Week3 Compromising the System v1.1 (1)
CSIT302 Cybersecurity
Week 3: Compromising the System
Instructors: Dr. Mouhannad ALATTAR, Dr. Manoj KUMAR
Introduction
Focus on tools and techniques used to compromise systems.
Exploitation of vulnerabilities in traditional systems and mobile devices.
Discussion of emerging trends in attack methods and target systems.
After gathering information during the reconnaissance phase, attackers plan and execute system breaches.
Understanding system compromises helps organizations defend against potential attacks.
Current Trends in Cybersecurity Attacks
Hackers are increasingly sophisticated with their attacks, showing persistence and creativity.
Recent trends include:
Extortion Attacks: Demand money from victims using threats, such as ransomware.
Data Manipulation Attacks: Change data without deletion or exposure, making them harder to detect.
Backdoors: Undocumented access points established by hackers.
Internet of Things (IoT) Device Attacks: Exploit vulnerabilities in connected devices.
Cloud Attacks: Target vulnerabilities in cloud computing environments.
Phishing: Attempt to deceive users into providing sensitive information.
Exploiting Vulnerabilities: Using identified weaknesses in systems.
Zero-Day Exploits: Attacks on unpatched vulnerabilities.
Extortion Attacks
Definition: Attacking victims to extort money through threats or ransomware.
Example: WannaCry Ransomware
Demands $300 in Bitcoin within 72 hours; doubles if unpaid in 7 days.
Reported earnings of $50,000 due to a discovered killswitch.
Case: Ashley Madison Incident
Hackers released user data after failed extortion attempts.
Case: UAE Bank Attack (2015)
Hacker demanded $3 million, resulting in data exposure when the demand was unmet.
Outcomes of extortion attacks: Prioritize valuable data directly to the victim over third-party sales.
Data Manipulation Attacks
Altering data covertly, making detection challenging.
Potential consequences of even minor changes could be catastrophic (e.g., banking errors).
Example: Hacking of The Associated Press Twitter account created misinformation affecting financial markets.
Future escalation expected; many sectors vulnerable including healthcare, finance, and government.
Countermeasures: Implement strong security protocols and data integrity checks.
IoT Device Attacks
Targeting various IoT devices from smart home appliances to industrial machines.
Exploitation leads to DDoS attacks through commandeered networks of devices.
Vulnerabilities include:
Poor manufacturing security protocols.
Default settings and passwords often left unchanged by users.
Security measures for IoT:
Ensure accountability and design with security in mind.
Maintain physical security and assume devices may be compromised.
Backdoors
Definition: Undocumented methods of bypassing normal authentication or encryption in a system.
Case Study: Juniper Networks backdoor incident linked to NSA.
Implications: Difficulty in detecting and removing backdoors posed by hackers, which leads to increased usage in future attacks.
Hacking Every Device
Attackers focus on unassuming devices, especially in corporate environments.
Example: Print devices are often ignored yet hold sensitive data and can serve as entry points.
Case Study: “Weeping Angel” exploit using Samsung Smart TVs for surveillance.
Hacking the Cloud
Growth of cloud technology increases vulnerability as resources are shared across users.
Hackers target cloud users to gain access to sensitive data and systems.
Examples of incidents:
Target (credit card theft via phishing)
Home Depot (credit card details via point-of-sale malware)
Sony Pictures (sensitive data breach)
IRS (accounts stolen from cloud)
Zero-Day Exploits
Definition: Attacks targeting unpatched and unknown vulnerabilities not yet disclosed to software developers.
Methods of discovery include:
Fuzzing: System recreation to find weaknesses.
Source Code Analysis: Review code to identify flaws.
Recent zero-day examples include vulnerabilities exploited in notable applications such as Apple, Microsoft, and Google products.
Steps to Compromise a System
Core steps include:
Deploy Payloads: Using tools like Metasploit enables exploitation of known vulnerabilities.
Compromise Operating Systems: Utilizing weaknesses from insiders or pre-installed applications to access systems.
Compromise Remote Systems: Use of hacking tools and social engineering methods to gain unauthorized access.
Compromise Web-Based Systems: Targeting web servers via attacks like SQL injection and XSS.
Mobile Device Attacks
Increasingly frequent attacks targeting smartphones due to their widespread usage and neglect of security.
Techniques include:
SensorID Attack: Exploiting device sensors to extract unique identifiers.
Cellebrite Hacks: Bypassing iOS encryption for data extraction.
Tools for assessment include Snoopdroid and Frida for application analysis.
Case Study: Compromising IoT Devices
Incident involving compromised IoT devices leading to excessive DNS requests and impacting the university's network.
Mitigation strategies involve:
Changing default passwords and separating network zones for IoT devices.