Module 2: MALICIOUS ATTACKS, THREATS, VULNERABILITIES AND RISK MANAGMENT

This lesson will discuss the malicious attacks, threats and vulnerabilities and risk management. Topics include organization assets, hackers, attack tools, security breach, malicious attacks, countermeasures, risk management, implementing a BIA, a BCP, and a DRP, Assessing Risk, Threats and Vulnerabilities, Closing the Information Security Gap, Adhering to Compliance Laws, Keeping Private Data Confidential Mobile Workers and Use of Personally Owned Device.

asset

It is any item that has value; it generally applies to those items that have substantial value.

IT and Network Infrastructure

It involves the use of hardware and software as key pieces of an organization’s infrastructure.

Armored viruses

These viruses harden code that makes it difficult to reverse-engineer and build an antivirus for the malware.

Ransomware

It is a new form of malware linked to a time clock, forcing the victim organization to pay a ransom to prevent its data from being deleted.

Cryptolocker

It is a specific form of ransomware that encrypts critical files or data until the victim pays a ransom to obtain the decryption keys.

Polymorphic malware

It is harmful malware as it can morph, or change, making it difficult to see and be remediated with antivirus or anti-malware applications.

Intellectual Property

It is a property that is the center of many organizations; an asset of an organization that can be a unique business process or actual data such as customer data. Examples include patents, drug formulas, engineering plans, scientific formulas, and recipes.

Financial assets

They are among the highest-profile assets in any organization. These assets can take various forms. They can be real financial assets, such as bank accounts, trading accounts, purchasing accounts, corporate credit cards, and other direct sources of money or credit. Alternatively, they can be data that allows access to real financial assets.

Service Availability and Productivity

It refers to computer applications that provide specific services and availability that help organizations conduct business operations.

Downtime

It is the time during which a service is not available due to failure or maintenance; it can be intentional or unintentional.

Unintentional downtime

It is a type of downtime that is usually the result of technical failure, human error, or attack.

Opportunity cost

It is the amount of money a company loses due to downtime. It is usually referred to by organizations as true downtime cost.

Reputation

It is considered to be one of the most important things that information security professionals try to protect together with brand image. Companies that suffer from security breaches and malicious attacks that expose any assets are likely to face serious negative consequences in the public eye.

Hacker

It is often described as someone who breaks into a computer system without authorization. Regardless of good or bad, they are considered to be experts and tinkerers, but because of the way the media negatively portrays the term, they are often the subject of some controversy.

Black-hat hackers

They are a type of hacker who tries to break IT security and gain access to systems with no authorization in order to prove technological prowess.

White-hat hackers

They are a type of hacker, which could also be referred to as an ethical hacker, who has the authorization to identify vulnerabilities and perform penetration testing.

Gray-hat hackers

They are a type of hacker with average abilities who may one day become black-hat hackers but could also opt to become white-hat hackers.

crackers

They are kind of bad people who break or violate the system or a computer remotely with bad intentions to harm the data and steal it. They have hostile intent, possess sophisticated skills, and may be interested in financial gain.

Protocol Analyzer

It is a software program, which could also be referred to as a packet sniffer, that enables a computer to monitor and capture network traffic, whether on a LAN or a wireless network.

Port Scanner

It is a tool used to scan IP host devices for open ports that have been enabled. This provides attackers with valuable information that can be used in the attack.

OS Fingerprint Scanner

It is a software program that allows an attacker to send a variety of packets to an IP host device, hoping to determine the target device’s operating system (OS) from the responses.

Vulnerability Scanner

It is a software program that is used to identify and, when possible, verify vulnerabilities on an IP host device. It lists all known software vulnerabilities and prioritizes them as critical, major, or minor.

Exploit Software

It is an application that incorporates known software vulnerabilities, data, and scripted commands to “exploit” a weakness in a computer system or IP host device. It is a program that can be used to carry out some form of malicious intent.

Wardialer

It is a computer program that dials telephone numbers, looking for a computer on the other end. The program works by automatically dialing a defined range of phone numbers. It then logs and enters into a database those numbers that successfully connect to the modem.

Password Cracker

It is a software program that performs one of two functions: a brute-force password attack to gain unauthorized access to a system or a recovery of passwords stored as a cryptographic hash on a computer system.

cryptographic hash

It is an equation used to verify the validity of data. Also, It is an algorithm that converts a large amount of data to a single (long) number.

Keystroke Logger

It is a type of surveillance software or hardware that can record to a log file every keystroke a user makes with a keyboard. It might store the log file locally for later retrieval or send it to a specified receiver.

Security Breach

It is any event that results in a violation of any of the confidentiality, integrity, or availability (CIA) security tenets.

Denial of Service Attacks

They are attacks that result in downtime or the inability of a user to access a system. They impact the availability tenet of information systems security. They are coordinated attempts to deny service by occupying a computer to perform large amounts of unnecessary tasks.

Logic attacks

They are a type of DoS attack that uses software flaws to crash or seriously hinder the performance of remote servers.

Flooding attacks

They are a type of DoS attack that overwhelms the victim’s computer’s CPU, memory, or network resources by sending large numbers of useless requests to the machine.

smurf attack

It is an attack that uses a directed broadcast to create a flood of network traffic for the victim’s computer.

