Chapter 2 Exploring Cybersecurity Threats

Audio

 

 

Transcript

OK, so let's talk about threat vectors and attack surfaces. SO1A bad guy wants to figure a way into your organization. They have to gain access through some means. Generally is going to be a system or software service that's running. They're looking to discover an attack surface. 

That's what that's called. So that's either through an application or through some service that is running.

Then they must obtain access by exploiting one of those vulnerabilities, using what's called a threat vector. Threat vectors are the means that threat actors use to obtain access. One of the goals of security professionals is to reduce the size and complexity of an attack. So.

Office through effective security measures and risk mitigation services. So we took talked a little bit about shadow it where people download software and hardware that's not approved and This is why network admins don't want you to do that because it makes them vulnerable.

To having software that could be allow the bad guys in, so that is that is something to keep in mind. So let's talk about message based threat vectors. 

So e-mail is one of the most commonly exploited threat vectors. You think of phishing messages, spam messages, other e-mail borne attacks, or simple ways to gain access to an organizations network. These attacks are easy to execute and can be launched against many users simultaneously.

The benefit for the attacker attacker is generally need to succeed only once to launch a broader attack, so you know, maybe I beat them 99 times, but they get through that 100 to somebody you know they're in.

So message based emails of big one phishing and things like that. So then wired networks both attackers may seek to gain direct access to an organization's wired network by physically entering the organization facility. So we talked about the need for security you have.

People that will walk.

In to a facility and start walking around looking for server closets or unmanned computers or, you know, come in at lunchtime. You know, maybe they pretend to be a housekeeping later in the evening or something like that, but they're looking for an unmanned system or some way to get into your.

Your server and they're coming right in through the wired.

Network.

So wireless networks, they all offer an even easier path to an organization's network. Attackers don't need to gain physical access to the network or your facilities if they are able to sit in a parking lot and access your network. So you know, if you have guest Wi-Fi.

That's an easy way in. So I talked earlier about having multiple routers in my house because Xfinity puts out basically a guest. Why?

Phi. We talked about geofencing where you can't access stuff to you're in the building or in a certain location. You know that's a good way to stop that.

Unless you're in hospitality, if you're a regular business, you really don't have a need for guest Wi-Fi. You know they'll live for the hour that they're in the meeting doing stuff with you. Hopefully, if not, you find a way, you know, maybe hotspot or something, but if you're giving them guest Wi-Fi, you're getting them into your network. 

Hopefully you have it set up properly, but.

If you don't, if it's misconfigured, they could get in, so that's something to keep in mind so that systems individual systems may also serve as a threat vector, depending on how they are configured and the software installed on them.

The operating system configuration may expose open service ports that are not necessary to meet business needs or that allow the use of well known default credentials that would never.

Changed so there was a company that does security software.

And they had default passwords on some of their stuff, and they got hacked. This was a couple years ago and.

It was a big uproar in the security community, but you know, even even that a lot of companies, you know, don't go change the default password that may be added in 123. A lot of people when they get home routers don't think to change the default passwords to some.

Thing that somebody can't guess if you have a router in your house, you can go online and Google that specific router and it will tell you what the default password is. That's how easy it is. I could be sitting outside with my laptop and do a Wi-Fi explorer and it tells me what networks. 

Finds and.

A lot of times they'll tell you what router it is or what kind of router.

And then you can Google and oh, it's this, and oh, here's the default passwords. And you know, it gives you the website to go to and you try to link into that and change the password. And then you have access. So that's one of the things there, you know, talk about systems.

Being misconfigured. There are whole companies.

That that's all they do for companies is go in and fix their misconfigurations. That's how big that is in the industry that their entire companies that that is all they do is fix misconfigurations for a company. So that files and images, individual files including images may also be.

Directors an attacker may create a file that contains embedded Melissa's code and then trick a user into opening that file. Activating malware, especially picture.

Ed. So when I was in ethical hacking, we were showing a picture and it was a white screen and in the middle of the screen it was a website with an image in the middle of the screen was a black dot.

So you know that should send up red flags. Why would it be just a black dot in the middle of the picture and it was malware. And so there's all kinds of things that we can can be hidden in pictures, you know codes. It's just, you know, and it's not, it's not exclusive to images.

Nowadays it can be PDFs, it can be word.

It can be all kinds of things, so that's that's something files and images then removable devices. So attackers also commonly use removable media such as USB drives. We talked about that there are companies that you in the network you just can't plug in.

A USB drive you can't plug in removable media. There are no.

DVD writable drives on their computers, just it's a way of protecting themselves, so removable devices, if I have a removable device, I throw it onto my computer. I can copy anything on the network to that it may send off a an alert, but am I out the door and gone before you figured out who it was?

So that's important then cloud cloud services can also be used as an attack vector. Attackers routinely scanned popular cloud services for files with improper access controls.

Systems that have security flaws or accidentally published API keys and passwords. So just because it's in the cloud doesn't mean it's special. All that means is it's stored off site, it's stored, you know there are no magical computers in the cloud. All that means is that somewhere.

There's a computer in a building that's hosting all this information and data.

And.

If you can find it, or you can find access to it, it can be hacked. So then the last thing is supply chain. Sophisticated attackers may attempt to interfere with an organization IT supply chain, including hardware providers, software providers and service providers attacking.

The organization vendors. So if you think about it, if if I as a company order 100 Dells every six, six months through or 100 IBM's through ABC vendor.

And a hacker can get in there and place something on the chip or place something into the machine itself before it goes out the door. How much trouble am I in so supply chain? That is the way to to get to, you know, you without you ever.

Knowing it.

Also, attackers that infiltrate MSPs may be able to use their access to the MSP network to leverage access, so let's talk about what an MSP is. A managed service provider that is someone that manages a service for you. They provide that service that used to be.

Just cyber security. So Nova Coach, my parent company is an MSP. We provide cyber security to 90 or 100 or something like that. Businesses you know some some number like that. But there are companies that provide other services 

So you can get into that third party vendor. Maybe your network can get it. I can attack your network through them instead of having to come straight to you.