Cybersecurity tutorial walks you through the steps and procedures of implementing Cybersecurity. This tutorial is a general guideline for Cybersecurity presenting an overview to all aspects of cybersecurity.
The Lifecycle of An Attack
Attack strategies have evolved since the old days, instead of a direct attack towards a valuable server or asset, the attackers take their time to perform multi-layer process that mixes exploits, malware, and evasion into an uncompleted corresponding network attack. For instance, an attack usually starts with tempting a person to open an infected link. The resulting page distantly manipulates the individual, obtains source access on the user’s computer, and downloads malware to the user’s computer in the background. Such malware later behaves as a control point within the network, enabling the attacker to expand the attack by discovering other resources in the internal network, rising opportunities on the infected machine, and/or creating unauthorized administrative accounts.
The essence is that in place of malware and network manipulates being independent controls as they were previously, they are now combined into a developing process. Moreover, malware or an exploit is not the final step unto itself, but allows the next step of an escalating complex attack plan. Malware, which is adjusted to inhibit identification, offers a distinct attacker with a mechanism of persistence, and the network allows the malware to adjust and responds to the environment it has affected. Main elements of the progressive attack strategy compromises of infection, persistence, communication, command, and control.
- Cyber Infection
Infection often has a social aspect, such as getting users to click on a bad link in a phishing e-mail, luring them to a social networking site, or sending them to a web page with an infected image, for instance.
It is crucial to comprehend how really malware and exploits have become so combined in the sophisticated attack lifecycle. Exploits targeted vulnerabilities on servers that were directly directed. Most exploits nowadays are applied to break a planned system to affect it with malware: an exploit is run, resulting in a buffer overflow, allowing the attacker to receive shell access. With shell access, the attacker can provide almost any payload. The first step would be to exploit the target, then bring the malware in the background across the use or link that is now exposed. This is considered as a drive-by-download and is different from the most usual delivery systems for complicated malware today.
- Cyber Persistence
Once a target system is under attack, the attacker requires certifying persistence, which is the flexibility or survivability of his position in the network. In order to do that, rootkits and bootkits are usually implemented on the affected machines. A rootkit is defined as malware that offers authorized access to a computer. A bootkit is considered as a kernel-mode variant of a rootkit, normally applied to attack computers that are secured by full-disk encryption.
Backdoors allow an attacker to detour normal verification protocols to obtain admission to a compromised system. Backdoors are sometimes implemented as failover in case other malware is identified and eliminated from the system.
Finally, anti-AV malware can be established to deactivate any legally installed antivirus software on the compromised machine, thus inhibiting automatic identification and elimination of malware that is consequently mounted by the attacker. Many anti-AV programs operate by corrupting the Master Boot Record (MBR) of a target machine.
Communication is essential to an effective APT. In other words, if you can’t interact, then organizing a long-term complicated attack is almost impossible. Attackers must be able to interact with other being-attacked systems or controllers to make command and control possible, and to get out the stolen information from a target mechanism or network. Attack communications must be sneaky and not elevate any wariness on the network. This traffic is normally obscured or latent across techniques that include:
- Encryption with SSL, SSH (Secure Shell), or some other custom application.
- Circumvention through proxies, remote desktop access tools, or by channeling applications throughout other legit applications or procedures.
- Port evasion by the use of network anonymizers or port hopping to channel over open ports.
- Fast Flux (or Dynamic DNS) to proxy within several infected hosts, redirect traffic, and make it extremely difficult for scientific teams to discover where the traffic is truly heading.
- Command and Control
Command and control ensure that the attack is under control, manageable, and updateable. Such is often achieved via normal applications including webmail, social media, P2P networks, blogs, and message boards. Command-and-control traffic doesn’t project or increase suspicion, but is encrypted and regularly applies backdoors and proxies.
The Central Role of Malware
Attack techniques have grown and malware now has a great impact on a primary role in the cybercriminal’s armory and in the lifecycle of an attack. Attackers have established new techniques for bringing in malware, hiding malware communications (with encryption), and inhibiting traditional signature-based identification.
Key Security Points
- Communication is the most vital requirement to an attack.
- The framework, more than the functionality, is the threat
- Threats present across multiple disciplines, so must be the security
- Security must expand outside the boundaries
Malware Main Characteristics
- Dispersed and flaw-resistant
- Insistent and smart
Threats to the Enterprise
- Targeted intrusions
- Distributed denial-of-service attack (DDoS)
Malware Delivery Applications
- File transfer apps
- Instant messaging
- Social media platforms
- Workflow and collaboration applications
Tricks to Hide
- Nonstandard ports and port hopping
- SSL encryption
- Anonymizers and circumventors
- Encoding and obfuscation
Ineffective Conventional Network Controls
- Intrusion prevention
Implementing Next-Generation Firewalls
- Reducing the attack surface
- Controlling advanced malware-enabling applications
- Actively testing unknown files
- Preventing application of circumventors
- Investigating any unknown traffic
Smart Protective Policies
- Application controls
- User controls
- Network controls
- Endpoint controls
Best Practices for Controlling Advanced Persistent Threat (APTs)
- Making sure of the visibility
- Limiting high-risk applications
- Selectively decrypting and reviewing SSL traffic
- Blocking URLs famous to host malware and exploits
- Implementing drive-by-download protection
- Blocking known exploits and malware
- Restricting traffic for usual applications to default ports
- Examining network and application events in context
- Investigating the unknowns
How Can You Learn More About Cybersecurity?
TONEX offers a range of various hands-on training course in the field of cybersecurity: