Cyber attacks and services

Introduction

Cyber attack type of offensive maneuver employed by individuals

or whole organizations .
targets computer information systems, infrastructures, computer
networks, and/or personal computer devices by various means of
malicious acts.
It is usually originating from an anonymous source that either
steals, alters, or destroys a specified target by hacking into a
susceptible system.

Types of cyber attacks

. Destructive attacks
These attacks relate to inflicting damage on specific organizations
Ex: Wiper (malware)
December 2011, the malware successfully erased information on
hard disks at the Oil Ministry's headquarters Iran

 Cyberwarfare
These are politically motivated destructive attacks aimed at
sabotage and espionage
Ex: 2007 cyberattacks on Estonia
started in 27 April 2007 and swamped websites of Estonian
organizations, including Estonian parliament, banks,
ministries, newspapers and broadcasters, amid the country's
disagreement with Russia
Government espionage
These attacks relate to stealing information from/about
government organizations.
Ex: 2008 Cyberattack on the United States "worst breach of U.S.

military computers in history

USB flash drive infected by a foreign intelligence agency was left in the
parking lot of a Department of Defense facility at a base in the Middle
East. It contained malicious code and was put into a USB port from a
laptop computer that was attached to United States Central Command .
The Pentagon spent nearly 14 months cleaning the worm, named
agent.btz, from military networks.

Corporate espionage
These attacks relate to stealing data from corporations related to
proprietary methods or emerging products/services.
Ex: Operation Socialist

Government Communications Headquarters (GCHQ) to an operation in

which GCHQ successfully breached the infrastructure of the Belgian
telecommunications company Belgacom between 2010 and 2013.
The main target was to gain access to Belgacom's GRX Operator to
enable GCHQ to obtain roaming data for mobile devices and execute
what is generally referred to as Man-in-the-middle attack against targets.
Stolen e-mail addresses and login credentials
These attacks relate to stealing login information for specific web
resources.
Ex: 2011 PlayStation Network outage April 17 and April 19, 2011
Result of an "external intrusion" on Sony's PlayStation Network and
Qriocity services, in which personal details from approximately 77 million
accounts were compromised and prevented users of PlayStation 3 and
PlayStation Portable consoles from accessing the service.
IEEE in September 2012, it exposed user names, plaintext passwords,
and website activity for almost 100,000 of its members. [9]

 Stolen credit card and financial data

EX: The 2014 JPMorgan Chase data breach was a
cyber-attack against American bank JPMorgan Chase
compromised data associated with over 83 million accounts
during sept 2014
The bank declared that login information(SSN & passwords)
not disclosed but personal information associated with the
account like names, email and postal addresses, and phone
numbers of account holders were obtained by hackers
Citigroup, HSBC Holdings, E*Trade,
Regions Financial Corporation other banks affected
Stolen medical-related data
Ex: Anthem, Premera Blue Cross and CareFirst health care
payer organisation
netted information on more than 91 million people

Security Vulnerabilities
Know your vulnerabilities
OWASP
(http://www.owasp.org)

National Vulnerability Database

(http://nvd.nist.gov)

SANS Top 20
(www.sans.org/top20)

Others

OWASP Top Security Vulnerabilities

1 - Cross Site Scripting (XSS) XSS flaws occur whenever an application takes user
supplied data and sends it to a web browser without first validating or encoding that
content. XSS allows attackers to execute script in the victim's browser which can hijack user
sessions, deface web sites, possibly introduce worms, etc.
2 - Injection Flaws Injection flaws, particularly SQL injection, are common in web
applications. Injection occurs when user-supplied data is sent to an interpreter as part of a
command or query. The attacker's hostile data tricks the interpreter into executing
unintended commands or changing data.
3 - Malicious File Execution Code vulnerable to remote file inclusion (RFI) allows
attackers to include hostile code and data, resulting in devastating attacks, such as total
server compromise. Malicious file execution attacks affect PHP, XML and any framework
which accepts filenames or files from users.
4 - Insecure Direct Object Reference A direct object reference occurs when a developer
exposes a reference to an internal implementation object, such as a file, directory, database
record, or key, as a URL or form parameter. Attackers can manipulate those references to
access other objects without authorization.
5 - Broken Authentication and Session Management Account credentials and session
tokens are often not properly protected. Attackers compromise passwords, keys, or
authentication tokens to assume other users' identities.
6- Insecure Cryptographic Storage Web applications rarely use cryptographic functions
properly to protect data and credentials. Attackers use weakly protected data to conduct
identity theft and other crimes, such as credit card fraud.
7 - Insecure Communications Applications frequently fail to encrypt network traffic when
it is necessary to protect sensitive communications.
9 Failure to Restrict URL Access Frequently, an application only protects sensitive
8-

OWASPTop1:CrossSiteScripting

What is Cross Site Scripting?

