In this post, we will cover some of the questions and their relevant answers relating to cyber security and networking.
Question No. 1
According to you, which of the computer security threats can be updated automatically
and remotely?
What are advanced persistent threats?
Provide a scenario example in the context of a recent compromise of any company victim of advance persistent threats.
Also,
critical analysis is necessary from your side regarding how would you tackle the security
threat if you were in that place referring to incident response plan steps.
Solution:
The computer security threat which can be updated automatically and remotely is
zombies.
The definition of a zombie can be stated as a compromised computer that is
connected to the Internet without the user's consent or knowledge and is being controlled by
the attackers for carrying out various malicious activities.
Zombies
are frequently used for carrying out DDoS attacks where attackers slow down and even
crash the website’s servers by providing a large number of requests to a single website
continuously.
Not only DDoS attacks, but attacker also uses zombies for
deploying spam, phishing, and data theft attacks.
An advanced persistent threat is an attack in which an unauthorized user gains access to
a system or network and remains there for an extended period without being
detected.
APT generally does not cause damage to the company network or local machines, its
main motive is data theft.
For several years, the PLEAD APT has been observed targeting Taiwan, with activity
beginning in 2012. It is well-known. Companies in the heavy, technology, government and computer industries will be targeted.
To penetrate target organizations, the
PLEAD APT is known to use spear-phishing techniques. These spear-phishing emails
have become more sophisticated over time, using a variety of techniques as well as social
engineering.
Question No. 2
What is a cyber kill chain?
What are the steps involved in the cyber kill chain?
Discuss a recent
data breach or sabotage scenario based upon a real incident that relates to the cyber kill
chain. Explain.
Solution:
The cyber kill chain is a cyber security model invented by Lockheed Martin which traces the
phases of a cyber-attack, identifies vulnerabilities, and helps security teams to stop the
attack at every stage of the chain it is used by incident response teams, digital
forensic investigators and malware analysts to work in a chained manner.
The term kills chain is adopted from the military where the term is used to
the structure of an attack which consists of identifying the target, dispatching, decision
making, ordering, and destructing the target.
The kill chain can be used
for understanding and combating ransomware, advanced persistent attacks (APTs),
social engineering, data thefts, network breaches, and security breaches.
The steps involved in the cyber kill chain process are mentioned below:
Reconnaissance
The first of the cyber kill chain process is used for gathering information
about the target.
A depth-research is done to find the types of vulnerability
in the system. Scanning of firewalls, and intrusion prevention systems are done to get
a point of entry for the attack.
Types of reconnaissance:
▪ Passive reconnaissance.
▪ Active reconnaissance.
Weaponization
This phase deals with creating a backdoor and penetration plan by utilizing the
information collected from reconnaissance, to activate successful delivery of the
backdoor and exploit the vulnerabilities of the target.
Delivery
This phase is responsible for efficient and effective cyber-attack.
Transmission of
weaponized malware through a phishing email or various other mediums is deployed
to the target by the intruders.
Exploitation
Malicious code is delivered and exploited into the victim’s system to get
confidential data and sensitive information from the attackers.
Installation
A backdoor is installed in the system which provides access to the attacker in the
system.
Command and Control
Intruders gain access to the organization’s system and network.
Attacker change
permission to take over the control of the system by attempting brute force attacks
and searching for credentials.
Actions on Objectives
After gaining full access by the attacker, the real objective of the attacker is started
which includes encryption for ransom, data exfiltration, data destruction, etc.
This scenario describes two hackers breaching the scenario of a U.S. political party.
The email systems were breached multiple times during the U.S. presidential race. The
attackers were APT 28 and 29 who were from Russian civilian and military intelligence
services. The first attack was initiated in the summer of 2015 when the group known as APT 29
sent spear-phishing emails to more than 1,000 addresses where the emails used a common phishing technique and the recipients were tricked into opening what appeared
to be harmless files but were malware instead and the installation of malware was done on
the victim’s system, establishing persistence, escalating privileges, stealing emails from
several DNC accounts and exfiltrating the emails to attackers infrastructure through an encrypted connection. The second attack was done in Spring 2016 by APT 28 using a
different approach by tricking users into sharing their passwords and gathering all
confidential information successfully.
