Week3 Compromising the System v1.1 (1)

CSIT302 Cybersecurity

Week 3: Compromising the System

  • Instructors: Dr. Mouhannad ALATTAR, Dr. Manoj KUMAR

Introduction

  • Focus on tools and techniques used to compromise systems.

  • Exploitation of vulnerabilities in traditional systems and mobile devices.

  • Discussion of emerging trends in attack methods and target systems.

  • After gathering information during the reconnaissance phase, attackers plan and execute system breaches.

  • Understanding system compromises helps organizations defend against potential attacks.

Current Trends in Cybersecurity Attacks

  • Hackers are increasingly sophisticated with their attacks, showing persistence and creativity.

  • Recent trends include:

    • Extortion Attacks: Demand money from victims using threats, such as ransomware.

    • Data Manipulation Attacks: Change data without deletion or exposure, making them harder to detect.

    • Backdoors: Undocumented access points established by hackers.

    • Internet of Things (IoT) Device Attacks: Exploit vulnerabilities in connected devices.

    • Cloud Attacks: Target vulnerabilities in cloud computing environments.

    • Phishing: Attempt to deceive users into providing sensitive information.

    • Exploiting Vulnerabilities: Using identified weaknesses in systems.

    • Zero-Day Exploits: Attacks on unpatched vulnerabilities.

Extortion Attacks

  • Definition: Attacking victims to extort money through threats or ransomware.

    • Example: WannaCry Ransomware

      • Demands $300 in Bitcoin within 72 hours; doubles if unpaid in 7 days.

      • Reported earnings of $50,000 due to a discovered killswitch.

    • Case: Ashley Madison Incident

      • Hackers released user data after failed extortion attempts.

    • Case: UAE Bank Attack (2015)

      • Hacker demanded $3 million, resulting in data exposure when the demand was unmet.

  • Outcomes of extortion attacks: Prioritize valuable data directly to the victim over third-party sales.

Data Manipulation Attacks

  • Altering data covertly, making detection challenging.

  • Potential consequences of even minor changes could be catastrophic (e.g., banking errors).

  • Example: Hacking of The Associated Press Twitter account created misinformation affecting financial markets.

  • Future escalation expected; many sectors vulnerable including healthcare, finance, and government.

  • Countermeasures: Implement strong security protocols and data integrity checks.

IoT Device Attacks

  • Targeting various IoT devices from smart home appliances to industrial machines.

  • Exploitation leads to DDoS attacks through commandeered networks of devices.

  • Vulnerabilities include:

    • Poor manufacturing security protocols.

    • Default settings and passwords often left unchanged by users.

  • Security measures for IoT:

    • Ensure accountability and design with security in mind.

    • Maintain physical security and assume devices may be compromised.

Backdoors

  • Definition: Undocumented methods of bypassing normal authentication or encryption in a system.

  • Case Study: Juniper Networks backdoor incident linked to NSA.

  • Implications: Difficulty in detecting and removing backdoors posed by hackers, which leads to increased usage in future attacks.

Hacking Every Device

  • Attackers focus on unassuming devices, especially in corporate environments.

  • Example: Print devices are often ignored yet hold sensitive data and can serve as entry points.

  • Case Study: “Weeping Angel” exploit using Samsung Smart TVs for surveillance.

Hacking the Cloud

  • Growth of cloud technology increases vulnerability as resources are shared across users.

  • Hackers target cloud users to gain access to sensitive data and systems.

  • Examples of incidents:

    • Target (credit card theft via phishing)

    • Home Depot (credit card details via point-of-sale malware)

    • Sony Pictures (sensitive data breach)

    • IRS (accounts stolen from cloud)

Zero-Day Exploits

  • Definition: Attacks targeting unpatched and unknown vulnerabilities not yet disclosed to software developers.

  • Methods of discovery include:

    • Fuzzing: System recreation to find weaknesses.

    • Source Code Analysis: Review code to identify flaws.

  • Recent zero-day examples include vulnerabilities exploited in notable applications such as Apple, Microsoft, and Google products.

Steps to Compromise a System

  • Core steps include:

    • Deploy Payloads: Using tools like Metasploit enables exploitation of known vulnerabilities.

    • Compromise Operating Systems: Utilizing weaknesses from insiders or pre-installed applications to access systems.

    • Compromise Remote Systems: Use of hacking tools and social engineering methods to gain unauthorized access.

    • Compromise Web-Based Systems: Targeting web servers via attacks like SQL injection and XSS.

Mobile Device Attacks

  • Increasingly frequent attacks targeting smartphones due to their widespread usage and neglect of security.

  • Techniques include:

    • SensorID Attack: Exploiting device sensors to extract unique identifiers.

    • Cellebrite Hacks: Bypassing iOS encryption for data extraction.

  • Tools for assessment include Snoopdroid and Frida for application analysis.

Case Study: Compromising IoT Devices

  • Incident involving compromised IoT devices leading to excessive DNS requests and impacting the university's network.

  • Mitigation strategies involve:

    • Changing default passwords and separating network zones for IoT devices.