Module 2: Threats, Attacks, and Vulnerabilities

Cybersecurity begins with understanding the threats and vulnerabilities an organization may face. This module covers the different types of threats, common attacks, and strategies for managing vulnerabilities effectively.

1. Understanding Threats

Types of Attackers

1. Script Kiddies:
   • Unskilled individuals who use pre-written scripts or tools to carry out attacks.
   • Example: Using a free Distributed Denial of Service (DDoS) tool to overwhelm a small website.
2. Insiders:
   • Employees or contractors with legitimate access who misuse their privileges.
   • Example: An employee copying sensitive data to a USB drive and sharing it with competitors.
3. Hacktivists:
   • Cyber attackers driven by political, social, or ideological motives.
   • Example: Defacing a government website to protest policies.
4. Cybercriminals:
   • Organized groups focused on financial gain through theft or extortion.
   • Example: Launching ransomware attacks to demand payment in cryptocurrency.
5. Nation-State Actors:
   • State-sponsored attackers aiming to disrupt or spy on other countries.
   • Example: A nation-state launching a cyber-espionage campaign to steal defense secrets.

Common Threat Vectors

1. Email: Phishing attacks use malicious emails to steal credentials or deliver malware.
2. Websites: Drive-by downloads exploit vulnerabilities in browsers or plugins.
3. Removable Media: USB drives infected with malware.
4. Unpatched Software: Attackers exploit outdated systems lacking security updates.

2. Types of Attacks

Social Engineering Attacks

1. Phishing: Deceptive emails designed to trick users into revealing sensitive information.
   • Example: An email pretending to be from a bank, asking the recipient to log in via a fake link.
2. Pretexting: Creating a fabricated scenario to steal information.
   • Example: Posing as IT support to get an employee’s login credentials.
3. Tailgating: Following an authorized person into a restricted area.
   • Example: An attacker gains physical access to a server room by following an employee who uses their keycard.

Malware Types

1. Viruses: Malicious programs that replicate and spread.
   • Example: The Melissa virus, which spread via email attachments.
2. Worms: Standalone malware that spreads without user intervention.
   • Example: The WannaCry ransomware worm.
3. Ransomware: Encrypts data and demands payment for decryption keys.
   • Example: CryptoLocker ransomware attack.

Network Attacks

1. Distributed Denial of Service (DDoS): Overwhelming a network or server with traffic.
   • Example: Botnets flooding an online store during a sale event.
2. Man-in-the-Middle (MitM): Intercepting communications between two parties.
   • Example: Intercepting unencrypted emails on a public Wi-Fi network.
3. ARP Poisoning: Spoofing MAC addresses to redirect traffic to a malicious system.
   • Example: Redirecting internal communications to a rogue device.

Cryptographic Attacks

1. Replay: Reusing valid data transmission to trick systems.
   • Example: Capturing a legitimate login session and reusing it to bypass authentication.
2. Brute Force: Attempting all possible password combinations to gain access.
   • Example: Cracking a poorly secured admin account using an automated tool.

3. Vulnerability Management

Common Vulnerabilities and Exploits

1. Outdated Software:
   • Example: Exploiting old versions of Windows vulnerable to EternalBlue.
2. Weak Passwords:
   • Example: Brute-forcing accounts with predictable passwords like “123456.”
3. Misconfigured Systems:
   • Example: Leaving default credentials on a router, allowing attackers to gain administrative access.

Tools for Vulnerability Assessment

1. Nessus:
   • What it Does: A widely used vulnerability scanner that identifies misconfigurations, outdated software, and missing patches.
   • Example Use Case: Scanning a corporate network to detect systems vulnerable to WannaCry ransomware.
2. OpenVAS:
   • What it Does: Open-source tool that performs comprehensive vulnerability scanning and reporting.
   • Example Use Case: Evaluating a web server to find outdated SSL/TLS protocols.

Vulnerability Management in Action

Let’s consider a practical scenario:

• Situation: A financial institution wants to secure its network.
• Step 1: Use Nessus to scan all devices for vulnerabilities.
• Step 2: Identify outdated firewalls and software.
• Step 3: Mitigate risks by applying patches and reconfiguring firewalls.
• Step 4: Use OpenVAS to validate fixes and ensure no critical vulnerabilities remain.

By understanding threats, recognizing attacks, and managing vulnerabilities, you build a robust defense against cybersecurity challenges. In the next module, we’ll dive into “Architecture and Design“ to explore how secure systems are built.