Studied by 0 people
Looks like no one added any tags here yet for you.
Threat Actors
The entity responsible for an event that has an impact of the safety of another entity.
-Also called a malicious actor
Nation-State (External)
Unskilled attacker (External)
Hacktivist (External)
Insider threat (Internal)
Organized crime (External)
Shadow It (Internal)
Nation-State
External Entity
-Government and national security
Many possible motivations
-Data exfiltration, philosophical, revenge, disruption, war
Constant attacks, massive resources
-Commonly an Advanced Persistent Threat (APT)
Highest Sophistication
-Military control, utilities, financial control
-The United States and Israel destroyed 1,000 nuclear centrifuges with the Stuxnet worm.
Unskilled Attackers
Runs pre-made scripts without any knowledge of what really happening
Motived by the hunt
-Disruption, data exfiltration, and sometimes philosophical
Can be internal or external
-typically external
Not every sophisticated
No formal funding
Hacktivist
A hacker with a purpose
Motived by philosophy, revenge, disruption
Often, an external entity
-could infiltrate to be an insider threat
Can be remarkably sophisticated
-Very Specific hacks
-DoS, website defacing, private document release
Funding may be limited
Insider Threat
More than just passwords on sticky notes
-Motivated by revenge, financial gain
Extensive resources
-Using the organization's resources against themselves
An internal entity
-Eating away from the inside
Medium level of sophistication
-The insider has institutional knowledge
-Attacks can be directed at vulnerable systems
-The insider knows what to hit.
Organized Crime
Professional Criminals
-Motivated by money
-Almost always an external entity
Very sophisticated
-Best hacking money can buy
Crime that's organized
-One person hacks, one person manages the exploits, another person sells the data, and another handles customer support.
Lots of Capital to fund hacking efforts
Shadow IT
Going rogue
-Working around the internal IT organization
-builds their infrastructure
Information Technology can put up roadblocks
-Shadow IT is unencumbered
-Use the cloud
-Might also be able to innovate
Limited resources
-Company budget
Medium sophistication
-May not have IT training or knowledge
Threat Actor Attributes
Include the actor's relationship to the organization, motive, intent, and capability.
Internal/External
-The attack is inside the house
-They are outside and trying to get in
Resource/Funding
-No money
-Extensive funding
Level of Sophistication/Capability
-Blindly runs scripts or automated vulnerability scans
-Can write their own attack malware and scripts
Motivations
What makes an attacker tick?
-There is a purpose to this attack
Motivations include:
Data exfiltration
Espionage
Service disruption
Blackmail
Financial gain
Philosophical/political beliefs
Ethical
Revenge
Disruption/chaos
War
Threat Vectors and Attack Vectors
A method used by the attack to gain access or infect the target.
Message-Based Vectors
-Malicious links in an email
-Link to malicious site
SMS (Short Message Service)
-Attacks in a text message
Instant Messaging (IM)
Phishing attacks
-People want to click links
-Links in email, links send via text or IM
Social Engineering Attacks
-Invoice scams
-Cryptocurrency scams
Image-based vectors
Some image formats can be a threat
- The SVG (Scalable Vector Graphic) Format
-Image is described in XML (Extensible Markup Language)
Significant security concerns
-HTML injection
-JavaScript attack code
Browsers must provide input validation
-Avoids running malicious code
File based Vectors
More than just executable
-Malicious code can hide in many places
Adobe PDF
-File format containing other objects
ZIP/RAR files (or any compression type)
-Contains many different files
Microsoft Office
-Documents with macros
-Add-in files
Voice call vectors
Vishing
-Phishing over the phone
Spam over IP
-Large-scale phone calls
War dialing
-it still happens
Call tampering
-Disrupting Voice Calls
Removable device vectors
Get around the firewall
-The USB interface
Malicious software on USB flash drives
-Infect air-gapped networks
-Industrial systems, high-security services
USB devices can act as keyboards
-Hacker on a chip
Data exfiltration
-Terabytes of data walk out the door
-Zero bandwidth used
Vulnerable Software Vectors
Client-Based
-Infected executable
-Known (or unknown) vulnerabilities
-May require constant updates
Agentless
- No installed executable
-Compromised software on the server would affect all users
-Clients runs a new instance each time
Unsupported Systems and Applications
Patching is an important prevention tool
-Ongoing security fixes
Unsupported systems aren't patched
-There may not even be an option
Outdated operating systems
-Eventually, even the manufacturer won't help
A single system could be an entry
-Keep your inventory and records current
Unsecured Networks
The network connects everything
-Ease of access for the attackers
-View all (non-encrypted) data
Wireless
-Outdated security protocols (WEP, WPA, WPA2)
-Open or rogue wireless networks
Wired
-Unsecured interfaces - No 802.1X
Bluetooth
-Reconnaissance
-Implementation Vulnerabilities
Open service ports
Most networks-based services connect over a TCP or UDP port
-An "open" port
Every open port is an opportunity for the attacker
-Application vulnerability or misconfiguration
Every application has its own open port
-More services expand the attack surface
Firewall rules
-Must allow traffic to an open port
Default credentials attack
Most devices have default usernames and passwords
-Ensure to change
The right credentials provide full control
-Administrator access
Very easy to find the defaults for your access point or router
Supply Chain Vector
Tamper with the underlying infrastructure
-Or manufacturing process
Managed service providers (MSPs)
-Access many different customer networks from on-location
Gain access to a network using a vendor.
