ATTACKS, EXPLOITS AND VULNERABILITIES
An attack is the act that takes advantage of a vulnerability to compromise an asset, thus resulting in a loss. It is accompanied by a threat-agent that denies, damages or steals an organization’s information or physical asset. A vulnerability is an identified weakness in a system, where controls are not present, or not effective or have become obsolete. Below you will find a list of attacks, threat agents and vulnerabilities. For this assignment you will need to pick five (5) of the below methods. Explain the method in detail and provide suggested prevention controls. For example, if malicious code were on the list below I would first explain the topic and then as suggested controls I would state: The obvious controls are good vulnerability management (e.g., installing patches on a regular basis), up-to-date antivirus, anti-spyware, etc., but there are also policy and awareness controls that guide users’ behavior (e.g., don’t click on links in email, etc). Please make sure that your answers are detailed and well supported. You must use a minimum of three outside sources.
Hoaxes with an attached virus
Back doors
Password attacks
Denial-of-service (DoS) and distributed denial-of-service (DDos) attacks
Spoofing
Man-in-the-middle (MITM)
Spam
Sniffer
Timing attack
Sample Solution
1. Hoaxes with an Attached Virus
Method:
- Attackers distribute emails or messages containing false warnings or sensational claims, often urging recipients to open an attached file or click a link.
- The attachment or link typically contains malicious code (virus, Trojan horse) that infects the user's system upon activation.
- Viruses can replicate, delete files, steal data, or cause other damage.
Full Answer Section
Prevention Controls:
- Educate users: Train them to recognize hoaxes, avoid opening suspicious attachments or links, and verify information with trusted sources.
- Install and update antivirus/anti-malware software: Use reputable software that detects and blocks known malware.
- Filter emails: Implement spam filters to block suspicious emails and warn users about potential threats.
- Disable macros in office documents: Prevent automatic execution of embedded code that could be malicious.
- Implement email security gateways: Scan incoming emails for malware and phishing attempts.
2. Back Doors
Method:
- Attackers create hidden entry points within software or systems, allowing unauthorized access and control.
- Back doors can be intentionally added during development or exploited through vulnerabilities.
- Used for remote access, data theft, installing malware, or launching other attacks.
Prevention Controls:
- Secure software development: Implement secure coding practices, conduct thorough code reviews, and use static analysis tools to identify potential vulnerabilities.
- Patch management: Regularly apply security patches to address known vulnerabilities in software and systems.
- Network segmentation: Isolate sensitive systems and data to limit the spread of attacks.
- Intrusion detection/prevention systems (IDS/IPS): Monitor network traffic for unusual activity and block potential attacks.
- Access controls: Enforce strict access controls to limit who can access systems and data.
3. Password Attacks
Method:
- Attackers attempt to obtain or guess user passwords to gain unauthorized access to systems or accounts.
- Techniques include brute force attacks (trying all possible combinations), dictionary attacks (using common words or phrases), social engineering (tricking users into revealing passwords), and credential stuffing (using leaked passwords from other breaches).
Prevention Controls:
- Strong passwords: Enforce policies requiring complex passwords with a combination of letters, numbers, symbols, and length requirements.
- Multi-factor authentication (MFA): Require additional authentication factors beyond passwords, such as one-time codes or biometrics.
- Password managers: Encourage users to use password managers to store and generate strong, unique passwords for multiple accounts.
- Password expiration: Enforce periodic password changes to reduce the risk of compromised passwords.
- Account lockout: Implement account lockout policies after a certain number of failed login attempts.
4. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Method:
- Attackers overwhelm a system or network with excessive traffic, making it unavailable to legitimate users.
- DoS attacks originate from a single source, while DDoS attacks use multiple compromised devices (botnets) to amplify the attack.
- Can disrupt online services, cause financial losses, and damage reputations.
Prevention Controls:
- Bandwidth capacity: Ensure adequate bandwidth to handle spikes in traffic.
- Traffic filtering: Implement firewalls and intrusion prevention systems (IPS) to block malicious traffic.
- DDoS mitigation services: Consider specialized services that can filter and absorb DDoS attacks.
- Redundancy: Design systems with multiple servers and load balancers to distribute traffic and reduce the impact of attacks.
- Incident response plan: Have a plan in place to quickly respond to and mitigate DDoS attacks.
5. Spoofing
Method:
- Attackers masquerade as a trusted entity to deceive users or systems.
- Common types include IP spoofing (faking an IP address), email spoofing (forging sender addresses), and website spoofing (creating fake websites that resemble legitimate ones).
- Used for phishing attacks, malware distribution, data theft, or gaining unauthorized access.
Prevention Controls:
- Email authentication: Implement SPF, DKIM, and DMARC to verify the authenticity of email senders.
- Website authentication: Use HTTPS and check for valid SSL/TLS certificates to ensure secure connections.
- User education: Train users to recognize spoofing attempts, such as checking for suspicious email addresses or website URLs.
- Network security controls: Implement firewalls and intrusion detection systems (IDS) to block spoofing attacks.
- Data validation: Validate data received from external sources to ensure authenticity.