issc421 discussion response 1

I need to respond to the following two students discussions with at least 150 words each. Below in bold are what the students are answering.

Below is a list of common security exploits and attacks. Review the list.

  1. Replay Attacks
  2. Insertion Attacks
  3. Fragmentation Attacks
  4. Buffer Overflow Attacks
  5. XSS Attacks
  6. Man-in-the-Middle Attacks
  7. Hijacking Attacks
  8. Spoofing Attacks
  9. Covert Channels
  10. DoS
  11. DDoS
  12. Botnet Attacks
  13. Social Engineering Attacks

Decide which attack you consider to be the worse kind.

  • List the attack’s name you selected.
  • Explain your reasons for determining this to be the worst kind of attack.
  • Locate an incident in which the attack was used to exploit an organization.
  • List the URL and describe the attack.
  • Provide the outcome, was the attack successful or foiled.
  • What steps were taken (or should be taken) to circumvent this type of attack from happening again?

Student one:

Greetings Class,

Global cybercrime is on the rise impacting nearly every industry across the world. To combat cybercrime, organizations must to take proactive measures to identify the most costly threats. The following are examples of the worst and most costly type of cyber-attacks.

According to the Ponemon institute, the most costly cyber-attacks are from Malware and web-based attacks. In 2018, the cost of cybercrime to the American economy was 27.37 million dollars (Ponemon, 2019). Malware accounted for $2.6 million dollars while web-based attacks accounted for $2.27 million dollars (Ponemon, 2019). This was followed up by Denial-of-Service attacks at 1.7 million dollars and malicious insider attacks at 1.6 million dollars (Ponemon, 2019). Furthermore, malicious insider attacks had the greatest increase in frequency at 15% (Ponemon, 2019). Historically, Malware continues to be the greatest threat to organizations and directly contributes to lost revenue.

One of the worst Malware attacks in 2018 is called Emotet. According to us-cert.gov, “Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors (US-Cert, 2019).” Furthermore, Emotet spreads like a worm through network resources and has costed the governments up to “$1 million per incident to remediate (US-Cert, 2019).”

Like many cyber-attacks, Emotet uses a combination of methods to infect organizations. Typically, Emotet is spread through spearfishing by using malicious URLs within spam e-mails (Trend Micro, 2019). After a user clicks the download link, the malware downloads and executes its payload automatically (Trend Micro, 2019). One example of the Emotet’s abilities occurred at a North Carolina school district, where the school’s workstations were infected (Schafhauser, 2018). The IT staff attempted to re-image the computers but even after re-imaging the computers immediately became re-infected. Overall, estimated damages are $314,00 dollars (Schaffhauser, 2018).

-Regards,

Stephen

References

Ponemon Institute (2019). The Cost of Cybercrime. Retrieved from. https://www.accenture.com/t20190305T185301Z__w__/us-en/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf#zoom=50

US CERT (July 20, 2018) Emotet Malware. Retrieved from https://www.us-cert.gov/ncas/alerts/TA18-201A

Trend Micro (2019) Exploring Emotet’s Activities. Retreived from https://documents.trendmicro.com/assets/white_papers/ExploringEmotetsActivities_Final.pdf

Schaffhauser, Diane (January 2018). NC District hit with Malware costing $314,000 for cleanup. Retrieved from https://thejournal.com/articles/2018/01/12/nc-dist…

Student two:

This week we will decide from a provided list which attack we consider the worse kind: (Replay attacks, Insertion attacks, Fragmentation attacks, Buffer Overflow attacks, XSS attacks, Man-in-the-Middle attacks, Hijacking attacks, Spoofing attacks, Covert Channels, DoS, DDoS, Botnet attacks, or Social Engineering attacks.

List the attacks name: My choice is a combination of spoofing and a DDoS attack.

Explain your reasons for determining this to be the worst kind of attack. Currently spoofing does not have a direct way to be prevented by changing a setting. The reason is that hackers take a good none MAC or IP address and use it as a mask to complete their hack. This way traffic appears to be coming from the correct location. DDoS attacks take a huge network of compromised computers around the globe and use them to spam particular targets in the hopes of overloading their network. Think of this like pop ups to the max, the more you close the more open and the cycle continues forever until you give up or turn the power off. Now instead of a few hundred pop ups, imagine you had a few million constantly popping and you see the problem. In addition to my attack the DDoS portion of the attack has been used to bring down Playstation Network and Xbox Live on the same Christmas Day for over 160 million gamers. When these attacks bring down a website or service they prevent money from being made, cause economic problems during the attack, and put companies in a bad light for not having their system protected enough. Economically it is a loss for all parties involved aside from the hackers.

Locate an incident in which the attack was used to exploit an organization. In my incident an anti-spam company was targeted and then followed up by targeting their security firm CloudFlare’s network provider exploiting a DNS fault using Spoofing and DDoS attacks.

List the URL and describe the attack.

https://mashable.com/2013/03/27/biggest-cyberattack/

Spamhaus is an anti-spam company that sells blacklists to Internet Service Providers (ISP). CloudFlare is Spamhaus’ security firm. Hackers spoofed IP addresses to take down Spamhaus’ network, but since CloudFlare was mitigating the attack spreading the attack out between data centers keeping the website up. The hackers then chose to target CloudFlare’s network provider directly to bring them down and Spamhaus simultaneously. They basically took their botnet army and spoofed IP addresses to the DNS and their resolvers that take you to websites. Doing this allowed the mto take the normal overhead of 100 GBPS and increase their attack speed to 300 GBPS using this method. This attack and the speed at which it was running literally slowed down most of Europe’s Internet service as a whole by impacting the Internet’s physical infrastructure.

Provide the outcome, was the attack successful or foiled.

The attack was successful and yet no one has taken claim for the attack, speculation points to Cyberbunker.

What steps were taken (or should be taken) to circumvent this type of attack from happening again? Spoofing does not currently have a way to be stopped only found and then dealt with. To fix the DNS issue that allowed the attack to complete would require checking for open resolvers on the network and shutting them down immediately so you are not part of the botnet army. Additionally ISP’s should be focused on prevention from their end, this will help minimize the attacks on their customers side while they implement a solution to IP spoofing. Additionally the IT team should be reviewing log files to ensure they can catch any spoofing attempts and have a plan for future attempts.

Scott

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.