-2013 Target credit card breach
Suppliers
-Counterfeit networking equipment
-Install backdoors, substandard performance, and availability of 2020 Fake Cisco Catalyst switches.
Human Vectors/Social Engineering (10)
Phishing
Vishing
Smishing
Misinformation/disinformation
Impersonation
Business Email compromise
Pretexting
Watering hole
Brand impersonation
Typo squatting
Phishing
The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Social engineering with a touch of spoofing
-Often delivered by email, text, etc.
-Very remarkable when well done
Do not be fooled
-Check the URL
Usually, there is something not quite right
-Spelling, font, graphics
Vishing (voice or VoIP phishing)
Phishing attacks committed using telephone calls or VoIP systems.
-Caller ID spoofing is common
-Fake security checks or bank updates
SMishing (SMS Phishing)
Phishing using text messages
-Spoofing is a problem here as well
-Forwards links or asks for personal information
Variations on a theme
The fake check, phone verification code scam, Boss/CEO scam, and advance-free scam.
Misinformation/disinformation
Disseminate factually incorrect information
-Create confusion and division
Influence campaigns
-Sway public opinion on political and social issues
Nation-sate actors
-Divide, distract, and persuade
Advertising is an option
-Buy a voice for your opinion
Enabled through Social Media
-Creating, sharing, liking, amplifying
The misinformation process
Create fake users
Create content
Post on social media
Amplify Message
Real users share the message
Mass media picks up the story
Impersonation attack
An attacker assumes the identity of one of the legitimate parties in a network.
-Halloween for the fraudsters
Use some of those details from the reconnaissance
-You can trust me; I'm with your help desk
Attack the victim as someone higher in rank
-Office of the Vice President for Scamming
Throw tons of technical details around
-Catastrophic feedback due to the depolarization of the differential magnetometer
Be a buddy
-How about those cubs?
Eliciting Information
Procedures or techniques involving interacting with and communicating with others are designed to gather knowledge or inform.
Extracting information from the victim
- The victim does not even realize this is happening
-Hacking the human
Often seen with Vishing (Voice Phishing)
-Can be easier to get this information over the phone
identity fraud
A crime where one person uses another person's personal data, without authorization, to deceive or defraud someone else
Credit Card Fraud
-Open an account in your name, or use your CC information
Bank Fraud
-The attacker gains access to your account or opens a new one
Loan Fraud
-Your information is used for a loan or lease
Government Benefits Fraud
-The Attacker obtains benefits on your behalf
Default Settings
Every application and network device has a default login
-Not all of these are ever changed
Mirai botnet
-Takes advantage of default configurations
-Takes over Internet of Things (IoT) devices
-60+ default configurations
-Cameras, routers, doorbells, garage door openers, etc.
Mirai released as open-source software
-There is a lot more where that came from
Business Email Compromise (BEC)
A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage
We trust email sources
-The attackers take advantage of this trust
Spoofed email addresses
-Not really a legitimate email address
-Check spelling
Financial fraud
-Sends emails with updated bank information
-Modify wire transfer details
pretext
a false reason, deceptive excuse
Before the attack, the trap is set
-There is an actor and a story
Examples:
"Hello, sir; my name is Wendy, and I'm from Microsoft Windows. This is an urgent check-up call for your computer as we have found several problems with it."
