The implementation of policies, practices, and technology to enable positive identification of people, devices, and applications.
Understanding authentication is critical for establishing a secure environment because you must reliably know the identity of the people, devices, and applications accessing your resources in order to properly govern access and permissions.
An attack that targets the buffer memory of a device or program by sending more data than the program can handle, thereby writing the extra data into a nearby memory location, which could allow an attacker to run a piece of malicious code.
If software is not properly patched or designed with secure coding principles from the start, these types of malicious attacks can cause great harm by allowing programs or external parties to access protected nodes or information.
A buffer overflow can be explained by the old adage that you can’t put 10 pounds of potatoes in a 5-pound bag. When too much data is written to a block, it can overwrite adjacent memory leading to data corruption. A program or device can crash or an attacker can insert malicious code into the overwritten memory and try to execute it.
Because buffer overflow attacks exploit weaknesses in the design of hardware or firmware, defending against such attacks must begin in the early design stages of product development. Because such attacks can potentially give attackers the ability to gain administrator privileges, damage databases, or steal data, mitigating the threat of buffer overflow attacks should have a high priority.
Correctly patching devices, including updating firmware on network equipment, is essential to protect against these types of attacks. When developing products, your best defense is to follow industry best practices for design, development, testing, and code review. Reviewing a program or website for security vulnerabilities before it is placed into production may take a few extra steps, but it will save money if it prevents your system from being exploited. An ounce of prevention is worth a gallon of protection.
A simple buffer overflow attack can take down a web page, a database server, a content management system, or a mail server. The recent Meltdown and Spectre vulnerabilities have shown that buffer overflow attacks have the potential to open up systems to devastating attacks(Claburn 2017)(Newman 2018). These vulnerabilities have been identified in processors manufactured by Intel, AMD, and ARM, which are in a considerable number of computers and devices, including phones, tablets, laptops, and servers.
Shawn Connelly holds two master’s degrees, one in cybersecurity and information assurance and another in IT management. He holds his Certified Information Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Cisco Certified Network Professional (CCNP), VMware Certified Professional (VCP), VCP-NSX, and six Microsoft Certified Solutions Expert (MCSE) certifications. Shawn has worked for more than 20 years in IT, including the last five years as a director of security.
Term: Buffer Overflow Attack
Email: shawnconnelly1@gmail.com
Twitter: @VirtualizationG
LinkedIn: linkedin.com/in/virtualizationg
A form of malware whose purpose is not to damage an environment, but rather to persist undetected and harvest data such as intellectual property or customer data.
Advanced persistent threats are significant because they represent a different modus operandi for hackers, where persistence is key to the operation of the malware, and the objective is data theft.
Advanced persistent threats (APT) are dangerous because they can remain undetected while harvesting critical customer or intellectual property data from the target organization. Depending on the type of data harvested, a company can suffer significant damage to its reputation and be exposed to serious legal consequences.
Most APTs are delivered by social-engineering mechanisms, such as targeted campaigns or spear phishing against an organization. Once a system has been compromised, the APT seeks not only to persist, but to discover, proliferate, elevate privileges, and remain undetected.
The ultimate goal is to extract targeted information from the victim in a manner that is difficult to detect by ordinary detection and incident response methods, generally using encryption to blend in as ordinary HTTPS traffic.
An APT can persist for months or, in extreme cases, years without detection, sending data to its command and control structure only when a certain set of criteria are met.
APTs have evolved into more malicious types of malware, such as remote access trojans (RAT) and, potentially more devastating, various forms of ransomware. At the root of each of these advanced forms of APT you can still find the original elements of APT: increased levels of encryption for command and control, malware that is aware of sandboxes and other containment technologies, and better subversion techniques. These elements have made APTs the current method of choice for cybercriminals.
Business professionals should ensure that their cybersecurity specialists understand and employ the tactics, techniques, and procedures required to detect these exploits(Fireeye).
Paul Brager, Jr., M.Sci, Certified Information Systems Security Professional (CISSP), Global Industrial Cyber Security Professional (GICSP), Certified Information Security Manager (CISM), has been a contributing member of the cybersecurity community for over 20 years, specializing in security architecture, industrial cybersecurity, and digital forensics and incident response. He has extensive experience in the oil and gas, manufacturing, chemical, and telecommunications sectors, having held various leadership roles throughout his career.
Term: Advanced Persistent Threat
Email: professorbrager@outlook.com
Twitter: @ProfBrager
LinkedIn: linkedin.com/in/professorbrager
A network of computers that have been infected by a malicious software program -- a bot -- which turns them into zombie machines that can be remotely controlled by an attacker without the zombie machine owner’s knowledge.
Cyber criminals use botnets, which can contain from 100 to over 100,000 zombies, as free resources to execute attacks. A botnet can execute Distributed Denial of Service (DDoS) attacks, store illegal content, and send spam, viruses, phishing email, and spyware.
Malicious code that encrypts files on a computing device, enabling an attacker to demand a ransom from the legitimate owner to recover the encrypted data.
Numerous high-profile ransomware cases – including the May 2017 WannaCry ransomware attack that struck at least 50 organizations(WannaCry 2017) – have occurred over the last several years, involving medical centers, police departments, and government organizations. These occurrences show the negative impact ransomware can have on an organization’s operations and finances.
An exploit in which an attacker, typically using email, attempts to trick a computer user into opening web links, entering personal information into a web form or fake website, or taking an action that allows the attacker to obtain sensitive information. Spear phishing targets a specific individual or group of individuals using personal information.
Phishing and spear phishing are the most common attack methods for attackers to gain an initial foothold into an organization or obtain sensitive data.
A part of the internet that is intentionally hidden from standard browsers. It is accessible only through specialized software with an appropriate configuration or authorization. The dark web -- sometimes called darknet -- provides anonymous access to the internet for people who want to keep information about themselves hidden from view. It also provides anonymous hosting.
Although the dark web is primarily known to the general public as a place where illegal activity takes place, its original intent was to provide a private environment. Any business that has a need for anonymous browsing or anonymous communication may find the dark web useful. Business professionals also need to know about the dark web because it is used for illegal activities, including storage of stolen information.
A product vulnerability that the developers are unaware of.
Zero-day vulnerabilities are important because there is the potential for them to be exploited before developers have a chance to patch the affected product. Once a zero-day vulnerability has been detected, companies often have very little time to correct the issue before the vulnerability is used to attack the product.
...continue reading "Term of the Week: Zero-day Vulnerability"
A hostile action against an organization performed accidentally or maliciously by individual(s) who possess intimate knowledge of, and access to, a company’s infrastructure, security, and business processes.
The term is important because insider threat is one of the main causes of data exfiltration – theft of data – affecting organizations today. Insider threats can cause grave damage to an organization’s finances and reputation.
A loss of information from your systems that could harm your business or customers.