Information Assets & Threats

Dr. M. Amutha Prabakar

Confidentiality
– Prevention of unauthorized disclosure or use of information assets
Integrity
– Prevention of unauthorized modification of information assets
Availability
– Ensuring authorized access of information assets when required
for the duration required
 Threats to information assets
• Risk is the potential threat, and process of
understanding and responding to factors that
may lead to a failure in the confidentiality,
integrity or availability of an information
system constitute risk management. The key
concerns in information assets security are:
– Theft
– fraud/ forgery
– unauthorized information access
– interception or modification of data and data
management systems
• Vulnerabilities
– Vulnerability is a weakness in an information system,
system security procedures, internal controls, or
implementation that could be exploited or triggered by
a threat source.
• ‘Threat agent or actor’ refers to the intent and
method targeted at the intentional exploitation of
the vulnerability or a situation and method that
may accidentally trigger the vulnerability.
• A ‘threat vector’ is a path or a tool that a threat
actor uses to attack the target.
• ‘Threat targets’ are anything of value to the threat
actor such as PC, laptop, PDA, tablet, mobile
phone, online bank account or identity
 Threat classification
• Microsoft has proposed a threat classification
called STRIDE from the initials of threat
categories:
– Spoofing of user identity
– Tampering
– Repudiation
– Information disclosure (privacy breach or data
leak)
– Denial of Service (D.o.S.)
– Elevation of privilege
• Threat agents (individuals and groups) can be classified
as follows:
– Non-Target specific: Non-Target specific threat agents are
computer viruses, worms, Trojans and logic bombs.
– Employees: staff, contractors, operational/ maintenance
personnel or security guards who are annoyed with the
company.
– Organized crime and criminals: criminals target
information that is of value to them, such as bank accounts,
credit cards or intellectual property that can be converted
into money. Criminals will often make use of insiders to
help them.
– Corporations: corporations are engaged in offensive
information warfare or competitive intelligence. Partners
and competitors come under this category.
– Unintentional human error: accidents, carelessness etc.
– Intentional human error: insider, outsider etc.
– Natural: Flood, fire, lightning, meteor, earthquakes etc.
Types of attacks
• Virus
– Virus is a malicious program able to inject its code
into other programs/ applications or data files and
the targeted areas become "infected“
• Worm
– Worm is a malicious program category, exploiting
operating system vulnerabilities to spread itself
• Trojan
– Computer Trojan or Trojan Horses are named after
the mythological Trojan horse owing to their
similarity in operation strategy
 Types of Virus
• Resident virus
– virus that embeds itself in the memory on a target host.
In such way it becomes activated every time the OS
starts or executes a specific action.
• Non-resident virus
– when executed, this type of virus actively seeks targets
for infections either on local, removable or network
locations. Upon further infection it exits. This way is
not residing in the memory any more.
• Boot sector virus
• Macro virus
– Virus written in macro language, embedded in Word,
Excel, Outlook etc. documents
• File-infecting virus (file-infector)
 Types of Worms
The most common categorization of worms relies on
the method how they spread:
• Email worms:
– spread through email messages, especially through those
with attachments.
• Internet worms:
– spread directly over the internet by exploiting access to
open ports or system vulnerabilities.
• Network worms:
– spread over open and unprotected network shares.
