Weekly Update — Social Engineering, Malware, Web-based Exploits, Threat Modelling

Welcome back to my weekly update. Here I talk about what I learned from my course and some online sources during the week. Last week I discussed Vulnerability Management. This week, I’ll be talking about social engineering, malware, web-based exploits, and threat modeling.

Disclaimer: The information (most of the definitions) shared is based on my knowledge from the Google cybersecurity certification program on Coursera and some online articles and videos.

Let me start by listing the activities I performed in the past week

Task 1: First I was tasked with investigating a phishing email sent to the executive of a firm and determining whether it should be quarantined.

Task 2: Having learned about the PASTA framework used in threat modeling, I was tasked with performing a threat model of an application for a sneaker company preparing to launch a mobile app that makes it easy for their customers to buy and sell shoes, using the PASTA framework, to identify security requirements for the new sneaker company app. A link to my completed activity.

It only takes an act of kindness or a lapse in judgment for a social engineering attack to work, and the trusting nature of humans doesn’t make it any better. Social engineering is a popular choice for threat actors since it is easier to trick people into providing them with access or information, or even money, than it is to exploit a vulnerable software or network.

Social engineering is a manipulation technique that explains human error to gain private information, access, or valuables. This can lead to data exposure, widespread malware infections, or unauthorized infections. Threat actors perform social engineering attacks in stages: Prepare, Establish trust (Pretexting), Use persuasion tactics, and then Disconnect from the target.

Social engineering attack occurs in different forms, some common ones are Baiting, Phishing, Tailgaiting, Watering hole, and Quid pro quo.

Phishing being the most common type of social engineering is the use of digital communications to trick people into revealing sensitive data or deploying malicious software, using a phishing tool kit that contains malicious attachments, fake data-collection forms (e.g. fake surveys), and fraudulent web links. Some common forms of phishing include smishing, spear phishing, email phishing, whaling, and vishing.

Phishing attacks can be prevented by implementing anti-phishing policies, employee training resources, email filtering, and intrusion prevention systems.

Malware is a software designed to harm a computer system. Devices and systems that are connected to the internet are especially vulnerable to infection. When a device becomes infected, malware interferes with its normal operations. Attackers use malware to take control of the infected system without the user’s knowledge or permission.

Different types of malware include Viruses, worms, trojans, spyware, ransomware, file-less malware, scareware, adware, rootkit, cryptojacking, and botnet.

Malware attacks could be prevented by using malware-blocking browser extensions, using adblockers, and disabling Javascript on your web browser.

Apart from phishing, malware can also be delivered to its target through Web-based exploits — Malicious code or behavior that’s used to take advantage of coding flaws in a web browser using Injection attacks — Cross-site scripting and SQL injection attacks

Cross-site scripting (XSS) is an injection attack that inserts code into a vulnerable website or web app, this gives the attacker access, to user data like session cookies, geolocations, etc.

Types of XSS are:

1. Reflected XSS attack.
2. DOM-based XSS attack.
3. Stored XSS attack.

SQL injection attack is an attack that executes unexpected queries on a database. Two examples of when this attack can take place are when using the login form to access a site and when a user enters their credentials. SQL injection can take place in areas of the website that are designed to accept user input.

Categories of SQL injection:

1. In-band injection.
2. Out-band injection.
3. Referential injection.

SQL injection attacks can be prevented by: Using prepared statements (a technique that executes SQL statements before passing them to the database), Input sanitization, and Input validation.

Preparing for attacks is a crucial responsibility of the entire security team. To prepare for attacks, it is essential to anticipate them. This is where threat modeling comes into play.

Threat modeling is the process of identifying assets, their vulnerabilities, and how each is exposed to threats. There are several threat modeling frameworks used in the field, each suited for different areas of security such as network security, information security, or application development.

The six steps in a threat model include

1. Define the scope: Here the creates an inventory of the organization’s assets and classifies them.
2. Identify threats: Here an attack tree is used to map threats to assets. These could be external or internal threats.
3. Characterize the environment: This step entails applying the attacker mindset, and considering how third-party vendors, customers, and employees interact with the environment.
4. Analyze threats: This involves identifying existing protections and controls and identifying gaps. Also involves assigning risk scores to threats.
5. Mitigate risk: Here the security team defends against threats by deciding whether to avoid, transfer, reduce, or accept the risk.
6. Evaluate findings: This is the final step and it involves the documentation of the entire exercise, fixes are applied and the team takes note of successes they had and lessons learned to help inform how they approach future threat models.

Some threat modeling frameworks include

1. STRIDE.
2. PASTA.
3. Trike.
4. VAST.

PASTA THREAT MODELING

PASTA (Process for Attack Simulation and Threat Analysis) — a popular threat modeling framework that is used across many industries. Contains seven threat modeling stages:

1. Define the business and security objectives.
2. Define the technical scope
3. Decompose the application
4. Perform a threat analysis
5. Perform a vulnerability analysis
6. Conduct attack modeling
7. Analyze risk and impact

Threat modeling is a proactive way of reducing risks and it combines various security activities such as vulnerability management, threat analysis, and incident response.

In summary, cyberattacks and security breaches are a reality that we’re challenged with regularly. However, being aware of the type of threats that exist and the threat modeling process provides an important foundation for the work of a security analyst.

Thanks for reading. Let’s discuss, exchange ideas, and connect in the comment section. Also looking forward to collaborations.

SEE YOU NEXT WEEK.