Attack Vectors
Transcript
Hello participant, welcome to the first week of the ACTT course. I am your instructor, Murrey Eddah. This week will focus on advanced cyber–attacks and build–up on the knowledge you have on cyber–attacks. The first topic on this module is Attack Vectors, but before that, it is important to first understand the term, attack surface. Attack surface and attack vectors are easily mistaken to mean the same. On the contrary, they mean different. An attack surface is the number of feasible ways an attacker can exploit to get into a device or network while an attack vector is simply the method an attacker uses to compromise a device or network and gain unauthorized access for example by stealing usernames and passwords. The common types of attack vectors are; Compromised credentials, Weak and stolen credentials, Malicious insiders, Misconfiguration, Vulnerabilities and Malware.
An attack vector can be classified as either active or passive. Active attack vector affects the integrity and availability of information whereby an attacker tries to alter or modify a system through malware, exploiting vulnerabilities or ransomware. The figure below demonstrates an active vector attack, an attacker captures the message from the sender and changes its contents before sending the misleading message to the receiver. Active attacks are in the form of; Interruption where an attacker tries to deny users from accessing the system, Modification where an attacker captures a message and alters its contents and Fabrication where an attacker inserts fake information, resources or services into the network The types of active attacks are; Masquerade, Repudiation, Replay and Denial of service.
In masquerade, the main goal is identity and data theft. An attacker impersonates a legitimate user to gain unauthorized access to network resources. The image illustrates, Darth sening a message to Alice that appears to be from Bob. Darth, who is an illegitimate user, is masquerading as Bob. Repudiation can be by the sender or receiver. A user denies having executed action or malicious transaction that caused a loss or resulted in a cyber–attack. For example, a student can use the school computer to access a malicious website causing a cyber–attack. The student then denies accessing the websites as he or she knows it is against school guidelines. In the replay, A threat actor eavesdrops on secure network communication, intercepts it then fraudulently delays or resends it to misdirect the receiver into doing what the hacker wants. In the image, Darth who is the attacker intercepts the message from Bob to Alice and changes its contents before redirecting it to the intended receiver Alice.
Lastly in Denial of service, an attacker prevents a legitimate user from accessing network resources such as a school management system or student portal. An attacker floods the server with traffic or sends an action through code to cause a crash. In the image, Darth (attacker) interrupts Bob, who is a legitimate user from accessing services provided by the server. We will now look at the Passive attack vector. A passive attack vector is a threat to data confidentiality. An attacker strives to gain access or gather information about the target without altering the system resources, unlike an active attack vector. The figure shows how a passive attack occurs. An attacker reads the message from a sender to a receiver without modifying its contents.
The types of passive attacks are: Message Release and Traffic Analysis In Message release, an attacker monitors the contents of data in transmission. The information could be in the form of a telephonic conversation, an e–mail message or a transferred file. In traffic analysis, an attacker examines traffic coming and leaving the network without making any changes. From the information, the attacker can guess the nature of the activities and communications happening in the network. The attacker can further determine the location and identity of the host in the network.
Passive attacks are conducted using various social engineering attacks such as: Dumpster diving where an attacker goes through abandoned computers, devices or trash bins to try and acquire information from them. To prevent this, a school should always shred documents and format devices that are no longer in use. In phishing, an attacker can use SMS, e–mails or web advert to try and trick a user into giving sensitive information or visit a malicious website. The image shows an example of a phishing email. We can identify this from the sender’s email that looks suspicious, redirecting link and a sense of urgency. We will look more into this in the topics to come. Baiting involves luring a user with an offer such as branded corporate branded flash disks in exchange for private information.
In piggybacking or tailgating is when an unauthorized person physically follows an authorized person into a restricted corporate area, for example, a computer class or server room. In Pretexting, an attacker tries to persuade a user into giving sensitive information by providing a fictional backstory. The image shows an example of pretext social engineering where an attacker disguises as the CEO and tries to make a financial transaction. We have learned about active and passive attack vectors at in–depth. Can you identify similarities between them?
In both, an attacker identifies a potential target, collects information about a target using social engineering, malware or phishing, gains unauthorized access to the system and steal sensitive data or install malicious code and monitors the computer or network, steals information or use computing resources. What are the differences between active and passive attack vectors? The table shows how they differentiate. Kindly, pause the video and take a minute to study and understand the table.
A school or institution can take the following measures to protect themselves from attack vectors: Training of staff and students, Apply the Principle of Least Privilege where a user is given minimal access rights to perform the needed task. For example, a student can be granted permission to access the internet using kid–friendly search engines only, Use cybersecurity tools such as firewalls, password managers and VPNs for secure communications, Patch operating system and update device software to the latest version, Encrypt sensitive information and data at rest, in–transit and in processing, Monitor data and network access for all users and devices to unmask insider risk and Use two–factor authentication via a trusted second factor to minimize the number of breaches.
We have come to the end of this video. The next topic we will learn about Wireless and Mobile Device attacks.
