Week 3 Summary and Article

Week 3 Reading Summary Takeaways:

In the world of hacking, attackers start with reconnaissance process which has the objective to collect intelligence about the target. This is often accomplished through port scanning, DNS zoning, web searches for any information regarding the company, social network searches, etc. When attackers collect enough information and identify the weakest links, then they begin the manual attacks. The weakest link in the security chain is often an outdated system, with a vulnerable version where publicly known exploits already exist. Other weak links also include not proper configuration of certain systems, disclosing unnecessary information, etc. The trick is for attackers to bypass security controls, (i.e.: intrusion detection/prevention systems, firewalls, etc.). Automated tools cannot adapt their attack scripts for sophisticated evasion techniques. Therefore, there exist various tools for information security teams to verify the likelihood of risk materializing and to adapt mitigation controls. But most importantly, good vulnerability assessment tools highlight gaps from security standards and industry best practices.

Article:

Researches at IBM are now aware of a new malware called “CoreBot” which is designed to steal sensitive information from infected computers. This threat targets FTP clients, email clients, private certificates, etc. In addition, it is able to download and execute other threats using Windows PowerShell. Even though this is a dangerous malware, IBM believes that organizations can be proactive and defend themselves by providing employee awareness with security solutions that can block CoreBot at the launch stage. In addition, there are various products on the endpoint from exfiltrating data.

If you’re interested in reading more about this article, you can do so here.