the victim’s server or computer while step two is that the code then redirects the victim to a fraudulent site where he or she is asked to enter vital information or their personal information.
Identity Fraud or Identity Theft:
Identity theft is a term used to cover a variety of crimes in which an attacker steals a victim’s personal information typically for the purpose of financial gains.
Prepending
This is when an attacker includes words like “safe” to malicious files or suggests various topics through social engineering in order to get some vital information.
Invoice Scams
Invoice scams occur when attackers change the bank account details on an invoice. Invoice scams usually target small and medium businesses.
Credentials Harvesting
This is when attackers try to gain access to credentials like usernames and passwords that might be stored on a victim’s computer.
Reconnaissance
This is a first step towards a further attack a hacker uses to exploit a victim’s system.
This comes in multiple forms:
Passive discovery: This is an attempt to get some information about a targeted systems and networks without actively engaging with them. This is also a technique that involves not sending packets to the target.
Semi passive discovery: This is an attempt where the attacker touches the target with packets in a non-aggressive way in order to avoid raising alarms on the target.
Active discovery: This is a technique where the attacker engages with the target system directly, with more aggressive techniques that are likely to be noticed by the target e.g. port scanning and tools like nmap.
Impersonation
This is a type of attack where a hacker pretends to be someone they are not so they can steal sensitive information from victims by using social engineering tactics. The attacker attempt to trick their victim into giving up sensitive data or transferring money.
Watering Hole attack
This is typically a targeted attack that is designed to compromise users within a group or specific industry by infecting the websites they usually visit and lure them to a malicious site. The goal is to gain access to their network by infecting the users’ computers with malware.
Typosquatting or URL Hijacking
This happens when a user hit an incorrect key when visiting a website and end up visiting the wrong website.
Pretexting
This is when an attacker tries to convince a victim to give up valuable information by developing a story also known as a pretext which they depend upon as an establishing authority.
Have you heard about #CyberPodYoruba?
Influence campaigns
This is a social engineering attack that is meant to manipulate the mindset of a large number of people. Hybrid warfare is when the attacker uses a blend of conventional and unconventional methods with resources to carry out the influence campaign and may even include advertising. A very good avenue is social media.
The Principles of Social Engineering:
There are 7 principles of social engineering explained in this article.
This is when an attacker cites responsibility, affiliation or position that gives the attacker the rights or authority to make the request.
This is when an attacker suggests the victim may be facing negative outcomes if they do not initiate access or facilitate a process.
This is when the attacker claims that someone in a similar position, they are has carried out the exact same task in the past.
This is when an attacker tells their victims that there is a limited time to get things done.
This is when the attacker attempts to establish a social connection with their victims.
In this case, an attacker tells their victims they know something and they are trying to assist the victim. If the victim falls for this, the attacker then establishes a relationship with them.
The attacker cites immediate action that has to be done and it is bound to sensitivity. It is similar to scarcity.
CompTIA Security+ 1.2:
Given a scenario, analyze potential indicators to determine the types of attack
Malware
Password Attacks
Physical Attacks
Adversarial Artificial Intelligence
Supply-chain attacks
Cloud-based vs. on-premises attacks
Cryptographic
Malware
There are different types of malware:
Ransomware: This is a type of malware attack in which the hacker encrypts and locks the victim’s data, vital documents and files and then demands payment to decrypt and unlock the data. Countermeasures include: backing up your computer, storing your backup separately, cloud-hosted file storage for auto-versioning, using caution web links, using caution with email attachments, update and patching computers, verifying email senders, user awareness training, preventative software programs like email virus scan.
Trojan: This is a software program that appears good and harmless but carries a malicious hidden payload that has the potential to wreak havoc on a system or a network. Countermeasures include only allowing software from trusted sources, and don’t allow users to install software on the system.
Worms: This malware spread copies of itself from one computer to the other by replicating itself without human interaction.
Potentially Unwanted Programs (PUPs): This is an unwanted app often delivered alongside a program the user wants. PUPs include spyware, adware and dialers.
File-less virus: a type of malicious software that does not rely on virus-laden files to infect a host. It exploits applications that are commonly used for a legitimate and justified activity to execute malicious code in the resident memory.
