1.2 Information Security Threats and Attack Vectors
Motives, Goals, and Objectives of Information Security Attacks
- Attacks = Motive (Goal) + Method + Vulnerability
- A motive originates out of the notion that the target system stores or processes something valuable and this leads to threat of an attack on the system.
- Attackers try various tools and attack techniques to exploit vulnerabilities in a computer system or security policy and controls to achieve their motives.
- Motives Behind Information Security Attacks:
- Disrupting business continuity
- Information theft
- Manipulating data
- Creating fear and chaos by disrupting critical infrastructures
- Propagating religious or political beliefs
- Achieving state's military objectives
- Damaging reputation of the target
- Taking revenge
Top Information Security Attack Vectors
- Cloud Computing Threats:
- Cloud computing is an on-demand delivery of IT capabilities where sensitive data of organization's and clients is stored.
- Flaw in one client's application cloud allow attackers to access other client's data.
- Advanced Persistent Threats: APT is an attack that focus on stealing information from the victim machine without the user being aware of it.
- Viruses and Worms: Viruses and worms are the most prevalent networking threat that are capable of infecting a network within seconds.
- Mobile Threats: Focus of attackers has shifted to mobile devices due to the increased adoption of mobile devices for business and personal purposes and comparatively lesser security controls.
- Botnet: A botnet is a huge network of the compromised systems used by an intruder to perform various network attacks.
- Insider Attack: It is an attack performed on a corporate network or on a single computer by an entrusted person (insider) who has authorized access to the network.
Information Security Threat Categories
- Information gathering
- Sniffing and eavesdropping
- Session hijacking and Man-in-the-Middle attack
- DNS and ARP Poisoning
- Password-based attacks
- Denial-of-Service attack
- Compromised-key attack
- Firewall and IDS attacks
- Malware attacks
- Password attacks
- Denial-of-Service attacks
- Arbitrary code execution
- Unauthorized access
- Privilege escalation
- Backdoor attacks
- Physical security threats
- Improper data/Input validation
- Authentication and Authorization attacks
- Security misconfiguration
- Information disclosure
- Broken session management
- Buffer overflow attacks
- Cryptography attacks
- SQL injection
- Improper error handling and exception management
Types of Attacks on a System
Operating System Attacks:
- Attackers search for vulnerabilities in an operating system's design, installation or configuration and exploit them to gain access to a system.
- OS Vulnerabilities: Buffer overflow vulnerabilities, bugs in operating system, unpatched operating system, etc.
攻擊者找尋作業系統或OS Level的漏洞來存取系統權限，例如Buffer overflow、作業系統的bug、未更新作業系統、特定的網路協定漏洞、攻擊系統權限、破壞file-system、破解密碼和加密機制。
Misconfiguration: Attacks Misconfiguration vulnerabilities affect web servers, application platforms, databases, networks, or frameworks that may result in illegal access or possible owning of the system.
- Attackers exploit the vulnerabilities in applications running on organizations' information system to gain unauthorized access and steal or manipulate data.
- Application Level Attacks: Buffer overflow, cross-site scripting, SQL injection, man-in-the-middle, session hijacking, denial-of-service, etc.
攻擊方式有Buffer overflow, Sensitive information disclosure, XSS, session hijacking, man-in-the-middle, denial-of-service attacks, SQL injection attacks, Phishing, Parameter/form tampering, Directory traversal attacks.
將session ID放在cookie裡而不是URL可防止session hijacking
Shrink-Wrap Code Attacks: Attackers exploit default configuration and settings of the off-the-shelf libraries and code.
- The term information warfare or InfoWar referes to the use of information and communication technologies (ICT) to take competitive advantages over an opponent.
- Defensive Information Warfare: It refers to all strategies and actions to defend against attacks on ICT assets.
- Emergency Preparedness
- Offensive Information Warfare: It refers to information warfare that involves attacks against ICT assets of an opponent.
- Web Application Attacks
- Web Server Attacks
- Malware Attacks
- MITM Attacks
- System Hacking
資訊戰武器像是有viruses, worms, Trojan horses, logic bombs, trap doors, nano machines nad microbes, electronic jamming和penetration exploits and tools.
資訊戰可分為：Command and control warefare (C2 warfare), Intelligence-based warfare, Electronic warfare, Psychological warfare, Hacker warfare, Economic warfare, Cyberwarfare.