• Multi-vector worms:
– having two or more various spread capabilities
 Types of Trojans
• Computer Trojans or Trojan horses are named
after the mythological Trojan horse from Trojan
War
• Trojans do not self-replicate since its key
difference to a virus and require often end user
intervention to install itself
• Some of the most common Trojan types are:
– Remote Access Trojans (RAT) aka Backdoor. Trojan
- this type of Trojan opens backdoor on the targeted
system to allow the attacker remote access to the
system or even complete control over it. This kind of
Trojan is most widespread type and often has as well
various other functions
 Cont…
• Trojan-DDoS - this Trojan is installed simultaneously
on a large number of computers in order to create a
zombie network (botnet) of machines that can be used
(as attackers) in a DDoS attack on a particular target
• Destructive Trojan – this is designed to destroy or
delete data. It is much like a virus
• Info Stealer (Data Sending/ Stealing Trojan) - this
Trojan is designed to provide attacker with confidential
or sensitive information from compromised host and
send it to a predefined location (attacker)
• Security Software Disabler Trojan – this is designed to
stop security programs like antivirus solutions,
firewalls or IPS either by disabling them or killing the
processes
 Other security threats
• Malware
• Rootkit
• Spyware
• Tracking cookies
• Risk ware
• Adware
• Scare ware
• Spam
• Creep ware
• Blended Threat
 Network attacks
• Network attack is usually defined as an intrusion on
the network infrastructure that will first analyze the
environment and collect information in order to
exploit the existing open ports or vulnerabilities
• Characteristics of network attacks:
– Passive attacks: they refer to attack where the purpose is
only to learn and get some information from the system,
but the system resources are not altered or disabled in any
way.
– Active attacks: in this type of network attack, the
perpetrator accesses and either alters, disables or destroys
resources or data.
Cont…
– Outside attack: when attack is performed from
outside of the organization by unauthorized entity
it is said to be an outside attack.
– Inside attack: if an attack is performed from within
the company by an "insider" that already has
certain access to the network it is considered to be
an inside attack
– Others such as end users targeted attacks (like
phishing or social engineering): these attacks are
not directly referred to as network attacks, but are
important to know due to their widespread
occurrences
What types of attack are there?
• Social engineering – refers to a psychological
manipulation of people
• Phishing attack – this type of attack use social
engineering techniques to steal confidential
information. The most common purpose of
such attack targets victim's banking account
details and credentials
• Social phishing – in the recent years, phishing
techniques evolved much to include social
media like Facebook or Twitter. This type of
Phishing is often called Social Phishing
• Spear phishing attack – this is a type of
phishing attack targeted at specific individuals,
groups of individuals or companies
• Watering hole attack – this is a more complex type
of a phishing attack. Instead of the usual way of
sending spoofed emails to end users in order to
trick them into revealing confidential information,
attackers use multiple staged approach to gain
access to the targeted information.
• Port scanning – an attack type where the attacker
sends several requests to a range of ports to a
targeted host in order to find out what ports are
active and open, which allows them to exploit
known service vulnerabilities related to specific
ports
 Spoofing Attacks
• Spoofing – it is a technique used to
masquerade a person, program or an address as
another by falsifying the data with purpose of
unauthorized access.
• A few of the common spoofing types include:
– IP Address spoofing, This kind of spoofing is often
used in DoS attacks (Smurf Attack)
– ARP spoofing (ARP Poisoning), This kind of
spoofing is often used in man-in-the-middle
attacks
– DNS spoofing (DNS Cache Poisoning) – an attack
where the wrong data is inserted into DNS Server
cache
 Cont…
• Email spoofing
– a process of faking the email's sender "from" field in order to
hide real origin of the email
• Search engine poisoning
– attackers take advantage of high profile news items or
popular events that may be of specific interest for certain
group of people to spread malware and viruses
• Network sniffing (Packet Sniffing)
– a process of capturing the data packets travelling in the
network
• Denial of Service Attack (DoS Attack) and Distributed
Denial of Service Attack (DDoS Attack)
– an attack designed to cause an interruption or suspension of
services of a specific host/ server by flooding it with large
quantities of useless traffic or external communication
requests
 DoS (Denial-of-Service) attack
• Few of the most common DoS attack types:
– ICMP flood attack (Ping Flood)
– Ping of Death (PoD)
• this attack involves sending a malformed or otherwise
corrupted malicious ping to the host machine
– Smurf attack
• this works in the same way as Ping Flood attack with one
major difference that the source IP address of the attacker
host is spoofed with IP address
• ICMP Smurf Denial of Service SYN flood attack – this
attack exploits the way the TCP 3-way handshake works
during the TCP connection is being established
• Buffer overflow attack
• Botnet
• Man-in-the-Middle Attack
• Session hijacking attack
• Cross-side scripting attack (XSS attack)