THE FIVE BASIC ATTACK VECTORS:
- SOCIAL ENGINEERING
- Vulnerabilities in Adobe PDF Reader, Flash, Java A plug –in is an application framework add-on which provides a better viewing and internet environment. Plugin "also known as Active content "allow programs to become more enhanced and add functionality to an existing application.Broadly speaking, active content refers to electronic documents that can carry out or trigger actions automatically without individual directly or knowingly invoking the actions. Examples of active content are PDF, web pages containing Java applets, JaveScript instructions, Active X controls, word processor files containing macros, Flash and Shockwave media files, spreadsheet formulas, and other interpretable content. The problem with plugin is that we have come to rely on them .
- Consider blocking internet plug-ins on the computer that access online banking accounts. Disable flash, scripts, pop-up windows, etc. can be frustrating for general users but prevents multiple exploit. Consider running a virtual Browser, which would allow a user to securely browse the internet using a web browser. You would run a virtual browser to protect against adware, spyware and other malware while browsing the internet with a browser in a virtual machine.
- Use caution when clicking links. A wrong click on a link and you can get redirect to a malicious site.
- Social networking sites like Facebook, LinkedIn Instagram and YouTube and other social networking sites have become popular for hackers to embed malicious links. Think about your social networking presence.
- We pay for the Internet with our attention and our personnel data as currency. Despite the appearance of Facebook appearing in public space for free it is owned by a corporation that is not government regulated while there is no direct fee for your participation user’s pay with their paying exposed to ads. (In the same way we pay for television) most agree to the terms of service which always involves giving up your right to privacy. See m3aawg.org-targets messaging abuse.
- Download a malicious executable (binary) file. The malicious software is usually a program that can either be sent as an executable email attachment (a file with an EXE attachment) or made to look like a harmless file, such as a text file or TXT, but these often have hidden extensions. More sophisticated malware comes embedded within images such as JPEG files and PDF files and are activated when you open the image or view the PDF. These will look the same as any other harmless image or PDF document to the average viewer.
- Open ports running Remote access, FTP, SNMP, or mail servers on the open DMZ demilitarized zone (sometimes referred to as a perimeter network).
- There are numerous scanning tools such as Telnet and Netcat but Backtrack, Pentest-tools.com, Passive Vulnerability Scanner and Nessus,Metasploit (a framework not a particular application that allows you to build a set of tools) are known as the world's best open source exploit frameworks.
- One of the often overlooked sources of information is the Simple network Management protocol (SNMP). SNMP runs on UDP (connectionless) on port 161 and enables a network administrator to gather information on and manage network devices.
- Vulnerability Assessment Scans: the countermeasure that will protect you. Scan your own systems first. Make sure to address any problems and then a scan by a hacker will give him no edge.
- Drawbacks to active scanning is if you scan and create a full TCP connection it will be logged with your IP address in the log files. A more stealthy scan do not create a connection. These scans use SYN flagged packets (less reliable but more stealthy) Programs like NMAP are the most popular.
- Malicious social engineering try to influence an end-user to perform a certain act including clicking a link, opening an attachment or divulging sensitive or confidential information.
- Social engineering in the form of e-mail messages that are intriguing or appear to be from legitimate organizations, is often used to convince users to click on a malicious link or download malware. Malicious actors are now utilizing the trust in social networking to launch their malicious campaigns.
The Taxonomy of a compromised computer:
(what the malicious actors will do once they control your computer)
When someone hacks your computer it means they have remote access to your computer, where they can retrieve passwords, information about you and information on your program files etc. They usually hack people's computers through the use of browser, link, attachment, scanning or social engineering. Once inside they are able to view what you are doing on your computer and they can use your computer as a bot system, harvast your data, or if you really unlucky lock your system files up with ransomware.
The basic use can be classified into three (3) categories:
A botnet is a network of compromised third-party computers running software robots (bots). These bots can be remotely controlled – initially by the actual attacker, and subsequently by a party who pays the attacker for use of the botnet – for any number of unauthorized or illegal activities. See Senate testimony - taking-down-botnets and Gameover takedown....
