Penetration Testing with Kali Linux OffSec
|
|
NCC Group
42 suggests the following steps to prevent or mitigate attacks from the Lazarus group: network segmentation, patching and updating internet facing resources, ensuring the correct implementation of MFA, monitoring for anomalous user behavior (example: multiple, concurrent sessions from different locations), ensuring sufficient logging, and log analysis. 3.2.4 Recent Cybersecurity Breaches While the above section focused on who performs attacks, in this section we’ll cover different kinds of breaches that have occured in the last few years. We’ll analyze some more recent cybersecurity attacks, discuss the impact they had on enterprises, users, and victims, and then consider how they could have been prevented or mitigated. There are many examples of recent breaches to choose from. For each breach, we’ll indicate the kind of attack that allowed the breach to occur. This list by no means represents a complete survey of all types of attacks, so instead we’ll aim to provide a survey highlighting the scope and impact of cybersecurity breaches. Social Engineering : Social Engineering represents a broad class of attacks where an attacker persuades or manipulates human victims to provide them with information or access that they shouldn’t have. In July 2021, attackers used a social engineering technique called spearphishing 43 to gain access to 44 an internal 45 tool that allowed them to reset the passwords of a number of high-profile accounts. They used these accounts to tweet promotions of a Bitcoin scam. The impacts of this 41 (NCCGroup, 2022), https://www.nccgroup.com/us/the-lazarus-group-north-korean-scourge-for-10-years/ 42 (NCCGroup, 2022), https://www.nccgroup.com/us/the-lazarus-group-5-measures-to-reduce-the-risk-of-an-attack/ 43 (CrowdStrike, 2022), https://www.crowdstrike.com/cybersecurity-101/phishing/spear-phishing/ 44 (BBC, 2020), https://www.bbc.com/news/technology-53607374 45 (Twitter, 2020), https://blog.twitter.com/en_us/Modules/company/2020/an-update-on-our-security-incident Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 39 attack included financial losses for specific Twitter users, data exposure for a number of high- profile accounts, and reputational damage to Twitter itself. To understand potential prevention and mitigation, we need to understand how and why the attack occurred. The attack began with phone spearphishing and social engineering, which allowed attackers to obtain employee credentials and access to Twitter’s internal network. This could have been prevented had employees been better equipped to recognize social engineering and spearphishing attacks. Additional protections that could have prevented or mitigated this attack include limiting access to sensitive internal tools using the principle of least privilege and increased monitoring for anomalous user activity. Phishing : Phishing is a more general class of attack relative to spearphishing. While spearphishing attacks are targeted to specific individuals, phishing is usually done in broad sweeps. Phishing strategy is usually to try to send a malicious communication to as many people as possible, inreasing the likelihood of a victim clicking a link or otherwise doing something that would compromise security. In September 2021, a subsidiary of Toyota acknowledged that they had fallen prey to a Business Email Compromise (BEC) 46 phishing scam. The scam resulted in a transfer of ¥ 4 billion (JPY), equivalent to roughly 37 million USD, to the scammer’s account. This attack occurred because an employee was persuaded to change account information associated with a series of payments. The United States Federal Bureau of Investigation (FBI) 47 recommends these and other steps be taken to prevent BEC: • Verify the legitimacy of any request for payment, purchase or changes to account information or payment policies in person. • If this is not possible, verify legitimacy over the phone. • Be wary of requests that indicate urgency. • Carefully inspect email addresses and URLs in email communications. • Do not open email attachments from people that you do not know. • Carefully inspect the email address of the sender before responding. Ransomware : Ransomware is a type of malware that infects computer systems and then locks a legitimate user from accessing it properly. Often, users are contacted by the attacker and asked for a ransom in order to unlock their machine or documents. In May 2021, a ransomware Yüklə Dostları ilə paylaş:
|