The step involved in the attack is described below in brief:
Reconnaissance
In the first stage, APT 29 collected information about the target.
In the DNC breach, two main
reconnaissance techniques were used which were network scanning and credential
harvesting.
Network scanning was researched on websites that were vulnerable to XSS and
SQL injections whereas credential harvesting involved building pages to harvest
legitimate user credentials which were deployed through a spear-phishing email to get
users to click a link where personal details were displayed.
Weaponization
In this stage, APT 29 embedded malicious macros into files such as PDFs and Microsoft
Word which were sent through spear-phishing emails.
Delivery
In this stage, APT 29 used spear-phishing emails to deliver and infect the targets with
malicious attachments or URLs with malicious payloads.
Exploitation
APT 29 sent some malware that exploited common vulnerabilities and exposures
(CVEs) within a system.
Installation
In this stage, APT 29 sent DNC users a spear-phishing email that had a zip file
attachment.
The zip file had a document with a dropper to install the backdoor to the APT
29 Command and control server.
Command and Control
This stage refers to the communication between APT 29 and the infected system. In this case, the infected system was the DNC servers.
Question No. 3
What is digital steganography?
What are some of the legal and illegal uses of
steganography, provide scenarios with proper references?
Mention and explain briefly 5 different techniques of digital steganography.
Briefly explain any real-time case
study of the use of digital steganography in terrorism.
Solution:
The art of hiding secret messages and information within digital media such as audio files,
video files, digital images, etc.
It works by adding secret bits in files, such as photos or
audio files, with secret data.
Some of the legal and illegal uses of steganography are mentioned below:
Legal Uses
• Digital Watermarking
The technology where the identification information is embedded into the data carrier
in ways that cannot be identified easily and the usage of data will not be affected
is known as digital watermarking.
This technology often protects the copyright of
multimedia data and protects databases and text files.
Digital watermarking helps
in audience monitoring, protecting the content integrity, helps in protection of
content and makes sure that the content is not pirated, used for forensics, user
tracing like the ID of the client is embedded in the sold materials and identification of
packages such as replacement of the bar code on the packaging.
• Copywriting
• Hiding Sensitive Data
Illegal Uses
• Covert Communication
The act of exchanging data/information using a covert channel is known as covert
communication.
It is the type of computer attack/threat which enables the communication between two different systems which were not allowed to
communicate because of the system network/policy.
The covert channel cannot be
identified easily as it uses illegal data transfers whereas it can be detected by the
continuous monitoring performance of the system.
The covert channel includes
different threats like data theft, malicious attacks, and data loss.
• Terrorism
The five different techniques of digital steganography are described below in detail:
Spatial Domain Method
In this method, the secret data is embedded directly in the intensity of pixels.
While
hiding data some pixel values of the image are changed directly.
These techniques
are classified into various categories which are listed below:
▪ LSB
This method is commonly used for hiding data.
The least significant bits of
image pixels with the bits of secret data are embedded in this method.
The
image obtained after embedding is almost similar to the original image because
the change of image pixel using LSB does not bring many differences in the
image.
▪ BPCP
Images are used by measuring their complexity in this segmentation where the noisy block is determined by the complexity.
Binary patterns mapped from secret data replace the noisy blocks of bit plans here.
▪ PVD
Two consecutive pixels are selected for embedding the data in this method.
The difference between two consecutive pixels is checked for determining the
payload which serves as the basis for identifying where two pixels belong to
an edge area or smooth area.
Spread Spectrum Technique
Secret data is spread over a wide frequency bandwidth in this method.
The ratio
of signal to noise in every frequency band must be so small that it should become
difficult to detect the presence of data.
It is a very robust technique mostly used in
military communication.
Statistical Technique
By changing the several properties of the cover message is embedded which
involves the splitting of the cover into blocks and then embedding one message bit in
each block.
Modification of the cover bit is done only when the size of the message bit is
one otherwise it is not modified.
Distortion Technique
By distorting the signal secret message is stored in this technique.
The encoder applies a sequence of modifications to the cover.
To detect the sequence of
modifications and consequently recover the secret message, the decoder
measures the differences between the original cover and the distorted cover.
Masking and Filtering
Information is hidden by marking an image in this technique.