In its simplest form, its a process that can occur anywhere a web application
uses input from a malicious user to generate output without validating or
encoding the input.
During a Cross Site Scripting attack, a malicious source sends a script that is
executed by the end users browser. It allows attackers to embed code from
one webpage into another webpage by changing its HTML code.
Its been used to deface web sites, conduct phishing attacks, or it can take over
a users browser and force them to execute commands theyre unaware of .
Cross Site Scripting attacks usually come in the form of JavaScript however,
any active content poses a potential danger.

Prevention

Validate the users input against what is expected

Encode user supplied output
After you believe youve done the right things during code development,
inspect your code with a scan.

10

OWASPTop2:InjectionFlaws(SQLInjection)

What is SQL Injection

SQL injection is the actual injection of SQL commands into web
applications through user input fields .
When an application uses internal SQL commands and you also have user
input capabilities (like a login screen), SQL commands can be injected that
can create, read, update, or delete any data available to the application.

Prevention
You can put tight constraints on user inputs. But the best method of
preventing SQL injection is to avoid the use of dynamically generated
SQL in your code. Instead use stored or canned procedures .
And then again, run a scan to make sure your application is not vulnerable
to SQL injections.

11

OWASPTop3:MaliciousFileExecution

What is Malicious File Execution

When Developers program applications to use input files provided by the user
and the bad guy is the one entering the file, a malicious file is executed
unknowingly, thus we have malicious file execution.
Malicious file execution attacks can occur anytime the application accepts
filenames or files from a users.
When these files are executed, they can be used to do just about anything from
stealing data to taking over the entire system.
Ex : Keyloggers

Prevention
Strongly validate user input using "accept known good" as a strategy, or isolate
incoming files and check them legitimacy before executing them.
Disable certain PHP commands: I suggest that you visit the OWASP website to
see what commands to disable.

12

SANSTop20SecurityVulnerabilities
Information goes here
2nd level info
2nd level contd
Information goes here
Information goes here

13

NationalVulnerabilityDatabase

14

NationalVulnerabilityDatabase

In the near future, information

warfare will control the form and
future of war... Our sights must not
be fixed on the fire-power of the
industrial age; rather, they must be
trained on the information warfare of
the information age.

15

NationalVulnerabilityDatabase

In the near future, information

warfare will control the form and
future of war... Our sights must not
be fixed on the fire-power of the
industrial age; rather, they must be
trained on the information warfare of
the information age.

16

Other Vulnerabilities
Code Mistakes
Untrained Users
Insecure Configuration Settings

17

Code Mistakes
Implement Prevention in Code
Thoroughly Test
Use Tools

18

Untrained Users
Security ignorance compromises data
Provide the training
Rules of Behavior
Annual refresher training

19

Insecure Configuration Settings

NIST based Business Needs
System Upgrades
Vulnerability Scans

20

Items of Special Interest

Keyloggers & WSNPOEM

What are these threats and why are
they of Special Interest to Federal
Student Aid and learning institutions?
What can be done to mitigate these
threats?

21

Item of Special Interest: Keyloggers

Whats a Keylogger and how does it
exploit a Web Application?
Downloaded unknowingly
Resident on Personal Computers
Captures User Activity
Usually part of a malicious Network or
BOTNET
Education notified of compromises by
US-CERT
22

Keylogger Mitigations

23

Train users
Implement effective Anti-Spyware, Anti-Virus
Keep patches and versions current
Firewall
Automatic form filler programs
Cut and paste
One-time passwords
Smartcards
Virtual keyboards

Virtual Keyboard

A virtual keyboard is provided on Federal Student Aids Enterprise Security

login page and does not require end users to acquire additional software.

24

Virtual Keyboard
Some of the features of Federal Student Aids Virtual Keyboard
Include:

Highly effective in evading true Key Logging

Widely used by many financial institutions
Low cost technology to deploy (even for 50 million users)
Does not require any new hardware or software on client
machines
Can work in conjunction with the existing keyboard
Keys can be entered by mouse click or by leaving mouse on
the key for 2 seconds
Virtual keyboard randomly shifts on the screen

25

To check site vulnerability

Netcraft Anti-Phishing Toolbar
Key features
Detailed site reports
Risk Ratings
Protection against phishing sites
Protection against cross site scripting (XSS)
http://toolbar.netcraft.com/