Going passwordless – the journey to a future-proof digital identity
Even with a strict password policy, it becomes difficult to guarantee that passwords are strong. The most common passwords we have are cracked in a few seconds.
Welcome back to the SEB Tech blog. This time I want to describe different types of cyber-attacks and what they mean.
A cyber-attack is when an individual or an organisation deliberately and maliciously attempt to breach another individual's or organisation's data and assets. There is usually an economic purpose behind the attack or a goal to make data unavailable by encryption.
Malicious actors often look for ransom and data exfiltration as a means of extortion by publishing data externally.
The term “malware” covers various types of attacks including spyware, viruses, and worms. Malware uses a vulnerability to breach a network when a user clicks on a link or an email attachment, which is used to install malicious software inside the system.
Malware and malicious files inside a computer system can:
Malware is so common that there is a large variety of modus operandi. The most common types are:
Phishing attacks are very common and involve sending mass amounts of fraudulent emails to unsuspecting users. These fraudulent emails often have the appearance of being legitimate, but link the recipient to a malicious file or script designed to grant attackers access in a device and install malicious scripts, or to extract data such as user information, financial information, and more.
Phishing attacks can also take place via social networks and other online communities, via direct messages from other users with a hidden intent. Phishers often leverage social engineering and other public information sources to collect info about your work, interests, and activities, giving attackers an edge in convincing you to trust them.
There are several different types of phishing attacks, including:
This is when an attacker intercepts a two-party transaction, by inserting themselves in the middle, between two victims, e.g. a user and an application. From there, cyber attackers can steal and manipulate data by interrupting traffic.
This type of attack usually exploits security vulnerabilities in a network, such as an unsecured public Wi-Fi, to insert themselves between a visitor's device and the network. The problem with this kind of attack is that it is very difficult to detect, as the victim thinks the information is going to a legitimate destination. Phishing or malware attacks are often leveraged to carry out a MitM attack.
DoS attacks work by flooding systems, servers, and networks with traffic in order to overload resources and bandwidth. This results in rendering the system unable to process and fulfil legitimate requests. In addition to denial-of-service (DoS) attacks, there are also distributed denial-of-service (DDoS) attacks.
DoS attacks saturate a system's resources with the goal of impeding the response to service requests. On the other hand, a DDoS attack is launched from several infected host machines with the goal of achieving service denial and taking a system offline, thus paving the way for another attack to enter the network and environment.
The most common types of DoS and DDoS attacks are the TCP SYN flood attack, teardrop attack, smurf attack, ping-of-death attack, and botnets.
This occurs when an attacker inserts malicious code into a server, using server query language (SQL) forcing the server to deliver protected information. This type of attack usually involves submitting malicious code into an unprotected website comment or search box. Secure coding practices such as using prepared statements with parameterized queries is an effective way to prevent SQL injections.
When a SQL command uses a parameter instead of inserting the values directly, it can allow the backend to run malicious queries. In addition, the SQL interpreter uses the parameter only as data, without executing it as a code.
A Zero-day exploit refers to exploiting a network vulnerability when it is new and recently announced and before a patch is released and implemented. Zero-day attackers use the disclosed vulnerability in the small window of time where no preventative measures exist. Preventing zero-day attacks requires constant monitoring, proactive detection, and agile threat management practices, cyber hygiene and cyber resilience.
Passwords are the most widespread method of authenticating access to a secure information system, making them an attractive target for cyber attackers. By accessing a person's password, an attacker can gain entry to confidential or critical data and systems, including the ability to manipulate and control said data/systems.
Password attackers use an extensive number of methods in order to identify an individual password, including social engineering, gaining access to a password database, testing the network connection to obtain unencrypted passwords, or simply by guessing.
One very commonly used method is executed in a systematic manner and known as a “brute-force attack”. A brute-force attack uses a programme to try all the possible variants and combinations of information to guess the password for user accounts.
Another common method is the dictionary attack, in which the attacker uses a list of common passwords to attempt to gain access to a user's computer and network. Best practices regarding account lockout and two-factor authentication are very useful at preventing a password attack. Account lockout features can freeze the account after several invalid password attempts and two-factor, 2FA, authentication adds an additional layer of security by requiring the user logging in to enter a secondary code only available on their 2FA device. Passwords shall be avoided and biometric identification with multi-factor authentication shall be used to eliminate compromised credentials.
A cross-site scripting attack sends malicious scripts into content from reliable websites. The malicious code joins the dynamic content that is sent to the victim's browser. Usually, this malicious code consists of JavaScript code executed by the victim's browser, but can include Flash, HTML and XSS.
Rootkits are installed inside legitimate software, where they can gain remote control and administration-level access over a system. The attacker then uses the rootkit to steal passwords, encryption keys, and credentials to be able to retrieve critical data.
Since rootkits hide in legitimate software, once you allow the programme to make changes in your operating system, the rootkit installs itself in the system (host, computer, server etc.) and remains dormant until the attacker activates it or it's triggered through a persistence mechanism. Rootkits are commonly spread through email attachments and downloads from insecure websites.
While internet connectivity across almost every imaginable device creates convenience and ease for individuals, it also presents a growing number of access points for attackers to exploit.The interconnectedness of things makes it possible for attackers to breach an entry point and use it as a gate to exploit other devices in the network.
IoT attacks are becoming more popular due to the rapid growth of IoT devices and the often low priority given to embedded security in these devices and their operating systems. Best practices to help prevent an IoT attack include updating the operative systems and software and keeping a strong modern identification for every IoT device on your network.
The complexity and sophistication of cyberattacks are constantly increasing. The most important countermeasure is a well-established and functioning cyber hygiene that is improved over time, and thus strengthens cyber resilience as well as awareness throughout the organisation by education and training to know what constitutes a threat and how it should be handled so as not to become a risk.
Even with a strict password policy, it becomes difficult to guarantee that passwords are strong. The most common passwords we have are cracked in a few seconds.
I think some still remember when non-functional requirements (NFR) were activities in a project plan and thus could be prioritized accordingly. However, this meant that important requirements for a system or application did not always get the focus that was needed - the time did not exist.
SEB is one of the gold sponsors of the Midnight Sun CTF event. A lot of preparations go into an event like this, and in this blog post we'd like to share some details on how our team is getting ready for a contest like this and the finals that are taking place in Stockholm on Sept. 18-19.