Hands-On Ethical Hacking and Network Defense: Network and Computer Attacks

Hands-On Ethical Hacking and Network Defense, Edition 4

Module 3: Network and Computer Attacks

Module Objectives
  • By the end of this module, you should be able to:
    • Describe the different types of malicious software and what damage they can do.
    • Describe methods of protecting against malware attacks.
    • Describe the types of network attacks.
    • Identify physical security attacks and vulnerabilities.
Malicious Software (Malware)
  • Network attacks are initiated to steal data that can be used or sold for financial gain or to carry out a sociopolitical agenda.
  • Malicious Software (Malware) encompasses various harmful programs including:
    • Virus
    • Worm
    • Trojan Program
  • Main Goal: To make money.
  • Malware was initially focused on traditional operating systems like Windows and Linux but has expanded to target tablets, smartphones, and other Internet-connected devices.
Viruses
Definition:
  • A virus is a program that attaches itself to a file or another program and is often sent via email.
  • Key Characteristics:
    • Cannot replicate itself or operate independently.
    • Does not stand alone.
Examples:
  • Phishing: A technique where the sender of a phishing email uses social engineering to deceive a user into accessing a malicious link leading to a fraudulent website.
  • Ransomware: This type of virus locks a target system until a ransom is paid.
Challenges:
  • No foolproof prevention method against viruses exists.
Antivirus Software
  • Antivirus software functions by:
    • Comparing signatures and common programmatic behaviors of known viruses against every file on a computer.
    • Signatures are stored in a virus signature file that must be regularly updated.
  • Many antivirus programs offer automatic updates.
  • Network Security Devices: Designed to monitor entire networks and intercept malware before it reaches users.
  • Sandboxing: This technique allows users to run programs in a secure, isolated environment that prevents any malicious files from affecting the hard drive.
Common Computer Viruses
  • Ryuk:
    • Responsible for over one-third of all ransomware attacks in 2020, targeting companies, hospitals, and municipalities, encrypting critical files and demanding multimillion-dollar ransoms.
  • FormBook:
    • A malware family focused on data theft, such as capturing clipboard contents and logging keystrokes. Sold as malware-as-a-service.
    • Spread mostly through spam emails with malicious attachments.
  • CryptoLocker:
    • Known as the initial ransomware virus, it has become synonymous with ransomware families, infecting over 250,000 computers by encrypting user files until a ransom is paid.
Other Examples:
  • MalumPOS: Targets POS systems to collect payment card information.
  • Carbanak: Used in phishing attacks targeting financial institutions, facilitating fraudulent transactions.
  • Gumblar: Exploited vulnerabilities in Adobe PDF and Flash to steal FTP credentials and hijack Google searches.
  • Gpcode/PGPCoder: Utilizes strong encryption for ransom, detected in 2008 and active in 2020.
Macro Viruses
Definition:
  • A macro virus is coded as a macro within applications that support macro programming languages (e.g., Visual Basic for Applications).
  • Macro: A list of commands that can execute several malicious actions.
Example:
  • Melissa: Created in 1999, exemplifying how easily viruses can be generated even by non-programmers, with instructions available online.
Worms
Definition:
  • A worm is a self-replicating program that propagates independently without needing to attach to a host.
Infamous Examples:
  • Stuxnet: Discovered in 2010, utilized to damage specific equipment in Iran's nuclear facilities.
  • Code Red: Known for its rapid propagation and destruction.
  • Conficker: Exploited a Microsoft vulnerability, creating widespread infections.
  • WannaCry: Targeted vulnerabilities in Windows SMB protocol, infecting 230,000 computers across 150 countries in its first day.
Common Computer Worms
  • Flame: Complex malware with capabilities including spying and logging.
  • Duqu: Aimed to steal data rather than cause direct damage.
  • Utilize various techniques for spreading, such as phishing emails or exploiting network vulnerabilities.
Trojan Programs
Definition:
  • Trojans disguise themselves as legitimate programs but can install backdoors or rootkits on systems that allow attackers to regain access later.
  • A rootkit is often created post-attack and tends to hide within the operating system's tools.
Key Characteristics of Trojans:
  • Can operate through common ports (e.g., TCP port 80 for HTTP, UDP port 53 for DNS).
Spyware
Definition:
  • Software that sends information from the infected computer to the initiator of the spyware program.
  • Can capture keystrokes and gather confidential data (e.g., financial details, passwords).
Adware
Definition:
  • Similar to spyware but typically installed covertly, often displaying ad banners.
  • Designed to track user purchasing habits and transmit data back to its creators.
Knowledge Check Activities
  1. Activity 3-1: Main purpose of malware?
    • Correct Answer: a. Financial gain or destruction.
  2. Activity 3-2: Exploit that might hide payload in a legitimate application?
    • Correct Answer: a. Trojan.
  3. Polling Activity 3-1: Example of a macro programming language?
    • Correct Answer: d. Visual Basic for Applications.
Protecting Against Malware Attacks
  • Protecting against malware is challenging due to the daily emergence of new threats.
  • Antivirus Programs: Essential in detecting many types of malware.
  • User Education: Critical to prevent user-induced vulnerabilities through inadequate training.
Educating Your Users
  • Conduct structured training including all employees, with monthly security updates.
  • Implement strategies like:
    • Antivirus signature file updates.
    • Employee phishing training.
    • Using white-listing to restrict program access.
Avoiding Fear Tactics
  • Promote awareness instead of fear-based compliance.
  • Build knowledge rather than instilling terror about potential threats.
Intruder Attacks on Networks and Computers
Definition:
  • An attack is any attempt by an unauthorized person to access, damage, or utilize network resources, typically exploiting weaknesses or vulnerabilities.
Key Terms:
  • Exploit: A specially crafted string of data targeting a vulnerability.
  • Network Security: Security of computers within a network.
  • Computer Security: Security of standalone devices.
Denial-of-Service (DoS) Attacks
  • Aims to prevent legitimate users from accessing network resources.
  • Ping of Death Attack: Results in the victim's computer freezing due to oversized packets.
Distributed Denial-of-Service (DDoS) Attacks
  • Attack launched from multiple systems flooding the network with packets, causing degradation in performance and network bandwidth.
Buffer Overflow Attacks
  • Occur when an attacker exploits poorly written code to insert executable code into memory, allowing harmful actions at elevated permissions.
  • It engages the DevSecOps approach to prompt developers to code securely.
Eavesdropping
  • Attackers listen to unencrypted communications to intercept information.
  • Tools designed to capture packet copies (sniffers) are used for these attacks.
Man-in-the-Middle Attacks
  • Attackers inject themselves between two communication parties to manipulate messages.
Network Session Hijacking
  • Enables attackers to impersonate either party in a TCP session, complicating defenses.
Addressing Physical Security
  • Ensuring server and computer security starts with physical protections against internal and external threats.
Keyloggers
Definition:
  • Hardware or software that captures keystrokes on a computer.
  • Can be utilized for monitoring user activity.
Behind Locked Doors
  • Importance of securing physical server locations.
  • Use of locks, security cards, and biometric security devices enhance access control.
Self-Assessment
  • Describe types of malware and their corresponding protection measures.
Summary
  • By the conclusion of this module, students should be able to articulate the various types of malicious software, their potential damages, protective methods against malware, types of network attacks, and identification of physical security attacks and vulnerabilities.