Penetration Testing with Kali Linux OffSec
|
|
methodology
58 used by the attackers; however, they claim to have first compromised a router to gain access to over 100 servers including the database or databases that contained the affected customer data. This breach could have potentially been prevented by ensuring that all internet-facing resources were properly configured, patched and updated, by monitoring for anomalous user behavior, and by instituting better network segmentation. Private documents such as drivers’ licenses ought to be confidential, because they contain information that can identify individuals. However, not all information possessed by a company is necessarily confidential. For example, T-mobile’s board members are publicly listed on their website. Therefore, if an attack were to divulge that information, it would not be a breach against confidentiality. 3.3.2 Integrity A system has Integrity if the information and functionality it stores is only that which the owner intends to be stored. Integrity is concerned with maintaining the accuracy and reliability of data and services. Merely logging on to a user’s social media account by guessing their password is not an attack against integrity. However, if the attacker starts to post messages or delete information, this would become an integrity attack as well. A common attack against integrity is arbitrary code execution . 59 In January 2022 , 60 researchers identified a new wiper malware, dubbed WhisperGate , being used against Ukrainian targets. This malware has two stages: stage one overwrites the Master Boot Record (MBR) to display a fake ransomware note, while stage two downloads further malware overwriting files with specific extensions, thus rendering them corrupt and unrecoverable. This attack impacts the integrity of data 61 on affected system by overwriting files in an irrecoverable manner, effectively deleting them. In their advisory, Microsoft recommended that potential targets take the following steps to protect themselves: enable MFA to mitigate potentially compromised credentials, enable Controlled Folder Access (CFA) in Microsoft Defender to prevent MBR/VBR tampering, use 57 (T-Mobile, 2021), https://www.t-mobile.com/news/network/additional-information-regarding-2021-cyberattack-investigation 58 (ZDNet, 2021), https://www.zdnet.com/article/t-mobile-hack-everything-you-need-to-know/ 59 (Wikipedia, 2021), https://en.wikipedia.org/wiki/Arbitrary_code_execution 60 (Microsoft, 2022), https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/ 61 (Cisco, 2022), https://blog.talosintelligence.com/2022/01/ukraine-campaign-delivers-defacement.html Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 43 provided IoCs to search for potential breaches, review and validate authentication activity for all remote access, and investigate other anomalous activity. More information about the technical details of the attack has been published by CrowdStrike . 62 . Put simply, integrity is important for an enterprise to protect because other businesses and consumers need to be able to trust the information held by the enterprise. 3.3.3 Availability A system is considered Available if the people who are supposed to access it can do so. Imagine an attacker has gained access to a social media account and also posted some content of their choosing. So far, this would constitute an attack against confidentiality and integrity. If the attacker changes the user’s password and prevents them from logging on, this would also become an attack against availability. A common attack against availability is Yüklə Dostları ilə paylaş:
|