Voicemail: " This is an enforcement action executed by the US Treasury intending your serious attention."
"Congratulations on your excellent payment history! You now qualify for 0% interest rates on all of your credit card accounts."
Watering Hole Attack
A malicious attack that is directed toward a small group of specific individuals who visit the same website.
The attacker determines which website the group uses
-Educated guess (Local coffee or sandwich shop)
-industry-related sites
Infect one of these third-party sites
-Site Vulnerability
-Email attachments
Infect all visitors
-But you are just looking for specific victims
-Now you are in
Watching the watering hole
Defense in depth
-Layered defense
-It is never one thing
Firewalls and IPS
-Stop the network traffic before things get bad
Anti-virus/ Anti-malware signature updates
Brand Impersonation
The specific form of impersonation where an attacker pretends to represent a legitimate company or brand
Pretend to be a well-known brand
-Coca-Cola, McDonald's, Apple, etc
Create tens of thousands of impersonated sites
-Get into the Google index, click an ad, get a WhatsApp Message
Victors are presented with a pop-up
-You won! Special offer! Download the Video!
Pretexting
A form of social engineering in which one individual lies to obtain confidential data about another individual
-Lying to get information
-An attacker is a character in a situation that creates
-"Hi, we are calling from Visa regarding an automated payment to your utility services...."
Finding Malware
Malware runs in memory
-Memory forensics can find the malicious code
The memory contains running processes
-DLLs (Dynamic Link Libraries)
-Threads
-Buffers
-Memory management functions and more
Malware is hidden somewhere
-Malware runs in its own process
-Malware injects itself into a legitimate process
Memory Injection
Add code into the memory of an existing process
-Hide malware inside the process
Get access to the data in that process
-The Same rights and permissions
-Performs a privilege escalation
DLL Injection (Dynamic Link Library)
An attack that injects a Dynamic Link Library (DLL) into memory and runs it. Attackers rewrite DLL, inserting malicious code.
Dynamic-Link Library
-A Windows library containing code and data
-many applications can use this library
Attackers inject a path to a malicious DLL
-Runs as part of the target process
One of the most popular memory injection methods
-Relatively easy to implement.
buffer overflow attack
An attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
Overwriting a buffer of memory
-Spills over into other memory areas
Developers need to perform bounds-checking
-The attacker spends much time looking for an opening
Not a simple exploit
-Takes time to avoid crashing things
-Takes time to make it do what you want
A really useful buffer overflow is repeatable
-Which means that a system can be compromised
Race conditions(Time of check/time of use)
When a software program depends on the timing of one or more processes to function correctly
A programming conundrum
-Sometimes, things happen at the same time
-This can be bad if you've not planned for it
Time-of-check to time-of-use attack (TOCTOU)
-Check the system
-When do you use the results of your last check?
-Something might happen between the check and the use
Operating System (OS)-based
A Foundational Computing Platform
Remarkably Complex
The vulnerabilities are already in there - just not located yet.
Best Practices
-Always update
-May require testing before deployment
-May require a reboot
web-based
Applications that you access over the Internet
Code Injection
A method used by hackers to insert malicious code into otherwise legitimate files or data transmissions.
- Adding your own information into a data stream
Enabled because of bad programming
-The application should properly handle input and output
So many different data types
-HTML, SQL, XML, LDAP, etc.
Structured Query Language (SQL)
An international standard language for processing a database
- The most common relational database management system language
Structured Query Language (SQL) injection
A type of attack in which the hacker adds SQL code to a Web or application input to gain access to or alter data in the database is called ___.
It can often be executed in a web browser
-Inject in a form or field
-Add more information to the query " '1' = '1'";
Cross-Site Scripting (XSS)
An attack that injects scripts into a Web application server to direct attacks at clients.
XSS
-Cascading Style Sheets (CSS) are completely different
Originally called "cross-sit" because of browser security flaws
-Information from one site could be shared with another
One of the most common web app vulnerabilities
-Takes advantage of the trust a user has in a site
-Complex and varied
Cross-site scripting process
1. The attacker sends a link containing a malicious script to a victim
2. The victim clicks the link and visits the legitimate site
3. Legitimate site loads are in the victim's browser. Malicious script is also executed
4. malicious script sends victim data (Session cookies, etc.) to the attacker.
