Time
5 hours 49 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:01
Hello, everybody, and welcome to day I t. Security episode number 17. I t Attacks
00:08
My Name's Hall has Regina and I'll be your instructor for today's session.
00:13
The Learning Operatives kind of decision is to understand and be able to identify
00:19
the main and basic coyote attacks.
00:24
Well, the remaining attack types on the axis Nowadays, however, you know there's the least that I convention of the most significant attacks which are related to A T, which is wired and wireless scanning the mapping attacks, protocol attacks,
00:43
eavesdropping, attacks, you know, listening through through the waves, or two days or two. The wire itself.
00:50
Uh, the the communication this will imply a loss of confidentiality.
00:54
You know, maybe you're smarter. Watch is connected to your phone. And I ended up in true blue suit.
01:02
And, you know, the little connection will tell me all the information that is being exchanged between the watch on and your phone.
01:11
It's movie spoofing, you know, meaning that, uh,
01:15
I pretend to be actually your watch. Well, I'm I'm not using your watch, but, you know, I I spoofed the authentication. Oh, are your i p or give my Catherine are you know your little food at a fire,
01:29
and I pass us your as your watch
01:34
operating system, Um, application attacks, Denial Service or James Jamming, which is well known in the white and the wireless attacks. Meaning that I cannot steal any information from you. But I will stop you from using. The service Is
01:52
I mean, that I will stop you from your phone from connecting to you
01:56
to you, to you a smart watch and you know, other others marked vices,
02:02
physical security attacks, tempering, you know, interfaces, exposure. Maybe you did put a lot of, uh,
02:13
security Khanna measures in the suffered, but you forgot about the physical part at all. So I can easily break or temperature device. And, you know, that's also another type of attack
02:24
answers control, tax, laser attacks, which, when we talked a laser and focus I am beams. Attacks were meaning a cheap level attacks. And if you recall from the previous sessions chip left, little attacks are most expensive. Attack. So
02:42
you know, you you will have to take into this
02:46
this into consideration when you're describing your risk. But, you know, let's get not a head and a little discuss risk in the next section.
02:55
Uh, you know, these attacks that I didn't mention at all this small, small sample that exceeds actually in the while or in the world Now they
03:06
most attacks are highly customized to specific number and ability. You know, it's not the same to say that I will attack all this Monty's that say that I will attack in specific brand off TV and with a specific person
03:23
off this upward or a specific birth ship off the field. More
03:27
of the TV.
03:29
Uh, you know, there's pages dedicated again to that to give you exploit specific for that version or for back a smart device
03:39
conversion, and it will. It will. It will give you cook the code so you can just run it. Um,
03:46
and there are other moment more malicious. Um, you know, more dangerous attacks, which is theirs, which you know they try to exploit. Zero, they holding abilities. When I say who's your day? I mean, we'll never live without not yet known, not not even buy it. But you know, my
04:05
business or the enterprise who made
04:08
the i n t buys
04:10
s Oh, yeah. People can steal, exploit this. Do you remember this? A ransomware attack that happened, like, 34 years ago. The one crime. This was a zero day vulnerability and windows and nobody knew about this.
04:27
So the people who were affected by about with this vulnerability
04:30
at the abbey at first, of course they didn't, have they? We couldn't blame them, because at the end, it was. This vulnerability wasn't known to anybody, not even two windows. So this kind of one of the letters can be really, really dangerous.
04:47
Uh, you know, any number of attacks that may exploit visible nen abilities
04:53
on any number of attacks may be publicly sure over the Internet to do so. So, you know, well placed security controls is really important to reducing either the light food or the severity off the impact of the attack. We will discuss this in risk,
05:10
but basically to measure risk, you just have to take
05:13
true facts interpreted consideration, which is like a hood like hood of the attack on the impact of the attack. And if you have an economy measure in place already, how this kind of measure will reduce either delightful or the impact of the attack But, you know, we're getting ahead of ourselves.
05:31
The type of attacks on I T systems will grow over time. Of course.
05:38
Uh, because they follow profit moderates, you know, And you know, if you're if you're able to pay everything for from your smartwatch orphan from your phone or any other smart advice, both hackers will be aiming to that.
05:54
For example, today there's that
05:57
trying off malware business with the use crypto. Remember that they wanted right there. This is called ransom work and you know, they ask for a feat. So in order to decrypt that your data Now let's put it this into the context.
06:15
What will happen if someone and encrypts your let's say
06:19
cheesemaker?
06:20
Oh, are someone encrypts the machines that are giving you treatment for any deceased? Can you imagine that? I mean, the ransom will be Either you pay or you die. So this is frightening on this is really something that way, we really should be thinking about
06:39
before we take that step further into the I m t.
06:42
Well, uh, you know,
06:45
this is this is something to worry about, you know,
06:47
to entice an idea of how in a base, a basic attack can be built.
06:54
I heard you a little bit here, Which you will see
07:00
how to know what this guy was doing in the TV in this market. Be,
07:08
uh well, I will
07:11
let you with millions.
