1. Introduction to Cyber Threats

2. Vulnerabilities

3. Vulnerability Assessment (VA)

4. Lab: VA

Malicious Activity on the Rise

• Increasing Cyberattacks:
  • High-profile incidents demonstrate the growing severity of cyber threats.
• Widespread Impact:
  • Data breaches are affecting both public and private sectors, with no one immune from risks like data theft or identity loss.
• Underreported Incidents:
  • Many cyberattacks go unpublicised, only known to security professionals and IT staff.
• Role of Security Professionals: is to protect systems, identify vulnerabilities, and respond swiftly to mitigate malicious activities.

Global Hacking Statistics:

Challenges in tracking origin due to botnets, which allow hackers to mask their locations

What Are You Trying to Protect?

Types of Sensitive Data and Assets

• Customer Data: Personal information (e.g., SSN, cardholder data, health info)
• IT Assets: Hardware, software, and network services
• Intellectual Property: Patents, source code, formulas, engineering plans
• Financial Data: Bank accounts, credit card details, transaction data
• Service Availability: System uptime and productivity support
• Reputation: Public trust and brand perception

Types of Sensitive Data and Assets: Typical IT Infrastructure

How the attack(s)happen?

• Vulnerability: A weakness in a system that can be exploited by a threat (e.g., unpatched software).
• Threat: Any potential danger that could exploit a vulnerability (e.g., hackers, malware).
• Risk: The potential for loss or damage when a threat exploits a vulnerability.

How the attack(s)happen? Cont'

• Vulnerability exists --->> possibility of a threat.

• Can you eliminate threats?

• Can you protect against vulnerabilities?

Challanges

• Complex Process: Identifying and responding to threats can be complicated.

• Cost vs. Value: Evaluate if the cost of protection exceeds asset value.

• Optimal Strategy/Strategic Approach: Aim to reduce threats but avoid over-investing in protection beyond asset worth.

Threats

• Threats can come from an individual, a group of individuals, or an organiseation.

• A threat to a computing device is any action, either accidental or malicious, that can have a negative effect on the assets and resources of an individual or organiseation.

• The asset might be hardware/software, databases, files, data, or the physical network itself.

Type of Threats: threaten each of the CIA

• Disclosure threats: Unintended or unauthorised exposure of sensitive, confidential, or personal information.E.g, database of medical records.

  • Sabotage and Espionage.

• Alteration threats:unauthorised changes to data on a system.

  • violates information integrity.
  • creating, changing, deleting, and writing information to a network resource

• Denial or destruction threats:make assets or resources unavailable or unusable

  • Violates the availability
  • DoS, DDoS

Some Types of Threat

1. Malicious Software (Malware):

• Viruses: Self-replicating programs that spread by attaching to legitimate files, often corrupting data.
• Worms: Similar to viruses but spread independently across networks without attaching to other programs.
• Trojans: Malicious software disguised as legitimate, used to perform harmful actions like opening backdoors.
• Ransomware: Malware that encrypts data and demands payment for decryption.
• Spyware: Software that covertly collects information about users or organiseations, often for monitoring purposes.

2.Phishing and Social Engineering:

• Phishing: A deceptive tactic where attackers impersonate trusted entities in digital communication to trick individuals into revealing sensitive information.

• Spear Phishing: A more targeted form of phishing, where attackers tailor their messages to a specific individual or organiseation to increase the likelihood of success.

• Baiting: Offering something enticing to lure a victim into a trap, such as offering free software that is actually malicious.

Vulnerabilities:

A vulnerability is a weakness in a system that can be exploited by an attacker to deliver a successful attack.

• It happens due to design flaws, coding errors, configuration issues, or insufficient security controls.

• Up until Aug-24: 259685 unique and verified software vulnerabilities were disclosed in the US National Vulnerability Database (NVD).

Zero-Day Vulnerabilities:

• A zero-day vulnerability is an unknown vulnerability in software that is exploited by attackers before the developer has released a patch.

• No immediate fix available.

• Example: The Stuxnet worm used several zero-day vulnerabilities to spread and cause damage to Iran's nuclear facilities.

Categories of Vulnerabilities:

• Hardware Vulnerabilities:
  • Issues inherent to physical components of computer systems. E.g., Meltdown and Spectre are hardware vulnerabilities that exploit flaws in microprocessors, allowing attackers to access sensitive data (Tricks programs).
    • Search for Rowhammer & See this: SeedLab
• Software Vulnerabilities:
  • Flaws or bugs in software applications or operating systems. These can arise from poor coding practices, lack of input validation, or inadequate testing. Examples include buffer overflows, code injection, and improper error handling.

