Information Security Threats

and Vulnerabilities
 INF 203

Content

• Threats
• Vulnarabilities
• Attacks
• Phishing, Malware, Worms,
Ransomware, Spyware,
 Trojan
• Passwords attacks
• Examples weak passwords
• Password Managers
• Password attack tools

Threats
• Threat is a potential negative action or event facilitated by a vulnerability that
results in an unwanted impact on a router system or an application

Vulnerabilities
• Vulnerability is a weakness that can be exploited by an attacker

Attacks
• Attack is any attempt to expose, alter, disable, destroy, steal, or gain information
through unauthorized access to or make unauthorized use of an asset.
 Type of threats
Natural threats (Human) Intentional (Human) Hardware threats
threats Unintentional threats

Type of attacks Network-based

• DDOS, DOS, Sniffing, Eavesdropping, Spoofing

Social engineering Bypass of security measures

• Phishing, Smishing, Vishing, Pretexting, • Backdoor, Brut-Force Attack, Man in the

Whaling, Watering hole middle attack, Replay Attack
Phishing scams
 Primary vulnerabilities or weaknesses:

Technology Configuration
equipment

Security policy
weaknesses: weaknesses: weaknesses:
Unsecured user accounts, System accounts
with easily guessed
These include TCP/IP protocol weaknesses,
passwords, Misconfigured
operating system weaknesses, network
equipment weaknesses Internet services, Unsecured Lack of written security policy,
default settings within products, Politics, Lack of continuity, Logical access
Misconfigured network controls not applied
 Viruses

• virus generally refers to a malicious

program that self-replicates but requires
some user interaction to be initiated.
Spyware

• The term 'spyware' is a sub-division of viruses

and refers to those programs dedicated to
stealing your personal details (logins, passwords,
personal info, etc) once they've found a way
onto your computer or phone.

Malware and
trojans
• Malware is a more generic term that can be
used to refer to nefarious software, which has
been specifically designed to disrupt or damage
a computer system, while trojans are programs that pretend to be something they're
not, and include malicious additions.

Ransomware
• Ransomware, for example, will
hold your most sensitive (or
indeed, all) your files hostage
until you pay a ransom, but it
could get onto your computer
via a trojan, virus or worm.
Worms
• Much like viruses, worms differ in one key way:
viruses require an action on the part of the user
for them to spread, or for the initial infection to
take place. For example, receiving a malicious file
attached to an email would require you to open
the file for a virus to execute.
• Worms, on the other hand, need no such interaction
and can happily replicate and spread to different
computers (on a network or via a USB key, for
example) with no warning whatsoever.
• This makes worms potentially more dangerous than
viruses, trojans or other malware, as they're
harder to contain.

Password
Cracking
Brute-Force Attack
• Trying all possible passphrase combinations by
enumeration until you get the right one (e.g., you get a
meaningful plaintext, you access the system).
Analogous to the locker example

• Mitigations: Increase attempt-time, symbols,

possibilities for each symbol

Dictionary Attack
 • Dictionary attack: A variant of brute-force
attack for password cracking or
cryptanalysis in which, instead of
trying all the possible password
alternatives, you try only a set of
passwords from a dictionary

• Examples of dictionaries
- List of real words in any
language - Combinations of words
- Common passwords from public lists

Rainbow Table Attack

 Pre-Computed Dictionary Attacks: You could precompute a
list of hashes of dictionary words, and storing these in a
table, so that you always know the conversion.

- If “hash-chain” functions are used to store the pre

computed hashes, then the table is called rainbow table.

• Space-time Trade-off: Rainbow tables reduce storage

 requirements at the cost of slightly longer lookup-times.

• Example: LM (LanMan) hash is an example of an

authentication system compromised by such an attack.

Rainbow Table
Examples of - RedSox
- sandbags
• It can be easily tested automatically
with little lost time.
Weak - bunnyhop
• Identifiers:
- jsmith123
Passwords - IntenseCrabtree
- 1/1/1970
• Default passwords: - etc.
- 555–1234
• - password
• - default
- one's username - etc.
• Including words in non
• - admin
Examples of Weak
English dictionaries.
• - guest
• - etc. Examples of Weak Passwords
• Default passwords are supplied by the system
Passwords • Words with simple obfuscation: - p@ssw0rd
vendor (e.g., firewall,
• Words with numbers appended: - l33th4x0r
modem) and meant to be changed at
- g0ldf1sh
installation time. - password1
- etc.
- deer2000
• Lists of default passwords are widely available
on the internet. - john1234 • Simple obfuscations can be tested automatically
• Dictionary words: - - etc. with little additional effort.

chameleon • For example, a domain administrator password

compromised in the
DigiNotar attack was reportedly Pr0d@dm1n. - 314159... (pi)
• Doubled words: - crabcrab
- 27182... (e)
Passwords
• Anything personally related to an individual: • - license
- stopstop
- 112 (1-1-2) plate number
- treetree • - Social Security number
- etc.
• - current or past telephone numbers
Common sequences from a • - student ID
- passpass keyboard row: • - current address

- etc. - qwerty • - previous addresses

Examples of
• - birthday
- 123456 • - sports team

- asdfgh
Weak
• - relative's or pet's
names/nicknames/birthdays/initials

- fred • - etc.

