Principles of Security (COMP1843)

Threats & Attacks

Dr Irfan Chishti
Learning Objectives
⚫ Explore the enterprise information
security (InfoSec) needs
⚫ Identify
the threats posed to InfoSec and
the more common attacks associated
with those threats.
⚫ differentiate threats to the information within
systems..
2
Introduction
⚫ Primarygoal is to ensure systems &
contents stay the same, & If no threats
exist
➢ resources could be used for systems
mprovements to achieve ease of use and
usefulness
⚫ Attacks on ISs are a daily occurrence
Needs Analysis
InfoSec performs safeguarding functions
for an organisation to protect:
➢ Organisation’s ability to function
➢ Enablement of applications’ safe
operation
➢ Data
➢ Technology Assets
4
Organisation Ability to Function
⚫ InfoSec is every stakeholder’ responsibility
⚫ Management (general and IT) responsible
for implementation
⚫ Organisationshould address InfoSec in
terms of business impact and cost

5
Application’ Safe Operation
⚫ Organisation requires sustainable
infrastructure to provide safe environment
for applications using IT systems

⚫ Management must continue to oversee

infrastructure once in place—not relegate
to IT department
6
Protecting Data
⚫ Organisation without data, loses its
record of transactions and/or ability to
deliver value to customers
⚫ Protectingdata in motion and data at rest
are both critical aspects of InfoSec

7
Protecting Technology Assets
⚫ Secureinfrastructure based on
organisation size & scope.

⚫ More robust solutions may be needed

to replace security programs the
organisation has outgrown
8
InfoSec-Properties
⚫ InfoSecis about protecting CIA of
information from risks (threats &
Vulnerabilities)
⚫ Actions required: Safeguarding the
enterprise’ operations by protecting its
information assets and actioning on
vulnerabilities.
▪ IT, IS and data. 9
Risks
⚫ Vulnerability:Weakness or fault that can
lead to an exposure.
⚫ Threat: an object, person, or other entity
that represents a constant danger to an
asset
⚫ Management must be informed of the
different threats facing the organisation 10
Threats Categorisation

By examining each threat category,

management effectively protects
information through policy, education,
training, and technology controls
Compromises to Intellectual Property
⚫ Software Piracy: The unauthorized
duplication, installation, or distribution of
software
⚫ Controls: End User License Agreements,
user registration etc
 Deviations in Quality of Service
⚫ Products or services are not delivered as
expected
⚫ ISsdepend on many support systems. e.g.
internet service, communication and
power,outages affect systems’ availability.

14
Example: Internet service issues
⚫ Internetservice failures can
considerably undermine information
availability
⚫ Outsourced Web hosting provider
responsible for all Internet services as
well as hardware OS, and software
15
 Espionage or Trespass
⚫ Unauthorised access to secured info
⚫ Competitive intelligence (legal) vs. industrial
espionage (illegal)
⚫ Shoulder surfing: a person

accesses confidential info

Controls Alerts to trespassors
 Espionage or Trespass (cont’d.)
Hackers use skill, guile, or fraud to bypass
controls protecting others’ information
⚫ Expert hacker: Develops software to exploits

⚫ Unskilled hacker: Do not

usually fully understand
the systems they hack
17
 Forces of Nature
⚫ Considered the most dangerous threats,
e.g., fire, flood, earthquake, lightning,
landslide or mudslide, tornado or severe
windstorm, hurricane or tsunami etc
⚫ Disrupt daily life & storage, transmission &
use of information
⚫ Controls: to limit damage & prepare
contingency plans for continued operations 18
Human Error or Failure
⚫ Employee mistakes can easily lead to:
⚫ Revelation of classified data

⚫ Entry of erroneous data

⚫ Accidental data deletion or modification

⚫ Data storage in unprotected areas

⚫ Failure to protect information

19
Information Extortion
⚫ Involves stealing information from
systems & demands compensation for
its return or nondisclosure, .e.g., credit
card number theft

20
Sabotage or Vandalism
⚫ Itranges from petty vandalism to organised
sabotage.

⚫ Web site defacing can erode consumer

confidence, dropping company sales & net
worth
21
Technical Software Failures or Errors
⚫ Software contains unrevealed faults
⚫ Softwaremust be patched regularly, &
avoid common misconfigurations.
⚫ Combinationsof certain software and
hardware can reveal new software bugs

22
Technical Hardware Failures or Errors
⚫ Manufacturer distributes equipment
containing flaws to users
⚫ Can cause system to perform outside of
expected parameters, resulting in
unreliable or poor service
⚫ Some errors are terminal; some are
intermittent
23
Technological Obsolescence
⚫ Antiquated/outdated infrastructure can
lead to unreliable, untrustworthy systems
⚫ Propermanagerial planning should
prevent technology obsolescence

24
Theft
⚫ Illegally
taking of another’s property, i.e.,
physical, electronic, or intellectual.
⚫ Physical: controlled quite easily, e.g.,
locked areas to trained security personnel
& the installation of alarm systems.
⚫ Electronic & Intellectual: complex problem
to manage & control. Organisations may
not even know it has occurred. 25
Missing, Inadequate, or Incomplete

Missing, inadequate or incomplete policies,

procedures, planning or controls can make
organisations vulnerable to loss, damage,
or disclosure of information assets

26
Software Attacks
⚫ Malicioussoftware (malware) designed to
damage, destroy, or deny service to target
systems, includes:

⚫ Viruses,Worms, Trojan horses, Logic

bombs, Back door or trap door, Man in
the Middle, Polymorphic threats
27
Example: Software Patch ….

