Understanding Vulnerability Exploitation In Network Security

Exploiting vulnerabilities is another common method of infiltration. Attackers will scan computers to gain information about them. Below is a common method for exploiting vulnerabilities:

Step 1. Gather information about the target system. This could be done in many different ways such as a port scanner or social engineering. The goal is to learn as much as possible about the target computer.

Step 2. One of the pieces of relevant information learned in step 1 might be the operating system, its version, and a list of services running on it.

Step 3. When the target’s operating system and version are known, the attacker looks for any known vulnerabilities specific to that version of OS or other OS services.

Step 4. When a vulnerability is found, the attacker looks for a previously written exploit to use. If no exploits have been written, the attacker may consider writing an exploit.

Figure 1 portrays an attacker using whois, a public Internet database containing information about domain names and their registrants. Figure 2 portrays an attacker using the nmap tool, a popular port scanner. With a port scanner, an attacker can probe ports of a target computer to learn about which services are running on that computer.

Advanced Persistent Threats

One way in which infiltration is achieved is through advanced persistent threats (APTs). They consist of a multi-phase, long term, stealthy and advanced operation against a specific target. Due to its complexity and skill level required, an APT is usually well funded. An APT targets organizations or nations for business or political reasons.

Usually related to network-based espionage, APT’s purpose is to deploy customized malware on one or multiple of the target’s systems and remain undetected. With multiple phases of operation and several customized types of malware that affect different devices and perform specific functions, an individual attacker often lacks the skill-set, resources or persistence to carry out APTs.

DDoS

A Distributed DoS Attack (DDoS) is similar to a DoS attack but originates from multiple, coordinated sources. As an example, a DDoS attack could proceed as follows:

An attacker builds a network of infected hosts, called a botnet. The infected hosts are called zombies. The zombies are controlled by handler systems.

The zombie computers constantly scan and infect more hosts, creating more zombies. When ready, the hacker instructs handler systems to make the botnet of zombies carry out a DDoS attack.

Click Play in the figure to view the animations of a DDoS attack.

SEO Poisoning

Search engines such as Google work by ranking pages and presenting relevant results based on users’ search queries. Depending on the relevancy of web site content, it may appear higher or lower in the search result list. SEO, short for Search Engine Optimization, is a set of techniques used to improve a website’s ranking by a search engine. While many legitimate companies specialize in optimizing websites to better position them, a malicious user could use SEO to make a malicious website appear higher in search results. This technique is called SEO poisoning.

The most common goal of SEO poisoning is to increase traffic to malicious sites that may host malware or perform social engineering. To force a malicious site to rank higher in search results, attackers take advantage of popular search terms.

What is a Blended Attack?

Blended attacks are attacks that use multiple techniques to compromise a target. By using several different attack techniques at once, attackers have malware that is a hybrid of worms, Trojan horses, spyware, keyloggers, spam and phishing schemes. This trend of blended attacks is revealing more complex malware and placing user data at great risk.

The most common type of blended attack uses spam email messages, instant messages or legitimate websites to distribute links where malware or spyware is secretly downloaded to the computer. Another common blended attack uses DDoS combined with phishing emails. First, DDoS is used to take down a popular bank website and send emails to the bank’s customers, apologizing for the inconvenience. The email also directs the users to a forged emergency site where their real login information can be stolen.

Many of the most damaging computer worms like Nimbda, CodeRed, BugBear, Klez and Slammer are better categorized as blended attacks, as shown below:

Some Nimbda variants used email attachments; file downloads from a compromised web server; and Microsoft file sharing (e.g., anonymous shares) as propagation methods.
Other Nimbda variants were able to modify the system’s guest accounts to provide the attacker or malicious code with administrative privileges.

The recent Conficker and ZeuS/LICAT worms were also blended attacks. Conficker used all the traditional distribution methods.

What is a Blended Attack?

Many of the most damaging computer worms like Nimbda, CodeRed, BugBear, Klez and Slammer are better categorized as blended attacks, as shown below:

Some Nimbda variants used email attachments; file downloads from a compromised web server; and Microsoft file sharing (e.g., anonymous shares) as propagation methods.
Other Nimbda variants were able to modify the system’s guest accounts to provide the attacker or malicious code with administrative privileges.

The recent Conficker and ZeuS/LICAT worms were also blended attacks. Conficker used all the traditional distribution methods.

What is Impact Reduction?

While the majority of successful companies today are aware of common security issues and put considerable effort towards preventing them, no set of security practices is 100% efficient. Because a breach is likely to happen if the prize is big, companies and organizations must also be prepared to contain the damage.

It is important to understand that the impact of a breach is not only related to the technical aspect of it, stolen data, damaged databases, or damage to intellectual property, the damage also extends to the company’s reputation. Responding to a data breach is a very dynamic process.

Below are some important measures a company should take when a security breach is identified, according to many security experts:

Communicate the issue. Internally employees should be informed of the problem and called to action. Externally, clients should be informed through direct communication and official announcements. Communication creates transparency, which is crucial in this type of situation.
Be sincere and accountable in case the company is at fault.
Provide details. Explain why the situation took place and what was compromised. It is also expected that the company take care of the costs of identity theft protection services for affected customers.
Understand what caused and facilitated the breach. If necessary, hire forensics experts to research and learn the details.
Apply what was learned from the forensics investigation to ensure similar breaches do not happen in the future.
Ensure all systems are clean, no backdoors were installed, and nothing else has been compromised. Attackers will often attempt to leave a backdoor to facilitate future breaches. Make sure this does not happen.
Educate employees, partners, and customers on how to prevent future breaches.

Now Tell Us Your Own Side Of This Story.

We would also like to hear what you feel about the topic we discussed today. Your feedback is very important to us. Feel free to drop your comments and recommendations. If you have a contrary opinion, you can drop that too.

You can also joint our Facebook Page CRMNigeria for more updates. You can do that by clicking on the link or searching for our page on Facebook.

You Can Also Join Our WhatsApp Group Here.

Finding the right Long-tail Keywords? Start Your Journey Here.

oneric

Search This Blog