WHAT IS CYBER SECURITY
It is a cyber threats to information, information systems, and information infrastructure.
While information security has been a topic of extreme importance since the beginning of time, the ubiquitous nature of today’s Internet has accelerated the importance of this area to a new and critical level.
It is absolutely imperative, that in today’s world, one must have confidence that secrets, whether they are composed of credit card numbers, personal data or information of national importance, remain secret as they pass through myriad elements encountered along the communication path from source to destination.
While measure to counter the cyber attack might be of great importance, it is highly indispensable to really understand the type of attacks launched at the application level.
CYBER ATTACKS THAT CAN BE LAUNCHED AGAINST INTERNET PROTOCOL
- Social: Socially engineered threats, Phishing
- Application: Flash and PDF obfuscations, Fast-ﬂux DNS switching, SQL injection, XSS script, DNS poisoning attack
- Presentation: PDF encryption, Insert content by attacking CSS ﬁles that are referenced by every page on the Web site
- Session: SSL Man-in-the-middle attacks, SSLstrip, RPC DCOM attack, portmapper exploits
- Transport: SYN-Fragment attack, De-synchronization, SYN ﬂooding, sequence number predictio
- Network: WEP, WPA, Deauth attack, Route injection, IP address spooﬁng attacks, VPN cache attack
- Datalink: 802.1X attacks, middle man attack
- Physical : Jamming Attacks
Note: The aforementioned attack lists may be encountered, not only within the protocol stack, but beyond it. Each layer has its weakness that can be attacked, especially the application and representation layers.
From an Internet perspective, the network-based attacks will exploit such things as the OS, applications and hardware, as well as weaknesses in the configuration, syntax, semantics and validation through malware.
Attacks to confidentiality involve memory scraping, eavesdropping and packet sniffing.
Attacks to integrity are encountered through modification of content.
Authenticity attacks involve identity theft, password cracking, phishing, DNS attacks and cache poisoning. Mutated attacks lead to an invasion of security equipment and measures. Distributed denial of service (DDoS) attacks disrupt or block availability, and social engineering attacks can involve a whole host of measures that range from sharing information to poor execution of procedures that are put into place for the purpose of preventing attacks.
Vulnerability in software code allows a product to be exploited so that attackers can gain privileged rights to access a host or data. An example of a software vulnerability is an improperly defined memory usage within a function that enables content sent to a specific memory location to be run with privileged rights.
An exploit is a specially crafted code, which can take advantage of a vulnerability within an application or process, such as a heap spray, i.e., an exploit to facilitate an arbitrary code execution by injecting a certain sequence of bytes at a predetermined location in the memory of a target process, a buffer overflow attack, etc. An exploit can be hiding in an infected website where it ambushes visiting hosts or it may be launched from another computer using a remote attack.
Vividly, vulnerability is everywhere and thus security must be addressed across a wide spectrum. It is in a sense frightening to see the many avenues of attack and understand that all must be protected in order to ensure any degree of security. Just as a chain is only as strong as its weakest link, it is the weakest layer/component/module that will be the target of an attack.
Social engineering is another method of attack and is usually used to trigger a person to use a crafted link, visit a crafted website, or even links within a search engine’s search results. A “Drive-by-Download” begins with a user visiting a website that hosts an exploit, which then compromises the user’s web browser.
Once the end user’s host has been compromised, the exploit makes a call to download the malware. One commonly overlooked aspect of “Drive-by downloads” is that they require a vulnerable web browser to be compromised by an exploit. Any security solution that blocks the exploit will prevent the malware from being downloaded.
In order to fully comprehend the stealth level and vulnerability this security loophole could cause, consider this scenario.
GOOGLE – OPERATION AURORA ATTACK
The “Operation Aurora” attack on Google, conducted in January of 2010, is a prime example of a successful exploitation of a browser vulnerability. The attackers used what was thought to be a then-unknown, zero-day, vulnerability (CVE-2010-0249) in multiple versions of Internet Explorer.
When a user visited an infected web page hosting the attack code, the downloaded code implemented a heap spray technique, which is most useful in attacking browsers, and then secretly installed malicious code on the user’s host.
The code enabled the perpetrators to control those computers and collect sensitive data. In February 2010, NSS Labs conducted a test of seven endpoint protection products, assessing their respective protection capabilities using the Operation Aurora attack.
All of the tested products blocked the original payload. However, when the malicious payload was mutated, all but one product (McAfee) had difficulties stopping the exploit . Thus, McAfee provides superior protection for this vulnerability by blocking these malicious payloads.Each layer of the Internet model is subject to attacks against their various weaknesses. Attackers naturally choose the weakest part of the security as their launching pad for an attack.
Each layer of the Internet model is subject to attacks against their various weaknesses. Attackers naturally choose the weakest part of the security as their launching pad for an attack.
SOLUTION ( to this type of attack)
Defense measures for this attack are available for SSL using the Extended Validation Secure Sockets Layer (EVSSL), and for the Link layer using the Media Access Control (MAC) Security 802.1ae. It is the responsibility of the content and service providers, as well as the users, to understand the defense mechanisms and take cautious actions in order to maintain security.
My next post will focus on the following
- Different types of malware and their means of propagation
- The vulnerability naming schemes
- How polymorphism and metamorphism are employed in malware to mutate in an attempt to avoid detection
- Motivation that underlies the cyber attacks, and explore some of the methods employed in attacking high value targets
- The spectrum of techniques that can be used to counter or eliminate the security threat.