Non-persistent (reflected) XSS attack
The website allows scripts to run in user input
-Search box is a common source
The attacker emails a link that takes advantage of this vulnerability
-Runs a script that sends credentials/session IDs/ cookies to the attacker.
Script embedded in URL executes in the victim's browser
-As if it came from the server
Attacker uses credentials/session IDs/ Cookies to steal victim's information without their knowledge
-Very sneaky
Persistent (stored) XSS attack
The attacker posts a message to a social network
- Includes the malicious payload
It is now "persistent" - Everyone gets the payload
No specific target - All viewers to the page
For social networking, this can spread quickly
- Everyone who views the message can have it
posted to their page
- Where can someone else view it and propagate it further..
Protecting against XSS
Be careful when clicking untrusted links
-Never blindly click in your email inbox
Consider disabling JavaScript
-Or control with an extension
-This offers limited protection
Keep your browser and applications updated
-Avoid the nasty browser vulnerabilities
Validate input
-Don't allow users to add their own scripts to an input field
Firmware
Software that is permanently stored in a chip. The BIOS on a motherboard is an example of firmware.
The software inside the hardware
-The operating system of the hardware device
Vendors are the only ones who can fix their hardware
-Assuming they know about the problem and care about fixing it
End of Life (EOL)
-Manufacturer stops selling a product
-May continue supporting the product
-Important for security patches and updates
End of Service Life (EOSL)
-Manufacturer stops selling a product
-Support is no longer available for the product
-No ongoing security patches or updates
-May have a premium-cost support option
** Significant concern
Legacy platforms
used to describe systems that are no longer being marketed or supported
Some devices remain installed for a long time
-Perhaps too long
Legacy devices
-Older operating systems, applications, middleware
May be running end-of-life software
-The risk needs to be compared to the return
May require additional security protections
-Additional firewall rules
-IPS signatures for older operating systems
Virtualization Security
Quite different than non-virtual machines
-Can appear anywhere
Quantity of resources varies between Virtual Machines (VM)
-CPU, memory, storage
There are many similarities to physical machines
-Complexity adds opportunity for the attackers
Virtualization vulnerabilities
-Local privilege escalations
-Command injection
-Information disclosure
Virtual Machine Escape
When a user (or malware) is able to break out of a VM's isolation (or lack thereof) and gain access to the hosting computer.
-Break out of the VM and interact with the host operating system or hardware.
Once you escape the VM, you have great control
-Control the host and control other guest VMs
Resource Reuse
The hypervisor manages the relationship between physical and virtual resources
-Available RAM, storage space, CPU availability, etc.
These resources can be reused between VMs
-Hypervisor host with 4 GB of RAM each
-Supports three VMs with 2 GB of RAM each
-RAM is allocated and shared between VMs
Data can inadvertently be shared between VMs
-Time to update the memory management features
-Security patches can mitigate the risk
Cloud-specific Vulnerabilities
ATTACK THE SERVICE
Denial of Service (DoS)
- A fundamental attack type
Authentication Bypass
-Take advantage of weak or faulty authentication
Directory traversal
-Faulty configurations put data at risk
Remote code execution
-Take advantage of unpatched systems
ATTACK THE APPLICATION
Web application attacks have increased
-Log4j and Spring Cloud Function
-Easy to exploit, rewards are extensive
Cross-site scripting (XSS)
-Take advantage of poor input validation
Out of bounds write
-Write to unauthorized memory areas
-Data corruption, crashing, or code execution
SQL injection
-Get direct access to a database
Supply Chain Risk
The Chain contains many moving parts
-Raw materials, suppliers, manufacturers, distributors, customers, consumers
Attackers can infect any step along the way
-Infect different parts of the chain without suspicion
-People trust their suppliers
One exploit can infect the entire chain
Service providers
You can control your own security posture
-You can't always control a service provider
Service providers often have access to internal services
-An opportunity for the attacker
Many different types of providers
-Network, utility, office cleaning, payroll/accounting, cloud services, system administration, etc.
Consider ongoing security audits of all providers
-Should be included with the contract
Hardware providers
Can you trust your new server/router/switch/firewall/software?