Passwords - etc. • - All these can be easily tested automatically after a simple

Examples of
investigation of a
• Numeric sequences based on well • person's details (e.g., through social engineering)
known numbers such as:
- 911 (9-1-1, 9/11) Weak • • Dates:
• - dates follow a pattern and
make your password weak.
CNN: Top 10
Most Common
Passwords
• The top 10 most common passwords were:
- 123456
- 123456789
- qwerty
- password
- 111111
- 12345678
- abc123
- 1234567
- password1
- 12345
Password Managers

• • LastPass
• • BitWarden
• • iCloud KeyChain
 Password Managers: How Do
They Work
• You keep in mind only one master password
- Then the system generates one different password for each
service
• Best if integrated with a Two-Factor Authentication
(2FA), such as:
- SMS text
- Google Authenticator
- YubiKey
Hashcat is one of the most popular and widely used
Password password crackers in existence. It is available on every
operating system and supports over 300 different
attack tool types of hashes. Hashcat enables highly-parallelized
password cracking with the ability to crack multiple
different passwords on multiple different devices at
1. Hashcat the same time and the ability to support a distributed
hash-cracking system via overlays. Cracking is
optimized with integrated performance tuning and Password attack tool
temperature monitoring.

3. Brutus

2. John the Ripper Brutus is one of the most popular remote online
password-cracking tools. It claims to be the fastest and
most flexible password cracking tool. This tool is free and
John the Ripper is a well-known free open-source is only available for Windows systems. It was released
password cracking tool for Linux, Unix and Mac OS X. A back in October 2000.
Windows version is also available.
Brutus supports a number of different
John the Ripper offers password cracking for a variety of
different password types. It goes beyond OS passwords authentication types.
to include common web apps (like WordPress),
It is also capable of supporting multi-stage authentication
compressed archives, document files (Microsoft Office
files, PDFs and so on), and more. protocols and can attack up to sixty different targets in
A pro version of the tool is also available, which offers parallel. It also offers the ability to pause, resume and
better features and native packages for target operating import an attack.
systems. You can also download Openwall GNU/*/Linux
that comes with John the Ripper.
 4. Wfuzz THC Hydra is extensible with the ability to easily install new modules. It
also supports a number of network protocols, including Asterisk, AFP,
Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET,
HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-
Wfuzz is a web application password-cracking tool like Brutus that tries to crack GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ,
passwords via a brute-force guessing attack. It can also be used to find hidden IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle
resources like directories, servlets and scripts. Wfuzz can also identify injection SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin,
vulnerabilities within an application such as SQL injection, XSS injection and
Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and
LDAP injection.
v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
Key features of the Wfuzz password-cracking tool include: Injection at
multiple points in multiple directories Output in colored HTML
Post, headers and authentication data brute-forcing Proxy and
SOCK support, multiple proxy support
Multi-threading
HTTP password brute-force via GET or POST requests Time delay 6. Medusa
between requests
Cookie fuzzing
Medusa is an online password-cracking tool similar to THC

Password attack tool Hydra. It claims to be a speedy parallel, modular and login brute-
forcing tool. It supports HTTP, FTP, CVS, AFP, IMAP, MS SQL,
MYSQL, NCP, NNTP, POP3, PostgreSQL, pcAnywhere, rlogin, SMB,
rsh, SMTP, SNMP, SSH, SVN, VNC, VmAuthd and Telnet.
Medusa is a command-line tool, so some level of
5. THC Hydra command-line knowledge is necessary to use it. Password-
cracking speed depends on network connectivity. On a
local system, it can test 2,000 passwords per minute.
THC Hydra is an online password-cracking tool that attempts to Medusa also supports parallelized attacks. In addition to a
determine user credentials via brute-force password guessing attack. It is
wordlist of passwords to try, it is also possible to define a list of
available for Windows, Linux, Free BSD, Solaris and OS X.
 usernames or email addresses to test during an attack. Using anything but a random password
How to create a password that’s hard to crack

•The longer the password, the harder it is to crack

•Always use a combination of characters,
numbers and special characters
•Variety in passwords
What to avoid while selecting your password

Using a dictionary word

Using personal information
Using patterns
Using character substitutions
Using numbers and special characters only at the
end
Using common passwords