07:13
So, uh, we have here. I already executed the Khan said you cannot? Yeah. Didn't waste any time from God.
07:23
Uh, so first, a little bit of foreign consuls. I know for a fact that this is a teepee, so I just can't report. I want to know what pores were open. And to my surprise, there were quite a few ports popping
07:43
summer that some of them I was expecting him. I like this plan in,
07:47
uh, service Just thes surfaces are b
07:53
don't price. And when I went to the circus is,
07:59
uh
08:00
I was no time.
08:03
I didn't leave that at some point. Someone thought that was a good idea to
08:09
let Ah, hello, World Beach. On http pitch, huh?
08:16
Right. And this party, I know why this is just and what support? Just off this. But is there
08:24
so you can imagine harmony beloved Looks this happen. And what state location will happen? I should be served
08:35
opponent on his work to be
08:37
on. And then, uh, well,
08:41
I continue scanning for, for for the reports. And one interesting thing is that in this report was detective, you're
08:50
this report. I saw several files. No.
08:56
When breast files certificates.
09:01
Why?
09:03
Ah, little bit off those files. And when I went to the age to be service overdid over down
09:13
the browser, I saw that person was actually watching that. Please.
09:18
He's slow here, and you can see that there's a JSA or thing
09:24
and you can see some hamburgers over here. So, you know, privacy. That's a really big concern. This entity, guys in the previous margins, how is he? Was just some cameras that, you know, taking a package that their West West,
09:45
any assets control, they were using people.
09:48
Daschle's off the kid.
09:52
You know, this is a concern to me,
09:54
does that I am
09:56
again a simple as a couple's comments. You can get me that the person will question. Actually,
10:03
you know, it would be a little bit more. I can sure do that. We can use that as a pivot and jumped you another devices on network.
10:16
So there's that That's a really big surge. Me.
10:22
So, uh,
10:24
taking this to the next level,
10:26
I shall all I want to show you guys. This video right here.
10:31
Uh, this is really you know, sure. Video.
10:35
But, you know, these criminals are using relay boxes to steal this car
10:41
these boxes receive on retransmit the ERV i d. The radio frequency signals through the walls. You know, uh, you can see one. What? This guy's way being a relay box writing from off the house
11:00
So the box receives. You know, when Buck's received a signal from the actual key that is inside house it, send it to a receiver. Uh, the car, actual things that the keys. Actually, they're and either start staying giant. You know, there's another video,
11:18
uh, she shows are really more impressive way off stealing that and maybe a really more probe way. You can see this video in the West Midlands police from the United Kingdom. But, you know, this is how dangerous the tax could be. Could get.
11:35
I mean, we're not dealing with a normal thieves anymore. What? They were break the window and you know the car. Well, maybe said on alone and it will love itself down. So you know, the things cannot start the current anymore.
11:52
So you know, this is how dangerous could be
11:54
way. We really need to start thinking off. Khanna measures and And what are we going to do when the subject is not a car anymore? When the subject is a human man, while will happen again? Guys, we're not dealing with security anymore when you have to deal with safety and privacy.
12:13
These are the biggest concerns. When it comes to piety.
12:18
Mentions off some of the most intelligent gun attacks. Another day we'll wait. Mentioned a few, but, you know, wired and wireless scanning protocol attacks. If dropping spoofing on denial, service physical, the run somewhere that we talk about, that was really dangerous.
12:37
Laser attacks, which they're already in the cheap level attacks.
12:43
Yeah, some of them are there.
12:46
How those ransomware work?
12:48
Well, they basically have your system. They encrypted files and they Then they asked for a ransom in order to give you the key to decrypt the files. That's especially concerned when it comes to a tee, because what will happen if a hacker execute ransom were in your peacemaker,
13:09
and it's asking you for for money in order to decrypt it so you can still you continue leaving.
13:15
That's really dangerous, guys.
13:18
Uh, what those zero, they mean it means of vulnerability. That's not gin known, but but by anybody, including the manufacturers.
13:28
Uh, for example, wanna cry in its moment? Nobody didn't know the existence of this ransom work and are visible nobility and hackers use it to exploit systems and encrypt them.
13:43
But, you know, the point is that there's no fix and it is not known by the public
13:52
in today's brief lecture. Would talk about the attacks will to sow a few hands on examples off piety initial attack vectors and will serve hunkers are taking advantage off fire table nen abilities in this case, how they can replicate the key single off a car in order to steal it,
14:16
Uh, materials you can use the world. You can use this beautiful machine just in boom. Have I live recommended? It includes hacking, exploding before off overflow vulnerability in on io ti. So yeah, you can you can take this step for her.
14:35
To your knowledge, I highly recommend you to use this machine
14:43
looking for work. Well, in the next video, we'll cover the I A. T risk.
14:46
Well, that's it for today, folks. I hope in your Delia and talk to you soon.

Up Next

IoT Security

The IoT Security training course is designed to help IT professionals strengthen their knowledge about the Internet of Things (IoT) and the security platforms related to it. You’ll also be able to identify the security, privacy and safety concerns related to the implementation of an IoT infrastructure.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director
Instructor