-Supply chain cyber security
Use a small supplier base
-Tighter control of vendors
Strict controls over policies and procedures
-Ensure proper security is in place
Security should be part of the overall design
-There's a limit to trust
Software providers
Trust is a foundation of security
-Every software installation questions our trust
Initial installation
-Digital signature should be confirmed during installation
Updates and patches
-Some software updates are automatic
-How secure are the updates
Open source is not immune
-Compromising the source code itself
Cryptographic
Open permissions
Very easy to leave a door open
-The hackers will always find it
Increasingly common with cloud storage
-Statistical chance of finding an open permission
Unsecured Admin Accounts
The Linux root account
-The Windows Administrator or superuser account
Can be a misconfiguration
-Intentionally configuring an easy-to-hack password
-123456, ninja, football
Disable direct login to the root account
-Use the su or sudo option
Protect accounts with root or administrator access
-There should not be a lot of these
Insecure Protocols
Some protocols are not encrypted
-All traffic sent in the clear
-Telnet, FTP, SMTP, IMAP
Verify with a packet capture
-View everything sent over the network
Use the encrypted versions
-SSH, SFTP, IMAPS, etc.
Typosquatting/URL hijacking
Websites with names similar to real Web sites; users making typographical errors are sent to a site filled with malware.
Open ports and services
Services will open ports
-It's important to manage access
Often managed with a firewall
-Manage traffic flows
-Allow or deny based on port number or application
Firewall rulesets can be complex
-It's easy to make a mistake
Always test and audit
-Double and triple check
Mobile device security
Challenging to secure
-Often need additional security policies and systems
Relatively small
-Can be almost invisible
Almost always in motion
-You never know where it might be
Packed with sensitive data
-Personal and organizational
Constantly connected to the Internet
-Nothing bad happens on the Internet
Jailbreaking/rooting
Mobile devices are purpose-built systems
-You do not have access to the operating system
Gaining access
-Android - Rooting
-Apple iOS - Jailbreaking
Install custom firmware
-Replaces the existing operating system
Uncontrolled access
-Circumvent security features the
-The MDM becomes relatively useless
Sideloading
Malicious apps can be a significant security concern
-One Trojan horse can create a data breach
Manage installation sources
-The global or local app store
Sideloading circumvents security
-Apps can be installed manually without using an app store
-Again, your MDM becomes relatively useless
zero-day attack
Attack that exploits previously unknown vulnerabilities, so victims have no time (zero days) to prepare for or defend against the attack.
-An attack without a patch or method of mitigation
-A race to exploit the vulnerability or create a patch
-Difficult to defend against the unknown
Common Vulnerabilities and Exposures (CVE)
An online list of known vulnerabilities (and patches) to software, especially web servers. The MITRE Corporation maintains it.
Malware
Malicious software
-These can be very bad
Gather information
-Keystrokes
Show you advertising
-Big money
Viruses and worms
-Encrypt your data
-Ruin your day
Malware Attacks
Ransomware
Trojan
Worm
Spyware
Bloatware
Virus
Keylogger
Logic bomb
Rootkit
Ransomware
Software that encrypts programs and data until a ransom is paid to remove it.
Malware encrypts your data files
-Pictures, documents, music, movies, etc.
-Your OS remains available
-They want your running but not working
You must pay the attacker to obtain the decryption key
-Untraceable payment system
-An unfortunate use of public-key cryptography
Protecting against ransomware
-always have a backup (offline)
-Key your operating systems up to date
-Keep your anti-virus/anti-malware signatures up to date
Trojan
A program disguised as a harmless application that actually produces harmful results.
Worms
Malware that self-replicates
-Does not need you to do anything
-Uses the network as a transmission medium
-Self-propagates and spreads quickly
Firewalls and IDS/IPS can mitigate many worm infestations
-Does not help much once the worm gets inside
Wannacry Worm
May 12, 2017 this worm propagated fast and encrypted personal files
Spyware
Malware that spies on you
-Advertising, identity theft, affiliate fraud
Can trick you into installing
-Peer-to-peer, fake security software
Browser monitoring
-Capture surfing habits
Key loggers
-Capture every keystroke
-Send your keystrokes back to the attacker.