Command and control: This is a computer-controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network.
Bots: represents significant threats due to the massive number of computers that can launch attacks.
Botnet: is a collection of compromised computing devices often called bots or zombies.
Bot herder: a criminal who uses a command-and-control server to remote control the zombies.
Crypto-malware: ransomware that encrypts files stored on a computer or mobile device to extort money.
Logic bombs: Malicious code objects that infect a system and lie dormant until they are triggered by one or more conditions e.g. Program launch, site login etc.
Spyware: malware designed to obtain information from an individual, system or organization.
Keyloggers: designed to log keystrokes. It creates records of everything you type on a computer or a mobile keyboard.
Remote Access Trojan (RAT): a malware that gives an attacker admin control over a target computer.
Rootkit (escalation of privileges): exploit known vulnerabilities in an operating system. Countermeasures include keeping security patches up to date, and use anti-malware.
Backdoor: undocumented command sequences that allow individuals with knowledge of the backdoor to bypass normal access restrictions. This is often used in the development and debugging. Countermeasures include firewalls, anti-malware, network monitoring, code review
Password Attacks
Password Spraying: This is a type of brute-force attack. The attacker tries a password against many different accounts to avoid lockouts that typically come when brute forcing a single account. This succeeds when the administrator or application sets a default password for new users. Some of the countermeasures include Multi-factor authentication (MFA), a captcha and forcing a password change on first login.
Dictionary Attacks: This is a method an attacker uses to break into password-protected systems, networks or other IT resources by strategically entering every word in a dictionary the password. Some of the countermeasures include MFA, biometric authentication, a limited number of password attempts, and force resets after a certain number of failed attempts.
Brute force: This is an attempt to randomly find the correct cryptographic key attempting all possible combinations (trial and error). Password complexity and attacker resources will determine the effectiveness of this attack. Some of the countermeasures include cryptographic salts, captcha, IP blacklists, and throttling the rate of repeated logins.
Offline: attempt to discover passwords from a captured database or a captured packet scan.
Online: attempts to discover a password from an online system eg. an attacker trying to log into an account by guessing the users’ passwords. Most web and wifi attacks are online attacks.
Rainbow Table: Attackers may use rainbow tables which contain pre-computed values of cryptographic hash functions to identify commonly used passwords.
A salt is a random data that is used as additional input to a one-way function that hashes data, a password or a passphrase.
Plaintext/unencrypted: protocols and authentication methods that leave credentials unencrypted like basic authentication and telnet.
### Physical Attacks
The types of physical attacks include:
1. Malicious USB cable
2. Malicious Flash Drive: This attack comes in 2 common forms: Drives dropped where they are likely to be picked up; sometimes effectively a trojan, shipped with malware installed after leaving the factory.
3. Card cloning: focuses on capturing information from **cards used for access,** like RFID and magnetic stripe cards.
4. Skimming: Involves fake card readers or social engineering and handheld readers to capture **(skim) cards and then clone them** so attackers may use them for their purposes. A device (skimmer) is often installed at POS devices like ATMs and gas pumps.
### Adversarial AI
1. Tainted training data for Machine Learning
2. Security of Machine Learning algorithms
### Cryptographic Attacks
1. Birthday
2. Collision
3. Downgrade
Computer Viruses: malicious codes written to alter the way a computer operates and it is designed to spread from one computer to the other. Virus hoaxes are a nuisance that results in a **wasted resources.**
### Multi-Attack Prevention
1. Multi-factor authentication: something you ***know (pin or password),*** something you ***have (trusted device), something*** you ***are (biometric).***
2. Multi-factor authentication prevents phishing, spear phishing, key loggers, brute force and reverse brute force attacks, MITM attacks.
In order to learn more about CompTIA Security+, you can watch this very detailed video on YouTube. Some of the points in this article were extracted from it (article credits).
If you like this article, don't forget to give us a thumbs up. Also, if you plan writing the (ISC)²'s certified in cybersecurity certification, then this is a nice shot for you.
Dont forget to check out Cybersecurity in Yoruba AKA #CyberPodYoruba here.