Cybersecurity and Third-Party Risk. Gregory C. Rasner

Чтение книги онлайн.

       Cybercriminal: The modern‐day equivalent of the bank robbers, cybercriminals are electronic thieves. Most often, they deploy ransomware, phishing attacks, spear phishing, fake documentation, or denial‐of‐service attacks. The Home Depot attack in 2014 was the work of cybercriminals to steal payment card information.

       Nation‐state: Many nations have dedicated, highly skilled hackers who're paid to hack and perform espionage. However, some countries are more like cybercriminals, using their resources to become electronic bank robbers, and are known as Advanced Persistent Threats (APTs) because these organizations have nearly unlimited resources and time to focus on their target. Examples include the Sony attack by North Korean hackers in 2014; and Stuxnet (in 2009) whose origin hasn't been confirmed but largely thought to be a collaboration between Israeli and U.S. intelligence services to damage and delay the Iranian nuclear plans. Stuxnet is largely considered the first occurrence of cyberwarfare.

       Disgruntled employee: The insider threat is often not appreciated by business. We like to trust our employees and colleagues; however, there are some who will steal company data or property. For example, in 2018, a Tesla employee sabotaged the computer systems and sent proprietary data to outside parties.

       Professional hacking group: Usually this group consists of a loose confederation of highly skilled hackers who pool their resources to target for a political purpose, financial gain, or on behalf of cybercriminals. This group can also be referred to as APT due their resources and commitment. In 2020, the Philippine Long Distance Telephone (PLDT) company had its customer service Twitter account hacked by the Anonymous Philippines group. The group changed the profile name to “PLDT Doesn't Care.” The first tweet by the hackers was aggressive: “As the pandemic arises, Filipinos need fast internet to communicate with their loved ones. Do your job. The corrupt fear us, the honest support us, the heroic join us. We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.”

       Hacktivist: Driven by political or social causes, this bad actor typically steals embarrassing information to cause reputational damage. The 2012 WikiLeaks' leaking of declassified information from the U.S. State Department and other countries is an example of hacktivism.

       Botnet masters: These malware creators create bots, which are an automated collection of internet‐connected devices that an attacker has compromised. These bots are leveraged by the creator to steal data or compromise systems. The botnet Mirai is a prime example. In 2016, the creators of this botnet software launched an attack on a security service company and at its peak infected over 6 million devices.

       Script kiddies: These generally unsophisticated hackers use off‐the‐shelf tools to gain access mostly for bragging rights, but sometimes for financial gain. In 2015, a 15‐year‐old was arrested for hacking into the U.K. telecom carrier TalkTalk Group PLC. While the attack was not sophisticated, it exploited an easy SQL injection method to gain access to a database.

       Phishing: Nearly 100 percent of email users have received phishing emails. Posing as legitimate emails, these fake emails are used to encourage the email recipient to click a link, download a file, or even call a number so that the attacker can steal credentials or data, plant malware, or contact them for another malicious intent. One of the most concerning successful phishing examples is also a third‐party one as well: In January of 2019, there was a report of how Russian state threat actors had gained access to the U.S. power grid. They didn't accomplish this by attacking the hardened sites at the power infrastructure operators, but at their suppliers. A phishing campaign targeted the vendors for the power grid operators, taking advantage of the trust relationship they had with the intended target.Phishing types can include the following:Spear phishing: This type is targeted at a specific individual, and isn't a typical mass email campaign to thousands of targets. Often, these specific targets are researched on LinkedIn and other company websites before being phished. There are only so many ways an email address is created (e.g., grasner@ or greg.rasner@ or Gregory.rasner@ and so on). If an attacker can focus on one (or a few targets) who likely has privileged access (i.e., IT Admin, HR Sys Admin, etc.), then they only have to try a few dozen options before they likely get it right.Whale phishing: Where do you go to get the best data? To the top! Whale phishing is when attackers target the big fish, such as C‐level or very senior IT/security staff. This phishing type takes a little more finesse than the first two types as many firms are also likely to focus their countermeasures at this team of privileged access users. However, the extra effort can have a larger reward as the attacker gets a level of elevated access that takes a lot longer to attain (and more likely to discover) in a typical security breach.Vishing: Rather than email, this type is performed over the telephone and involves social engineering to convince the target it is a legitimate call. The goal is to attain enough information from the call for the attackers to get their target's credentials directly from the call or gain enough information to make guessing it a lot easier.

       Botnets: This cyberattack type is when a network of private computers are infected with malicious software and controlled as a group without the owner's knowledge (e.g., to send spam messages). Kraken, a botnet first discovered in 2008 and on pace to be one of the most successful, has infected over 10 percent of Fortune 500 systems and sends over 500,000 spam emails a day!

       Man‐in‐the‐middle (MitM) attack: Otherwise known as eavesdropping attacks, MitM attacks occur when an attacker is able to insert themselves into a two‐way conversation. When successful, the attacker is then able to filter and steal data from the connection. The most common attack type is via an unsecure, or weakly secured, Wi‐Fi access point; or by installing malware to redirect traffic to a bad actor.

       Denial‐of‐service (DoS) or distributed denial‐of‐service (DDoS): A DoS attack overwhelms or floods a system or network to the point that it makes it unavailable. A DDoS is a case where multiple attackers are performing a DoS. One of the biggest examples of DDoS attack occurred in February 2020 when Amazon Web Services mitigated the biggest such attack recorded to date.

       Brute‐force: When an attacker systematically submits numerous passwords or passphrases until the correct one is found. In 2016, Alibaba was the victim of a successful brute‐force attack that resulted in the loss of 21 million account data records.

       Malware: A term used to describe malicious software and includes worms, ransomware, viruses, spyware/adware, and trojans:Worm: A standalone program that replicates itself to spread to other computers. The most famous worm is the Morris Worm (see Chapter 1).Ransomware: A type of malware that uses encryption to remove a data owner's access so that the attacker can hold the data hostage until the data's owner pays the ransom. There has been a large growth of ransomware, and most cyber intelligence sources СКАЧАТЬ