RUN SOME SCANS
-Malwarebytes
Bloatware
A new computer or phone
-Includes the operating system and important apps
Includes applications you didn't expect
-Often do not need
Uses valuable storage space
-May also add to overall resource usage
-The system may be slower than expected could open your system to exploit
Virus
A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data
Malware that can reproduce itself
-It needs you to execute a program
Reproduces through file systems or the network
-Just running a program can spread a virus
May or may not cause problems
-Some viruses are invisible and some are annoying
Anti-virus is very common
-Thousands of new viruses every week
-Is your signature file updated?
Virus types
Program viruses
-Part of the application
Boot sector viruses
-Who needs an OS?
Script viruses
-Operating system and browser-based
Macro viruses
-Common in Microsoft Office
Fileless virus
Software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove.
A stealth attack
-Does a good job of avoiding anti-virus detection
Operates in memory
-But never installed in a file or application
Keyloggers
Your keystrokes contain valuable information
-Website login URLs, passwords, email messages
Save all of your input
-Send it to the bad guys
Circumvents encryption protections
-Your keystrokes are in the clear
Other data logging
-Clipboard logging, screen logging, instant messaging, search engine queries
Logic bomb
Waits for a predefined event
-Often left by someone with a grudge
Time bomb
-Time or date
User event
-Logic bomb
Difficult to identify
-Difficult to recover if it goes off
Rootkit
A set of programs that enables its user to gain administrator-level access to a computer without the end user's consent or knowledge.
Orginally a Unix technique
-The "root" in rookit
Modifies core system files
-Part of the kernel
Can be invisible to the operating system
-Will not see it in Task Manager
Aslo invisible to traditional anti-virus utilities
-If you can not see it you can not stop it
Physical Attacks
Brute force
Radiofrequency identification (RFID) cloning
Environmental
brute force attack
The physical version
-No password required
Push through the obstruction
-Bran beats brain
Check your physical security
-Check the windows
-Try the doors
Radio Frequency Identification (RFID)
uses electronic tags and labels to identify objects wirelessly over short distances
RFID cloning
Which attack enables a penetration tester to duplicate access cards and is of particular value during physical penetration tests?
RFID is everywhere
-Access badges
-Key fobs
Duplicators are on Amazon
-Less than $50
The duplication process takes seconds
-Read one card
-Copy to another
This is why we have MFA
-Use another factor with the card
Environmental attacks
Attack everything supporting technology
-The operating environment
Power monitoring
-An obvious attack
HVAC (Heating, Ventilation, and Air Conditioning) and humidity controls
-Large data centers must be properly cooled
Fire suppression
-Watch for smoke or fire
Network Attacks
Distributed denial-of-service (DDoS)
-Amplified
-Reflected
Domain Name System (DNS) attacks
Wireless
On-path
Credential replay
Malicious Cod
Denial of Service (DoS)
Security problem in which users are not able to access an information system; can be caused by human errors, natural disaster, or malicious activity.
Force a service to fail
-Overload the service
Take advantage of a design failure or vulnerability
-Keep your systems patched
Cause a system to be unavailable
-Competitive advantage
Create a smokescreen for some other exploit
-Precursor to a DNS spoofing attack
Dose not have to be complicated
-Turn off the power
A "friendly" DoS
Unintentional DoSing
-It is not always a ne-er-do-well
Network DoS
-Lay 2 loop with STP
Bandwidth DoS
-Downloading multi-gigabyte Linux distributions over a DSL line
The water line breaks
-Get a good shop vacuum
distributed denial-of-service (DDoS) attack
Many computers collaborate to shut down a target, usually by keeping it busy or overwhelming it with incoming requests.
Launch an army of computers to bring down a service
-Use all the bandwidth or resources -traffic spike
This is why the attacks have botnets.
-Thousands or millions of computers at your command
-At it's peak, Zeus botnet infected over 3.6 million PCs
-Coordinated attack.
Asymmetric threat
-The attacker may have fewer resources than the victim
DDoS Reflection and Amplification
Turn your small attack into a big attack
-Often reflected off another device or service
An increasingly common network DDoS technique
-Turn Internet services against the victim
Uses protocols with little (if any) authentication or checks
-NTP, DNS, ICMP
-A common example of protocol abuse
DNS amplification DDoS
DNS (Domain Name System) poisoning
Modify the DNS server
-Requires some crafty hacking
Modify the client host file
-The host file takes precedence over DNS queries
Send a fake response to a valid DNS request
-Requires a redirection of the original request or the resulting response
-Real-time redirection
-This is an on-path attack
Note 
Flashcard (28)