Uncategorized

The readings this week introduced us to the fundamentals of how a network operates.  They presented us with a basic understanding of the hardware involved in networking and how the information is transmitted and received.  The articles also explained how two popular networking models, OSI and TCP/IP, function.  From an ethical hacking standpoint, understanding these 2 models, and how information traverses the network is paramount.  A big takeaway from the readings was understanding how ports work in networking.  As ethical hackers we will be scanning for open ports and it will be essential to know what services run on which ports so they may be further exploited.

 

My question to the class:

What ports/services do you think will be common exploitation entry points as ethical hackers?

What popular devices or techniques can you suggest IT Auditors/security professionals to check the hardening of or to audit network devices?

Canadian government services forced offline after credential stuffing attacks

Some of the key Canadian government applications, including the ones providing federal and immigration services were recently attacked and force to stop their operations. As per the report, the attack conducted was ‘password stuffing’, where username and passwords of users which were stolen in previous hacks were used. This attack was successful due to the fundamental human nature, where we use the same password/username for multiple applications and accounts.

My understanding from this article is that people or organizations might not even be aware that they have been hacked or suffered a security breach. It should be noted that usernames and passwords which were used in this attack, were stolen previously and there were no suspicions raised by any people whose usernames and passwords were stolen. The most realistic solution to prevent these attacks would be to have different usernames and passwords for different accounts. However, in the age of SSO and due to limited human capabilities to save different passwords, this solution is always going to be a challenge.

Reference:

https://portswigger.net/daily-swig/canadian-government-services-forced-offline-after-credential-stuffing-attacks

The reading articles for this week provided a great and simplistic introduction to the networking concepts which included brief descriptions of all the layers in OSI and TCP/IP (DoD) model.  The takeaway for me from these readings was getting an understanding of all the protocols which work in sync across all the layers when two ‘hosts’ communicate on a network. As a user, we are mostly interfacing with the application layer, however, I realized everything eventually comes down to bits and the electrical signals when a packet traverses across a network. The readings provided a fundamental understanding of the all the layers and could prove to be a good starting point to understand vulnerabilities in networks.

                                                   

 The Canadian Revenue Agency (CRA) was forced to suspend its services after a series of cyberattacks that compromised the username and password of thousands of accounts. The federal government described the three separate attacks as the “credential stuffing,” which uses password and username from another website to access the CRA (D’Amore, 2020). This attack brings a unique set of challenges because they were not going through the back doors, instead applied credentials like regular users. According to Marc Brouillard, the federal government’s acting chief information officer. Detection of intrusion traffic from normal is challenging (D’Amore, 2020).

References

D’Amore, Rachael. (2020, August 17). What to know (and do) about the CRA breach and shutdown. Globalnews.ca. https://globalnews.ca/news/7281074/cra-hack-online-services/

Tesla was confirmed to be the target of a ransomware conspiracy by Russian hacker Egor Igorevich Kriuchkov(Muncaster 2020). He approached a Tesla worker and teamed up to deploy malware that can help steal sensitive data, the firm was required to pay up for lost information or risk it going public.

The malware was deployed by the insider with network access, there was a separate DDoS attack made to distract Tesla’s IT Team. Kriuchkov first approached the Tesla employee via WhatsApp before meeting with them socially and offering a $1m to help with the plot.

Apparently Kriuchkov had successful schemes before and had received over $4m payout from other corporations. This reinforces the importance of ransomware victims to refuse payout, as it leads to more leverage to exploit.

Muncaster, P. 2020. Tesla Was Target of Russian Ransomware Conspiracy.  Retrieved from: https://www.infosecurity-magazine.com/news/musk-tesla-target-russian/

Discussion Question:

1. What type of screening does Tesla require for their employees?
2. How can they better train their workers on social engineering and is there any incentive to be the “whistleblower”?