Red Team Exercise Part 4 Week 5 XX XX CMGT433 Professor XX XX
IntroductionTable of Contents • Introduction. • Recap of Week 2 Exercise • Recap of Week 3 Exercise • Recap of Week 4 Exercise • Lessons learned form the Exercise. • References.
Common Cyber Security Attacks Week 2 (Recap) • Social Engineering. • Phishing Campaigns.
Week 2 (Recap)Common Cyber Security Attacks Employee Insider Threats IT
Common Cyber Security AttacksWeek 2 (Recap) Monitoring Employee Activity & Insider Threats
Week 2 (Recap)Description of Cyber Attacks • Social Engineering – Leverages Human Nature. • Phishing Campaigns – Crafted, Systematic, and Methodical user exploitation.
Week 2 (Recap)Justify Attacks Based on Industry Social Engineering – Users are always vulnerable. Phishing Campaign – Attackers can exploit outside of an Organization.
Week 3 (Recap)Overview of Security Controls and Attacks Red Team Attacks • Leverage Insider Threat • Social Engineering • Phishing Campaigns Blue Team Defenses • Education/Training • Firewall/Disable scripting • Endpoint protection
Week 3 (Recap)Blue TeamPresentation Review The blue team’s defense seemed to focus upon training their employees, firewall protection, and spear phishing. Their defenses were great and standard as they went about training their employees on how to detect, prevent, and avoid phishing attempts. Training is definitely a big part of the battle as user errors definitely account for most breaches that occur. While the defenses were solid, the affects on our attacks were somewhat lacking as they only really addressed one avenue of our attack.
Week 3 (Recap)OurAttackvs.TheirProtection The blue team looks to have countered our phishing attempts well with ensuring to train their employees on what to look out for, but the rest of our attacks were definitely not as covered. With this is mind it looks like they were definitely more focused on the more common attacks heard of today such as ransomware, phishing and firewalls. “According to a 2017 Verizon report, 25 percent of data breaches last year were carried out by insiders” (Felker, 2018). In conclusion since they are more worried about common attacks we have a higher chance at success
Week 3 (Recap)OurNewAttackAgainstConsumer Retailor Blue Team successfully countered our attempt of a phishing campaign. Since they avenue is out of the question to gain access to their system, we would like to infect their system with a worm via USB insertion. A Worm would allow: • Replication automatically throughout the system • Vital system information in real time • Server info • Traffic info
Week 3 (Recap)AttackJustification • Focused more on network attacks instead of physical. • Worm self replicates so only needs to be implemented once. • Allows for instant information of the system, as well as how it operates. • Can transmit same information as a phishing campaign such as: • Passwords • System information • Server information
Week 4 (Recap)Attack vs Defense Results Denial of Service - An attacker attempts to prevent legitimate users from accessing information or services. Intrusion detection system Justification: Firewall and encryption are to prevent penetration and protect the infrastructure, but with this, the intruders manage to penetrate the company. That is why intrusion detection systems are becoming more of a requirement.
DoS Attack Affect on Network Operations Week 4 (Recap)OurNewAttackAgainstBlueTeam Flooding the server with multiple request Tying up available connections which will not allow new connection to be made therefore legitimate users will be denied use of services. Hide more nefarious attacks In the midst of all the traffic being sent to and being requested from the target servers it would be more difficult to notice another attack being masked by the DoS attack.
Ping Flood DoS Attack Week 4 (Recap)OurNewAttackDescription Commonly known as the Ping of Death, this DoS Attack will send IP packets that are larger than the what is allowed by the IP protocol which is 65,535 bytes. The Ping Flood attack differs as it doesn’t wait for a reply it just keeps sending oversized ICMP packets until it overwhelms the system so it crashes or reboots. In addition to oversized packets, we will also be sending malformed packets in different fragments that are less than 65,535. When the target system tries to reassemble them, they will be left with an oversized packet that will effect memory overflow and could lead to a system crash.
Week 4 (Recap)AttackJustification By blocking ping messages, they prevent legitimate ping use – and there are still utilities that rely on ping for checking that connections are live. Invalid packet attacks can be directed at any listening port—like FTP ports—and they may not want to block all of these, for operational reasons. Ping of death attacks can be easily spoofed so our identity can be hidden. We just need blue teams IP addresses and not intimate knowledge of the system to perform the attack.
Lesson Learnedfrom theExercise • The goal of the Lessons Learned phase is to document what happened and improve our attack capabilities. • Based on what we’ve learned, get appropriate approval and funding to fix the organization’s: • Defensible Processes. • Security Appliances to protect current Technology. • Improve the Organization's incident handling capabilities.
Reference AT&T Business. (2018). Cybersecurity: The Insider Threat, Careless Employees, Retrieved From https://www.youtube.com/watch?v=bLXW2JQ0TZk Ciampa, M., . (2016). Security Awareness: Applying Practical Security in Your World Cisco. (2018). What is the Difference: Viruses, Worms, Trojans, and Bots? Retrieved from https://www.cisco.com/c/en/us/about/security-center/virus-differences.htm Felker, S.L. (2018). Disgruntled Employees and Other Internal Threats to Your Cyber Security. Retrieved from https://www.bakerdonelson.com/disgruntled-employees-and-other-internal-threats-to-your-cyber-security Gogan, Marcell. (2017). Insider Threats as the Main Security Threat in 2017, Retrieved from https://www.tripwire.com/state-of- security/security-data-protection/insider-threats-main-security-threat-2017/ Rouse, M. (2000-2018). Search Security. Retrieved from https://searchsecurity.techtarget.com/definition/denial-of-service TechnoPedia. Intrusion Detection System (IDS)(2018). Retrieved from https://www.techopedia.com/definition/3988/intrusion-detection-system-ids
Reference Kulkarni, S. (2015). Cyber Kill Chain - Method of Cyber attack. Retrieved from https://securitycommunity.tcs.com/infosecsoapbox/articles/2017/03/14/cyber-kill-chain-method-cyber-attack Ping of death (PoD) (2018). Retrieved from https://www.incapsula.com/ddos/attack-glossary/ping-of-death.html Smith, . (2018). Male or female, who's the better social engineer? Battle of the SExes! . Retrieved from https://www.csoonline.com/article/2222478/microsoft-subnet/male-or-female--who-s-the-better-social-engineer--battle-of-the-sexes-.html Van Zadelhoff, Marc. (2016). The Biggest Cybersecurity Threats Are Inside Your Company, Retrieved from https://hbr.org/2016/09/the-biggest-cybersecurity-threats-are-inside-your-company Veriato. (2013). Monitoring Employee Activity & Insider Threats, Retrieved From https://www.youtube.com/watch?v=9xQa7DZF7jY What Denial of Service (DoS) Attacks Symbolize!(2018). Retrieved from http://www.forensicsware.com/blog/dos-attack.html Whitman, M., & Mattord, H. (2016). Principles of Information Security