Penetration Testing with Kali Linux OffSec
|
|
incident
48 occurred at Colonial Pipeline, a major American oil company. The attack lead to the disruption of fuel distribution for multiple days. This attack resulted in a loss of corporate data, the halting of fuel distribution, millions of dollars in ransomware payments, increased fuel prices, and fuel shortage fears. 46 (Forbes, 2019), https://www.forbes.com/sites/leemathews/2019/09/06/toyota-parts-supplier-hit-by-37-million-email- scam/?sh=30c5dafa5856 47 (FBI, 2022), https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise 48 (ZDNet, 2021), https://www.zdnet.com/article/colonial-pipeline-ransomware-attack-everything-you-need-to-know/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 40 In this attack, hackers gained access to Colonial Pipeline’s network with a single compromised password. This attack could have been prevented 49 or at least made less likely by ensuring that MFA was enabled on all internet-facing resources, as well as by prohibiting password reuse. Credential Abuse : Credential Abuse can occur when an attacker acquires legitimate credentials, allowing them to log into machines or services that they otherwise would not be able to. Often, attackers are able to guess user passwords because they are predictable or weak. In December 2020 , 50 a series of malicious updates had been discovered in the SolarWinds Orion platform, an infrastructure monitoring and management tool. These malicious updates allowed malware to be installed on the environment of any SolarWinds customer that installed this update and led to the compromise of a number of these customers, including universities, US government agencies, and other major organizations. As a supply-chain attack, this attack affected approximately 18,000 SolarWinds customers and led to the breach of a subset of customers including government agencies and other major companies. According to former SolarWinds CEO Kevin Thompson, this attack resulted from a weak password 51 that was accidentally exposed publicly on Github. This attack could have been prevented 52 by ensuring that passwords are sufficiently strong and by monitoring the internet for leaked secrets. CISA has also stated that this attack could have been mitigated by blocking outbound internet traffic from SolarWinds Orion servers. Authentication Bypass : While Credential Abuse allows attackers to log in to services by legitimate means, Authentication Bypasses can allow attackers to ignore or step-around intended authentication protocols. Similar to the above SolarWinds attack, on July 2 2021 53 an attack was detected that took advantage of a vulnerability in software vendor Kaseya’s VSA remote management tool. Attackers were able to bypass the authentication system of the remote tool to eventually push REvil ransomware from compromised customer Virtual System Administrator (VSA) servers to endpoints via a malicious update. Since this attack targeted a number of Managed Service Providers (MSPs), its potential scope encompassed not only the MSP customers of Kaseya, but also the customers of those MSPs. According to Brian Krebs , 54 this vulnerability had been known about for at least three months before this ransomware incident. This attack could have been prevented by prioritizing and fixing known vulnerabilities in an urgent and timely manner. 3.3 The CIA Triad This Learning Unit covers the following Learning Objectives: • Understand why it’s important to protect the confidentiality of information 49 (CISA, 2022), https://www.cisa.gov/stopransomware/how-can-i-protect-against-ransomware 50 (BBC, 2020), https://www.bbc.com/news/technology-55321643 51 (ZDNet, 2021), https://www.zdnet.com/article/solarwinds-security-fiasco-may-have-started-with-simple-password-blunders/ 52 (SC Media, 2021), https://www.scmagazine.com/news/security-news/could-better-cyber-hygiene-have-prevented-the-solarwinds- attack 53 (ZDNet, 2021), https://www.zdnet.com/article/updated-kaseya-ransomware-attack-faq-what-we-know-now/ 54 (Krebs, 2021), https://krebsonsecurity.com/2021/07/kaseya-left-customer-portal-vulnerable-to-2015-flaw-in-its-own-software/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 41 • Learn why it’s important to protect the integrity of information • Explore why it’s important to protect the availability of information In order to understand offensive techniques, we need to understand the principles defenders should follow so that we can quickly identify opportunities to exploit their mistakes. Similarly, good defenders will benefit from understanding how attackers operate, including what kinds of biases and errors they are prone to. One of the models often used to describe the relationship between security and its objects is known the Yüklə Dostları ilə paylaş:
|