- Distributed denial of service attacks (DDoS) Malicious actors are elevating their crimes by now compromising of web servers as opposed to web-servers because they are always on a carry more bandwidth. With DDOS there are basically two types of attacks, Network Attack (Bandwidth depletion) or an Application Attack (Resource Depletion)
- Spam: There is a correlation between botnets and spam. Including spam attacks involving the further distribution and installation of malware on other information systems.
- Bitcoin mining: they want to hijack the processing power of your computer to create more bitcoins. The malicious actors are now using hijacked computer and servers to do this illegally through botnets.
- A proxy server is computer that functions as an intermediary between a web browser (such as Internet Explorer) and the Internet. Allows you to bounce your web traffic between different servers. Some Proxy servers help improve web performance by storing a copy of frequently used webpages. Others like Squid proxy do not store information.
2. Harvest your data:
Instantly gaining access to a huge part of his online life. Information on your online services, passwords, email accounts and other items such as:
- Identity theft: Employees like remote access because it gives them access to work files, programs and networks, enabling them to work from home or while traveling. However, they must be aware that if their remote login credentials are compromised, malicious actors will be able to login and have access to a massive amount of data. A wide range of sensitive information such as names, addresses, dates of birth, social security numbers, driver’s license numbers, credit card and bank account numbers can be found within a targeted organization’s computer system, which can be used to commit crimes such as identity theft. Malicious actors will use any information they can gather for financial gain. http://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/
- Hi-jacked Bank Accounts: Vulnerabilities in the implementation and usage of remote access software facilitates massive financial losses to our business’s infrastructure, with malicious actors utilizing varying levels of sophistication to steal credentials and passwords in order to hi-jack or create banking sessions to steal money from the account of the targeted business. These types of attacks have led to millions of dollars in unauthorized electronic financial transactions being sent to banking systems in Hong Kong, China, and other foreign countries.
- Intellectual Property Theft: Unauthorized remote access to business’s databases can also lead to theft of intellectual property, which could include anything from trade secrets to proprietary products. Intellectual property theft costs U.S. businesses billions of dollars each year with overseas companies taking this information and using it to build cheaper and less expensive versions of products without the cost of research and development. This causes significant job losses in the United States. The loss or compromise of data can result in an array of impacts to your organization, including financial penalties, fines and even loss of consumer loyalty and confidence.
- Stolen Credit Cards: Credit card point of sale systems of small to mid-sized businesses are being targeted and compromised at an alarming rate. Compromised card holder data is costing businesses in the United States millions of dollars in fraudulent transactions, regulatory fines, and investigation and recovery fees. Point of sale integrators frequently use weak and/or default passwords on point of sale terminals allowing malicious actors to brute-force or successfully guess remote access into the system. Once inside they install malware specifically designed to steal payment card data from that system.
- Espionage Malware can be and has been used to gain access to or spy on business and government operations and gather information that could be critical to business operations or national security.
- If it’s a server they install a simple logging program and watch as all the traffic flies passed in clear text, most will be HTTP traffic, unsecured, plain text details which can be easily read.
- The owner will be asked to pay a ransom for the “key” used to encrypt their data, and which is often required to reverse that process and restore the data. Such attacks, not only deny the user/owner access to their own data, but harm the confidentiality and integrity of that data by the attacker’s unauthorized access to it and encryption of it.
- Encrypts any network drive that is mapped to the system.
- Primarily an email based attack vector.
Almost every remote hack involves leaving a program behind that will allow them to get back into your computer regardless of whether or not you fix the security problem that let them into your computer in the first place. The only time a hacker does not leave something behind, is if they are hacking your computer for specific information or an item. Almost 99% of the time this is not the case.
Every program that is remotely controlled has to listen to UDP and TCP ports. You can use tools like TCPView and Process Explorer to find these applications: