THE user layer
Internet Protocol Users, Empowering Connections
malicious Online Activity
Exploiting 3rd Parties
Insider Threat
Scanning & Reconnaissance Exploitation
social engineering
CHATBOT ON PREVENTING AND REPORTING CYBERCRIME
LET US HELP YOU WITH PREVENTING AND REPORTING CYBERCRIME
THE USERS OF INTERNET PROTOCOL SERVICES
the Cyber ecosystem, The Users of IP Resources explained
Welcome to Layer 6: The Users. This layer focuses on the human element of the cyber ecosystem. At Listcrime.com, we explore the various attack vectors that target users, such as social engineering and insider threats. Empower yourself with knowledge on how to recognize and defend against these threats, ensuring that you are not the weakest link in your cybersecurity chain. The purpose of this website, The Cyber Ecosystem of Internet Protocol Resources is to bring a holistic unified view into our approach to cyber security. This document highlights the different levels of people, processes, technology and physical services that make up our cyber ecosystem, so that we can start to view the internet and its borderless security problems more broadly.
Most homes and businesses have a device that connects to the internet known as an Internet Service Provider (ISP) Gateway, it’s through that device that internet-capable devices reach the rest of the world and as covered in the ISP & Network Providers of Internet Protocol Resources, Last mile, Layer 5, these ISPs act as a last hop “access” network and are closest to you the Users of Internet Protocol Resources, Layer 6.
Thanks to that Gateway, we can communicate and send data back and forth, however that connection (conduit service) is full of attack vectors which also provide opportunities for the Abusers of Internet Protocol Resources, Layer 7 to gain access to your device, network or enterprise system. Attack vectors can occur through malicious intent, flaws, features or even user error, the Abusers of Internet Protocol Resources, Layer 7 will look to exploit them in a multitude of ways, often combining one or more attack vectors to achieve their end goal, which is ultimately to access, deny, alter or exfiltrate data from your device, network, or enterprise system.
Internet Protocol Users: Connecting You
The five Initial Access Attack Vectors of any cyber-attack. There are five Initial Access Attack Vectors (how the attacker gains initial access) for launching unauthorized access (scanning, reconnaissance and exploitation into your environment during a cyber-attack. They are a 3rd party exploitation, Insider, Scanning and Reconnaissance Exploitation (a triad) Social Engineering, and Malicious online activity with each Initial Access Attack Vector being foundational to the beginning stages of every cyber-attack. Together or separately these five Initial Access Attack Vectors serve as the opening segment of the attack pathway that every the Abusers of Internet Protocol Resources, Layer 7 will utilize as entry to the attack surface. Simply put, these five Initial Access Attack Vectors serve as a simplified version of the attack surface and attempt to align with other modeling methodologies such as the Draft NIST 800-154, MITRE ATT&CK , Cyber Kill Chain , NCSC.gov.uk and Common Attack Pattern Enumeration and Classification (CAPEC™).
According to Draft NIST Special Publication 800-154 , an attack vector is a segment of the entire attack surface pathway that an attacker uses to access a vulnerability. Each attack vector can be thought of as comprising a source of malicious content, a potentially vulnerable processor of that malicious content, and or the nature of the malicious content itself. I will also add a fourth variable, which is the method of delivery, the nature of the attack, characteristics or essence.
The MITRE ATT&CK and (CAPEC™) Frameworks enable contextual understanding of the attack patterns within an adversary’s operational lifecycle. Although each focus on specific use cases, CAPEC attack patterns and related ATT&CK techniques are cross referenced to bring information to the security community in a formalized way. The attack surface (Attack Vector X Attack Target = Attack Surface) may vary widely, spread across a single host or multiple hosts, involve an exploitation of a single vulnerability or multiple attack vectors. There exists the potential for some attack patterns to align with more than one category depending on one’s perspective. The categories (special highlight to CAPEC ) below represent the Six Initial Access Attack Vectors and categorize the different techniques used to attack a system.
Cyber Kill Chain and NCSC.gov.uk, Stages and Patterns specifically describe the Scanning and Reconnaissance Exploitation (Triad), it’s means, methods, ways, routes, processes or measures (how the attacker gains initial access) and how unauthorized access or the Scanning and Reconnaissance Exploitation (Triad) is used for initially infection access to your device, network, or enterprise system. Scanning can be defined as to look, sweep, search or cause a surface, object, or part to be traversed. While Reconnaissance is the observation of what you find, and Exploitation is gaining authority or taking advantage of a system.
The Attack Vectors
Cyber-crime encompasses a range of malicious activities that exploit digital technologies. The methodology outlined below categorizes these activities into five simple primary threats:
Malicious Online Activity:
Activities under this threat posting harmful activity directed at an individual or organization, such as digital misconduct, doxing, cyber-harassment, Online impersonation and even DDOS attacks.
Insider Risk:
Insider threats are posed by individuals within the organization who have access to sensitive information and systems. This risk can be either malicious or accidental but is always detrimental.
Social Engineering:
This technique involves manipulating individuals into divulging confidential information or performing actions that compromise security. Common tactics include phishing, pretexting, and baiting.
Unauthorized Access:
This threat involves the Scanning, reconnaissance and exploitation of Internet-facing devices, systems, or applications without authorization. Attackers leverage weaknesses in security systems such as misconfiguration, lack of patching, zero day vulnerability or input validation to gain access to restricted areas.
Exploitation of Third-Party Services:
Attackers often use third-party services as vectors to carry out attacks, exploiting the interconnected nature of business services and the trust placed in external partners.
Attack Pathway
The sequence of actions, steps attackers take or methodology of an attack, encompassing four critical elements.
Origin/Source:
This refers to the initial point from which the attack is launched. It could be an external entity, a compromised insider, or a third-party system.
Target/Processor:
The target is the entity or system impacted by the attack. This could involve critical infrastructure, personal data, corporate databases, etc.
Method of Delivery:
The nature of the attack’s delivery method can vary widely, including, but not limited to phishing emails, drive-by downloads, or direct system infiltration.
Content Delivered:
This element refers to the substance or matter of the attack, such as malware, fraudulent communications, or unauthorized commands.