Watermark becomes
the potion of the image whereas steganography only hides the information.
Rather
than hiding the information at the noise level, these techniques hide the confidential information in more significant areas.
This method is basically used for 24-bit and
greyscale types of images.
A real-time case study of digital steganography is discussed below in brief:
In May 2011, a suspected Al-Qaeda member, Masqood Lodin was arrested in Berlin who
was 22-year-old. The person was traveling from Pakistan to Berlin through Hungary when
Berlin police arrested him. After the investigation done by the police, a USB memory
containing one video with pornographic content and a file with the explicit title was found in
the terrorist underpants. Hidden text files which contained detailed information about Al-Qaeda operations and plans for future operations were extracted out of videos with the
help of computer forensic experts from the German Federal Criminal Police. The extracted
document contained plans to attack cruise ships as a distraction while other attacks were
initiated in Europe, then PDF terrorist training manuals in German, English, and Arabic
were also found. The files were hidden inside the digital steganography technique but not
encrypted. With a lot of effort, German specialists worked for several weeks to extract all
hidden data successfully.
Question No. 4
What is Social Engineering? Explain the different techniques of it.
Solution:
The art of exploiting human psychology rather than using technical hacking techniques to
gain access to confidential data, sensitive information, or buildings is known as social
engineering.
The three distinct techniques of social engineering are:
Phishing
Phishing attack tries to extract personal information through digital means such as
malicious emails that appear to be from legitimate sources and websites.
The nature of
this attack is to manipulate victims creating a sense of emergency in a way that challenges the good judgment and tries to make a greater number of victims as possible.
Tailgating
Tailgating is the act of following an unaware human target who has legal access to a
restricted space through a secure door.
The intruder may request that the victim keep the
door open, or he or she may simply reach for it and enter until it closes.
Given that safety
and health laws have recently prohibited smoking on company grounds, this is an
increasingly successful tactic because it allows for social engineering to tailgate groups
of smokers.
Eavesdropping
If only approved employees are expected to be present, employees within an organization
can simply discuss confidential matters out loud.
Threat actors can take advantage of
security vulnerabilities simply by being in the right position at the right moment.
However,
attackers can listen in on communication networks such as e-mails and phone lines in
advance.
Quid pro quo
This is a typical social engineering attack used by low-level criminals.
These attackers do
not use specialized techniques and do not conduct background analysis on their goals.
These criminals will continue to call random numbers, pretending to be from technical
help and offering assistance.
They sometimes come across people who have genuine
technological issues.
Pretexting
Pretexting is a form of social engineering in which an attacker attempts to persuade a
victim to hand over sensitive data or access to a service or device.
This type of attack is
distinguished by the scammers' creation of a narrative or excuse to deceive the
victim.
In most cases, the perpetrator is cast in the position of someone in authority with
access rights.
I think it is pretexting as the person is pretending to become a communication line trouble-shooter and trying to enter the building.
In pretexting, one makes up the story of becoming
someone and using it to get information from somebody and in this case, the person is
exactly trying to do the same thing by pretending to be someone and trying to enter the
demilitarized zone for gathering confidential information and sensitive data.
The most effective way to reduce social engineering attacks are:
• By enabling multi-factor authentication which helps in making the security system
stronger.
• By continuously monitoring the critical system which is vulnerable it helps
save from threats like Trojan.
• By regularly checking and updating security patches with the latest versions and
maintaining the system up to date.
• By enabling spam filter which provides vital services in protecting the system from
social engineering attacks.
• By performing penetration testing in the system which helps in identifying and
concentrating on vulnerable systems and protecting them.
Question No. 5
What is Back Engineering?
Solution:
Reverse engineering, also known as back engineering, is a technique for extracting
design knowledge from software, computers, aircraft, architectural structures, and other
products.
Reverse engineering also entails dismantling individual components of larger
items. The reverse engineering method allows you to figure out how a component was
made so that one can improve it.
The reverse engineering method gets its name from the fact that it involves going
backward through the design process.
However, you may have little understanding of
the engineering methods used to create the product.
As a result, the task is to
disassemble the product piece by piece or layer by layer to obtain a working knowledge
of the original design.
1 Comments
Nice Information
ReplyDeleteFeel Free To Ask Any Queries?