Categories of Vulnerabilities: Cont'

• Network Vulnerabilities:

  • Weaknesses in the design, implementation, or configuration of network systems. Common issues include open ports, weak encryption protocols, and poorly configured firewalls. These vulnerabilities can be exploited to intercept, alter, or block data transmission.

• Human Factors:

  • Mistakes or oversights by individuals that can lead to security breaches. Examples include using weak passwords, falling for phishing attacks, or mishandling sensitive data. Human error is often considered the weakest link in cybersecurity.

Exploitation Techniques

1. Buffer Overflows:
   • When more data is written to a buffer than it can hold, potentially allowing an attacker to overwrite memory and execute arbitrary code.
   • Com PL: C and C++ that do not automatically manage memory.
   • The Morris Worm, one of the first widespread worms, exploited a buffer overflow in the UNIX finger protocol.

Exploitation Techniques

2. Cross-Site Scripting (XSS):
   • Occur in web applications when user input is not properly validated and sanitised.
   • This allows attackers to inject malicious scripts into web pages viewed by other users. These scripts can steal cookies, session tokens, or redirect users to malicious sites.
     

Exploitation Techniques

3. SQL Injection:
   • It's a technique where an attacker inserts malicious SQL code into a query through input fields. If not properly handled, this can manipulate the database, allowing attackers to retrieve, modify, or delete data.
     Example: The 2014 Sony Pictures hack involved SQL injection to access and steal sensitive data.
     

Vulnerabilities Assessment

• Vulnerability Assessment is a systematic process used to identify, quantify, and prioritise the security vulnerabilities in an information system.

• It aims to detect weaknesses that could be exploited by attackers.

• Goals:

  • To proactively identify and mitigate vulnerabilities before they can be exploited.
  • To prioritise vulnerabilities based on their severity, enabling organisations to address the most critical issues first.

Types of Vulnerability Assessments:

1. Network-Based Assessments: Focuses on identifying vulnerabilities within the network infrastructure, including routers, switches, firewalls, and network protocols
   • Findings: open ports, insecure protocols, weak encryption.
   • Populer tools: Nmap, OpenVAS and Nessus

Types of Vulnerability Assessments:

2. Host-Based Assessments: Examines individual servers, workstations, and other devices for vulnerabilities related to their operating systems and installed software
   • Findings: missing patches, outdated software, weak passwords.
   • Populer tools: MBSA, OpenVAS and Nessus

Types of Vulnerability Assessments:

3. Web-Based Assessments:Analyses web applications for vulnerabilities that could be exploited through web-based attacks, such as SQL injection, XSS, and CSRF.

   • Findings: Input validation flaws, session management issues, improper authentication mechanisms.
   • Tool: ZAP

Types of Vulnerability Assessments:

4. Database Assessments:Focuses on identifying vulnerabilities within database management systems, including issues related to data integrity, access controls, and encryption.

   • Findings:lack of encryption, configuration error, misconfigured access controls.
   • Tool: SQLMAP

Steps in Conducting a Vulnerability Assessment (6 steps)

1. Define the Scope: Determine the assets, systems, and networks to be assessed sensitive data, and external-facing applications.

2. Identify Vulnerabilities: Use automated tools and/or manual techniques to scan for vulnerabilities.

3. Classify and Prioritise Vulnerabilities: based on factors like severity, potential impact, and exploitability. CVSS is often used to rank vulnerabilities.

4. Report Findings: Document the identified vulnerabilities and provide detailed reports that include the risk associated with each vulnerability, along with recommended mitigation strategies.

5. Remediation and Mitigation: Address the vulnerabilities by applying patches, changing configurations, or implementing additional security controls.

6. Re-assessment: conduct a follow-up assessment to ensure vulnerabilities have been successfully addressed.

   • Continuous Monitoring: Implement ongoing monitoring to detect new vulnerabilities as they emerge.

Real-World Case Studies:

• Uber Data Breach (2016): Attackers exploited vulnerabilities in Uber’s application to access sensitive user data. A vulnerability assessment could have identified these weaknesses and prevented the breach.

• SolarWinds Supply Chain Attack (2020): attackers compromised SolarWinds' Orion software by injecting malicious code into an update, creating a backdoor known as "SUNBURST."

  • This allowed unauthorised access to the networks of numerous government agencies and large corporations. The attack highlighted the critical need for securing third-party software and update mechanism

Best Practices for Application-Based Vulnerability Assessment

1. Integrate Security in Development: Incorporate security assessments within the software development lifecycle (SDLC) to address vulnerabilities early.

2. Adopt a Risk-Based Approach: Prioritise vulnerabilities based on impact and exploitability, focusing on critical issues using risk assessment frameworks.

3. Continuous Monitoring: Regularly monitor applications for new vulnerabilities, and improve security practices through ongoing feedback.

Lab:

1- Vulnerability Assessment