Threat Landscape
Reasons / Motives for Attacks
- Disrupting business continuity
- Damaging reputation of the target
- Information theft
- Espionage
- Manipulating data
- Public Attention
- Terrorism
- Commercial Intentions
- Personal Satisfaction
- Revenge
Phases of a Network Attack
| Phase | Description |
|---|---|
| Spy | First, an attacker learns about his target using publicly accessible information, then performs active scans against the network and systems to determine its vulnerabilities. |
| Penetration | In the next step the attacker tries to exploit one or more identified vulnerbilities to gain a foodhold into the network and systems. |
| Elevation of Privileges | After having access to a system, the attacker tries to elevate his privileges to gain administrative or system privileges. |
| Attack | Here the attacker tries to do his malicious steps by stealing data, change information, etc. |
| Covering Tracks | After a successful attack the attacker tries to cover his tracks so his actions and identity cannot be traced back. |
Types of Attackers
| Term | Description |
|---|---|
| Hacker | Three main types of Hackers: Black Hat (Bad Guy, illegal actions, malicious intentions), Grey Hat (sometimes good, sometimes evil - depending on situation), White Hat (Good Guy, acts legal and ethical) |
| Script Kiddie | Mainly younger computer freaks with less nowledge about computer systems and networks. Only use programs and exploits created by others. |
| Spy | Acts on behalf of companies and governments. Mainly interested in company secrets. |
| Tracker | Hacks systems to utilize their computing power and bandwith to upload and offer pirated software, movies, etc. |
| Consulter | Uses his knowledge to support companies by identifying their vulnerabilities and offers solutions for remediation. (White Hat) |
| Cracker | Breaks copy protection of software and multimedia and creates Serial Number Generatiors (KeyGens) to distribute them over the internet. |
| Spammer | Hacks computer systems to utilize them as Mail Relays to distribute their Spam campaigns |
Attack Vectors
| Attack Vector | Description |
|---|---|
| Cloud Computing Threats | Cloud computing stores and processes sensitive data of organizations and clients. |
| Advanced Persistent Threats | A complex, targeted and effective attack on corporations. Focus on stealing information from the victims machine. |
| Viruses and Worms | Most prevalent networking threat. Capable of infecting a network within seconds. |
| Mobile Threats | Mobile devices are increasingly used for business and personal use and often have lesser security controls. |
| Botnet | A network of compromised computers abused to perform various network attacks. |
| Insider Attack | Attack performed by an entrusted person who has authorized access to a network or system. |
Types of Security Threats
| Threat | Description | Example |
|---|---|---|
| Spoofing | Pretending false identities | Faking of IP Addresses or Emails |
| Tampering | Falsification of information / data | Changing of data during a transmission or of a file. |
| Repudiation | Denying of actions | Deleting a file and denying the action. |
| Information Disclosure | Access to information that should not be publicy accessible | Disclosure of information like Core Dumps, Code, Error Logs, etc. |
| Denial of Service | Make a service unresponsive | Flooding a web service with so much data that the webserver is no longer able to deliver web content |
| Elevation of Privileges | Getting more permissions than allowed | Utilization of Buffer Overflows to get system privileges |
Threat Categories
Network Threats
- Information Gathering
- Sniffing and Eavesdropping
- Spoofing
- Session Hijacking and Man-in-the-Middle Attack (MitM)
- DNS and ARP Poisoning
- Password-based attacks
- Denial-of-Service attacks
- Compromised-key attacks
- Firewall anf IDS attacks
Host Threats
- Malware attacks
- Footprinting
- Password attacks
- Denial-of-Service attacks
- Arbitrary code execution
- Unautorized attacks
- Privilege escalation
- Backdoor attacks
- Physical security threats
Application Threats
- Improper data / input validation
- Authentication and Authorization attacks
- Security misconfiguration
- Information disclosure
- Broken session management
- Buffer Overflow issues
- Cryptography attacks
- SQL Injection
- improper error handling and exception management
Security Reports
| Name | Link |
|---|---|
| Secunia Vulnerability Review | http://secunia.com/vulnerability-review/ |
| Micrsoft Security Intelligence Report | http://www.microsoft.com/security/sir/default.aspx |
| BSI Lageberichte der IT-Sicherheit (german) | https://www.bsi.bund.de/DE/Publikationen/Lageberichte/bsi-lageberichte.html |
| Internet Crime Current Report | http://www.ic3.gov |
| Data Breach Investigations Report | http://www.verizonbusiness.com |
Statistics
Maware
| Site | Link |
|---|---|
| Trustwave - Malware Statistics | https://www.trustwave.com/support/labs/malware-statistics.asp |
Software Usage
| Site | Link |
|---|---|
| NetMarketShare | http://marketshare.hitslink.com/ |
Spam
| Site | Link |
|---|---|
| Spamhaus - Top 10 Worst | http://www.spamhaus.org/statistics/countries/ |
| Trustwave - Spam Statistics | https://www.trustwave.com/support/labs/spam_statistics.asp |
Current Attacks
| Name | Link | |
|---|---|---|
| Zone-H (Overview of current webattacks) | http://www.zone-h.org/archive/published=0 [ongoing] \ | http://www.zone-h.org/archive [finished] |