Mei X Wang

Burp Suite Guide:

• Burp proxy: used to intercept traffic between the browser and target application -> similar to a man-in-the-middle attack.
• Burp Sitemap and Site proxy: shows sitemap and site scope -> lets you choose the scope of security testing
  • Displays various sections of a particular domain (ex. Google)
  • shows how to execute search
• Burp Spider: used to get a complete list of URLs and parameters of each site. Looks through each page manually and finds the links within the testing scope.
  • Using spider: Proxy and interceptors should be off. -> Manually visiting more sites will give spider a larger coverage area.

Questions:

1. Is Burpsuite similar to anything you have used before?
2. What can be potential issues using this software?

Cyber-criminals Target Naked Zoom Users

Cybercriminals used a floating zero-day security vulnerability on the Zoom App to engage in sextortion scams. Many users such as TV Analyst Jeffrey Toobin was caught in a sexual act over the video call and the criminal managed to obtain the video recordings. Zoom’s vulnerability allowed attackers to take over the camera and also accessing metadata from the account.

The criminal sent emails to the victims explaining that he was under duress because he lost his job and had no other choice but to extort for money. The scammer sent emails threatening that a ransom of $2,000 in bitcoin within 3 days or the footage will be made public. There has not been public word from Zoom.

Nando’s Customers Hit by Credential Stuffing Attacks

The popular chicken chain, Nando’s, has been cyber-attacked; attackers hijacked online accounts to place large orders. Due to covid-19, the restaurant industry has been attempting to find a way to optimize service while restrictions are in places such as QR codes and online ordering. Most orders are made online and picked up using a QR code in-store, however, attacks have used a tactic called “credential-snuffing”. By using stolen customer credentials used elsewhere, they can use the same information to access their Nando’s account. Since then, Nando’s has promised to reimburse customers for any fraudulent orders.

Since July 2018- June 2020, there has been 64 billion credential snuffing attempts in the retail, hospitality, and travel sectors. This can be remediated by having MFA on accounts or even just using different passcodes for each account.

*I thought this was interesting because I was also hacked using a fake KFC account*

 

https://www.infosecurity-magazine.com/news/nandos-customers-hit-credential/

OWASP Top 10

• Broken authentication: when authentication and session management are implemented incorrectly, attacks can compromise the user’s credentials and exploit their identities. I see this happen frequently and there are industry standards such as lock-out policies, timeout sessions that can help mitigate this security risk. However, many organizations fail to do so because they are unaware of the severity of these flaws.
• Broken access control is when restrictions on authenticated users are not properly reinforced. From a security standpoint, less is more. Users with administrative privileges should only be limited to admins of the system, if a standard user’s credentials were hacked and access controls weren’t in place, the scope of damage would increase significantly.

 

Questions

1. What security risk have you encountered? Or what do you think can lead to the most damage?
2. What are some mitigation tactics companies can have to protect themselves against these risks?

Malware

• Described as malicious software intentionally designed to cause damage to a computer, server, client, or computer network. (ex.  computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware)
• Detect/remove malware: windows defender/Malwarebytes
• The term was coined by Yisrael Radai in 1990
  • first-known malware is Creeper: moved around different mainframes with a message that said “‘I’m the creeper: Catch me if you can.”
• PUP(Potentially unwanted software): tricks users into installing into their systems through browser toolbars
  • can contain spyware functionality…not normally considered malware unless executes malicious features.

 

Questions:

1. Have you ever encounter a malware attack? How and why?
2. What can be used to defend against a malware attack?

Many Apple Users also use the navigation software app called Waze. Security engineer Peter Gasper found out when he was using the app’s web interface that it doesn’t just display his coordinates, it also displays the coordinates of the driver’s nearby. Each driver/account is assigned a unique ID and it doesn’t change over time. This means that if someone with malicious intent were to track a driver, they can also track the driver’s complete journey, what cities they go through, and their stops. This is incredibly dangerous because if there were any human trafficking/kidnappings to occur, the trafficker could’ve used Waze’s vulnerability to locate their target. This vulnerability has been patched since then but it’s interesting to think how as much as technology helps us, it can also make the world a more dangerous place.

 

https://www.infosecurity-magazine.com/news/waze-vulnerability-identifies-users/

Social Engineering:

• Human behavior of social engineering(attack vs. attacker): Financial gain, self-interest, Revenge, external pressures
  • Reverse social engineering: enticed to ask the aggressor for help(through tricking them), aggressor offers help just to make sure the victim remains unsuspicious while the attacker probes more
• Counter-measures: creating controls (training/policies/security/management/…)
  • Perform regular reviews that the controls are working as created.
  • Simulate an attack(hire pen testing specialists)

 

Question for the class:

1. Have you ever been a victim to social engineering?
2. What’s one physical control that can be used to mitigate chances of a social engineering attack?