Distributed Denial of Service Attack

It is a type of DoS attack that also impacts a user’s ability to access a system. It overloads computers and prevents legitimate users from gaining access.

Wiretapping

It is the surreptitious electronic monitoring of telephone, telegraph, cellular, fax , or Internet-based communications through the placement of a monitoring device informally known as a bug on the wire in question or through built-in mechanisms in other communication technologies. It can be active, where the attacker makes modifications to the line. It can also be passive, where an unauthorized user simply listens to the transmission without changing the contents.

Between-the-lines wiretapping

This type of active wiretapping does not alter the messages sent by the legitimate user but inserts additional messages into the communication line when the legitimate user pauses.

Piggyback-entry wiretapping

This type of active wiretapping intercepts and modifies the original message by breaking the communications line and routing the message to another computer that acts as a host.

Backdoors

They are hidden access methods implemented by software developers in their programs. They give developers or support personnel easy access to a system without having to struggle with security controls.

Rootkits

They are malicious software programs designed to be hidden from normal methods of detection. They allow an attacker to gain access to a computer system.

Data Modifications

It refers to data that are purposely or accidentally modified to impact the integrity tenet of information systems security. These are also considered security breaches.

Spam

It is referred to as an unwanted email.

Spim

Apart from spam, this consists of instant messages or IM chats.

Hoax

It is some act intended to deceive or trick the receiver. It normally travels in email messages. Often these messages contain warnings about devastating new viruses.

Cookie

It is simply a text file that contains details gleaned from past visits to a website.

Sabotage

It is the destruction of property or obstruction of normal operations.

Espionage

It is the act of spying to obtain secret information, typically to aid another nation state.

birthday attack

It is a type of cryptographic attack that is used to make brute-force attacks of one-way hashes easier. It is a mathematical exploit that is based on the birthday problem in probability theory.

brute-force password attack

It is an attack where the attacker tries different passwords on a system until one of them is successful.

dictionary password attack

It is a simple attack that relies on users making poor password choices.

Spoofing

It is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.

Hijacking

It is a type of attack in which the attacker takes control of a session between two machines and masquerades as one of them.

Man-in-the-middle hijacking

In this type of hijacking, the attacker uses a program to take control of a connection by masquerading at each end of the connection.

URL hijacking

In a browser or URL hijacking attack, the user is directed to a different website than what he or she requested, usually to a fake page that the attacker has created. This type of attack is also known as typosquatting.

Session hijacking

In session hijacking, the attacker attempts to take over an existing connection between two network computers. The first step in this attack is for the attacker to take control of a network device on the LAN, such as a firewall or another computer, in order to monitor the connection. This enables the attacker to determine the sequence numbers used by the sender and receiver.

Replay attack

It is an attack that involves capturing data packets from a network and retransmitting them to produce an unauthorized effect.

Man-in-the-Middle Attack

It takes advantage of the multi-hop process used by many types of networks. In this type of attack, an attacker intercepts messages between two parties before transferring them to their intended destination

masquerade attack

It is an attack where one user or computer pretends to be another user or computer.

Eavesdropping

It is an attack that occurs when a host sets its network interface on promiscuous mode and copies packets that pass by for later analysis.

Social Engineering

It is an attack that involves tricking authorized users into carrying out actions for unauthorized users. It is the art of one human attempting to coerce or deceive another human into doing something or divulging information.

Phreaking

It is a slang term that describes the activity of a subculture of people who study, experiment with, or explore telephone systems, telephone company equipment, and systems connected to public telephone networks. It is the art of exploiting bugs and glitches that exist in the telephone system.

Phishing

It is a type of fraud in which an attacker attempts to trick the victim into providing private information such as credit card numbers, passwords, dates of birth, bank account numbers, automated teller machine (ATM) PINs, and Social Security numbers.

Pharming

It is a type of attack that seeks to obtain personal or private financial information through domain spoofing.

virus

It is malware that attaches itself to or copies itself into another program on a computer. Users copy infected files from another computer on a network, from a flash drive, or from an online service.

worm

It is a self-contained malware that replicates and sends copies of itself to other computers, generally across a network, without any user input or action.

Trojan Horse

It is malware that masquerades as a useful program.

Rootkits

It is malware that modifies or replaces one or more existing programs to hide traces of attacks.

Spyware

It is a type of malware that specifically threatens the confidentiality of information. It gathers information about a user through an Internet connection, without his or her knowledge.

Wireless network attack

It involves performing intrusive monitoring, packet capturing, and penetration tests on a wireless network.

Web Application Attack

It involves performing intrusive penetration tests on public-facing web servers, applications, and back-end databases.

Risk management

It is the process of identifying, assessing, prioritizing, and addressing risks. Any organization that is serious about security will view risk management as an ongoing process.

business impact analysis

It is a formal analysis of an organization’s functions and activities that classifies them as critical or non-critical.

business impact analysis

what does BIA stand for?

business continuity plan

It is a written plan for a structured response to any events that result in an interruption to critical business activities or functions.

business continuity plan

what does BCP stand for?