Exploit

Vulnerability Attack
 Attacks
⚫ Acts or actions that exploits vulnerability
(i.e., an identified weakness) in system.
⚫ Accomplished by threat agent tsuch as
malicious code hat damages or steals
organization’s information.
⚫ Malicious code: launching code & active
web scripts aiming to steal or destroy
information. 29
Attacks (Cont’d)
⚫ Virus: Malware propagating with human
help
⚫ Worms: Self-propagating malware over
networks
⚫ Trojan horses: Malware claiming benign
purpose
⚫ Logic bombs: Malicious code placed in
software, triggered by attacker
Attacks (Cont’d)
⚫ Backdoor: accessing system or network
using known or previously unknown
mechanism
⚫ Password crack: attempting to reverse
calculate a password.
⚫ Brute force: trying every possible
combination of options of a password
Attacks (Cont’d)
⚫ Dictionary: selects specific accounts to
attack & uses commonly used passwords
(i.e., the dictionary) to guide guesses

⚫ Mail
bombing: attacker routes large
quantities of e-mail to target
Attacks (Cont’d)
⚫ Denial-of-service (DoS): attacker sends
large number of connection or information
requests to a target
⚫ Target system cannot handle successfully
along with other, legitimate service requests
⚫ May result in system crash or inability to
perform ordinary functions
Denial of Service (DoS)

34
Attacks (Cont’d)
⚫ Distributed denial-of-service (DDoS):
coordinated stream of requests is
launched against target from many
locations simultaneously.
⚫ Spoofing: technique used to gain
unauthorized access; intruder assumes a
trusted IP address
36
Attacks (Cont’d)
Social engineering: using social skills to
convince people to reveal access
credentials or other valuable information.
Ransomware
⚫ This kind of attack encrypts important files,
rendering data inaccessible until you pay
the ransom. It often relies upon social
engineering techniques to gain a foothold.
Attacks (Cont’d)
⚫ Man-in-the-middle: attacker monitors
network packets, modifies them, and
inserts them back into network
⚫ Spam: unsolicited commercial e-mail;
more a nuisance than an attack, though is
emerging as a vector for some attacks
Man in the Middle

39
Attacks (Cont’d)
⚫ Sniffers: program or device that monitors
data traveling over network; can be used
both for legitimate purposes and for
stealing information from a network

⚫ Buffer
overflow: application error where
more data sent to a buffer than can be
handled
Attacks (Cont’d)
⚫ Timingattack: explores contents of a web
browser’s cache to create malicious cookie

⚫ Side-channel attacks: secretly observes

computer screen contents/electromagnetic
radiation, keystroke sounds, etc.
Attack (Cont’d)
Spear phishing: Tricking a person into handing
over the keys, not by writing a clever piece of
code.
⚫ Phishing attacks are growing more
sophisticated all the time, as official-looking
messages and websites, or communications
that apparently come from trusted sources,
are employed to gain access to your systems.
Attacks (Cont’d)
⚫ The targeting of high-level execs or
anyone with a high security clearance is
on the rise.
⚫ If cybercriminals can hack a CEO’s
account, e.g. they can use it to wreak
havoc and expose a lot of sensitive data.
 Current Trends
⚫ Project Sauron showcased another
sophisticated trait we expect to see on the
rise, that of the ‘passive implant’
⚫ A network-driven backdoor, present in
memory or as a back doored driver in an
internet gateway or internet-facing server,
silently awaiting magic bytes to awaken its
functionality
Current Trends (Cont’d)
⚫ Until
woken by its masters, passive
implants will present little or no outward
indication of an active infection, and are
thus least likely to be found by anyone
except the most paranoid of defenders, or
as part of a wider incident response
scenario
Current Trends (Cont’d)
⚫ Keep in mind that these implants have no
predefined command-and-control
infrastructure to correlate and provide a
more anonymous beachhead
⚫ thus, this is the tool of choice for the most
cautious attackers, who must ensure a
way into a target network at a moment’s
notice
 Safeguarding Measures
⚫ Prevention: By system design and using
security technologies and defenses.
⚫ Detection: If an attempted breach
occurs, make sure it is detected.
⚫ Response: Range from restoring from
backups or claiming on insurance,
through to informing stakeholders and law
- enforcement agencies.
Example: Data Breach
⚫ Employee receives a phishing email with
a link to a realistic looking internal site.
⚫ Employee opens the email, clicks the
link, and types in his/her user
credentials.
⚫ Malicious site collects the password
⚫ Malicious actor - access and download
sensitive files.
 Example: Counter Measures

⚫ Prevention:

⚫ Train employees, identify & block offsite

access, and encrypt files
⚫ Detection: Identify the effected data,

⚫ Response: Change employee’s password,

⚫ notify CTO and/or insurer,

⚫ begin post-breach plan.

InfoSec-Goal
InfoSec - compromise between total
safety and affordable safety.
⚫ cannot stop all loss

⚫ Goal: is to optimise risk.

⚫ Example: 80/20 Rule –solve 80% of
the problems with 20% of the effort
Summary
⚫ Management effectively protects its
information through policy, education,
training, and technology controls

⚫ Securesystems require secure hardware &

software
51
Summary
◼ In the real world, it is difficult to counter
threats; you limit vulnerabilities.
◼ If you counter a vulnerability, you are
essentially countering any threats that
may exploit it.
◼ Risk are there that needs effective
management control.