Penetration Testing with Kali Linux OffSec
|
|
attack surface
32 describes all the points of contact on our system or network that could be vulnerable to exploitation. An attack vector 33 is a specific vulnerability and exploitation combination that can further a threat actor’s objectives. Defenders attempt to reduce their attack surfaces as much as possible, while attackers try to probe a given attack surface to locate promising attack vectors. 3.2.3 Threat Actor Classifications The previous section introduced threats and threat actors. Cybersecurity professionals are chiefly interested in threat actors since typically, most threats that our systems, networks, and enterprises are vulnerable to are human. Some key attributes of cybercrime compared to physical crime include its relative anonymity, the ability to execute attacks at a distance, and (typically) a lack of physical danger and monetary cost. There are a wide variety of threat actors. Different people and groups have various levels of technical sophistication, different resources, personal motivations, and a variety of legal and moral systems guiding their behavior. While we cannot list out every kind of threat actor, there are several high-level classifications to keep in mind: Individual Malicious Actors : On the most superficial level, anyone attempting to do something that they are not supposed to do fits into this category. In cybersecurity, malicious actors can explore digital tactics that are unintended by developers, such as authenticating to restricted services, stealing credentials, and defacing websites. The case of Paige Thompson 34 is an example of how an individual attacker can cause extreme amounts of damage and loss. In July 2019, Thompson was arrested for exploiting a router which had unnecessarily high privileges to download the private information of 100 million people from Capital One. This attack lead to the loss of personal information including SSNs, account numbers, addresses, phone numbers, email addresses, etc. This attack 35 was partly enabled by a misconfigured Web Application Firewall (WAF) that had excessive permissions allowing it to list and read files. The attack could have been prevented 36 by applying the principle of least privilege and verifying correct configuration of the WAF. Since the attacker posted about their actions on social media, another mitigation could have been social media monitoring. 31 (Wikipedia, 2022), https://en.wikipedia.org/wiki/Exploit_(computer_security) 32 (Wikipedia, 2022), https://en.wikipedia.org/wiki/Attack_surface 33 (Wikipedia, 2022), https://en.wikipedia.org/wiki/Attack_vector 34 (DOJ, 2019), https://www.justice.gov/usao-wdwa/pr/former-seattle-tech-worker-convicted-wire-fraud-and-computer-intrusions 35 (Krebs, 2019), https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/ 36 (EJJ, 2019), https://ejj.io/blog/capital-one Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 37 Malicious Groups : When individuals band together to form groups, they often become stronger than their individual group members. This can be even more true online because the ability to communicate instantly and at vast distances enables people to achieve goals that would have been impossible without such powerful communication tools. For example, the ability to quickly coordinate on who-does-what over a instant messaging services is just as valuable to malicious cyber groups as it is to modern businesses. Malicious groups can have any number of goals, but are usually more purposeful, organized, and resourceful than individuals. Thus, they are often considered to be one of the more dangerous threat actors. Let’s examine an example of a group-led attack. Over the span of a number of months, the Yüklə Dostları ilə paylaş:
|