Our next section in this chapter is looking at some of the common networking attacks.
These are the types of attacks that you may have heard of in the past. For instance, if we start off by looking at denial of service attack, that's not even necessarily a single attack. It's sort of a category of attack
when we just look at the phrase denial of service attack. Usually that indicates one system trying to overload another system,
not always overload. But ultimately the goal is to render a service incapable of providing its services
a denial of service attack, maybe a one on one attack. But a distributed denial of service attack is that much more powerful
rather than just me attacking a host. If I can commander another system in other networks to attack the host, I'm going to be much more likely to be successful.
That's a distributed denial of service attack.
There are lots of talks. There's ping floods, syn floods, and then you hear that phrase flood many times. It's a type of attack. It is.
It's trying to overwhelm by sending so many pings or so many syn packets.
Those are types of them and you also have advanced persistent denial of service attacks. These are types of attacks.
You've probably heard the APT, Advanced Persistent Threat types. Same idea here with denial of service attack. It's one of those types of attacks that just continues and continues and continues until it's successful.
Then sometimes the attack continues until it's successful when it's detected, mitigated. And then something new starts up with the idea of just continually throwing everything, including the kitchen sink. At this server,
there are lots of ways to launch denial of service attacks. When I talk about distributed denial of service attacks, I said it would be much more powerful if I could command your other systems or other networks to help me with my attack.
Usually, the way that it's done is getting through malicious software installed all new systems. Sometimes the software elements are called bots. If I can get those installed on multiple systems botnets, it's backdoor software to connect end.
I can send a command that will trigger those systems, become engaged in the denial of service attack
when we're down many things from the Internet, bringing an untrusted files into our environment. That's how the software gets loaded.
It can also apply to cell phones, tablets, Web cans, really any aspect of the Internet of things.
There was a massive distributed denial service attack in 2016, where the main device launching the attacks were webcams.
With the Internet of things, we have to be really concerned about becoming part of the spot in IT type environment that is unbeknownst to us.
We may never know that our systems were involved.
That's the importance of making sure your devices are behind a firewall and monitoring the network, not just for the traffic that comes in but also the traffic that comes out
the primary purpose of the denial of services to render a server incapable of providing its services. It can be as basic as a one on one. Unplugging the server is about as good of a denial service attack as you're going to get.
It's not really about stealing data. It's about rendering it incapable of responding.
The greatest threat in any environment is social engineering. As a matter of fact, if we look at some of these other attacks, how we get the software malware in the environment or how we're able to embed software into the system usually stems from a social engineering attack.
Social engineers are getting smarter and trigger. If you look at just about any attack that's happening in the media today, it's almost always has an origin in social engineering.
Social engineering is tricky. It's impersonation. It's masquerading as someone that should have the permission or the right to ask for the services that they're asking for.
There's someone that's trying to trick you into believing that they are trustworthy, so that way you'll perform an action on their behalf. We see this just everywhere.
The best answer for social engineering is training
quite honestly. At some point in time, you can't just train people anymore.
You have to start holding our folks accountable. When we look at the different types of social engineering, the term that we're starting out with is fishing. It's called that because if I cast a wide enough net, I'm bound to catch some fish kind of that old freeze.
It's spelled with a pH because initially social engineering was most common on telephones through the phone system.
There's a lot of fraud committed that way.
Now we refer to it as fishing, and we just keep the pH in front of it. Even though Mr what's going on is through email,
Fishing is indiscriminate. I'm going to send out a message to everybody. It doesn't matter who they are. Just send out a mass mailing that's fishing.
A type of fishing that specific and targeted is called spear fishing.
I may send an email to a single organization or a single demographic I'm targeting.
a type of spear fishing or whaling focuses on senior executives. That's called whaling. You kind of think of the senior executives of our organization. Surely they're the most security conscious, and they're the most aware.
That's not always the case. Sometimes senior executives have more authority on the network than it is necessary for their jobs.
They may not follow some of those policies like principles of least privilege and need to know
they may have access that exceeds their needs and perhaps their skill set.
Sometimes Attackers go straight to the top, knowing that they'll get the greatest access and may have the easiest time.
Whaling is a type of spear fishing, but they're different, know the specifics,
Fishing with a V that's for VoIP and smashing is for SMS or text fishing
their names for everything.
The bottom line is, it's all about impersonation.
It's all about trickery, trying to persuade you to let me have access to a system, or it's performing action that shouldn't be performed.
This is where we're seeing the greatest threat that emerges today, by far
When we say insider threat, the greatest weakness in any organization is our people. It can also be your greatest asset.
As far as security is concerned, our greatest threat comes from the inside.
Sometimes we have malicious insiders with mal intent.
80% of fraud is committed by someone inside.
We are actually much more likely to suffer security incident from the harm of someone who unintentionally creates a breach or allows a breach to happen.
Someone, perhaps, who is negligent or careless, someone who walks away from their desk without locking up sensitive material Or is someone who is that too much information over the phone or someone who accidentally deletes a file?
We have to keep in mind malicious insiders, but also much more damage can be done by somebody who just accidentally makes a modification or releases information
then sometimes we have to consider the fact that if the value of what's being protected is enough, another organization, a nation state, may have employees that infiltrated our organization. We saw this back with the attack on Sony. It's been a couple of years
North Korea being involved in that attack and looking at the details, they realized that it was strengthened by the fact that there were numerous people that had infiltrated Sunnis organization system that were acting on behalf of North Korea that can always create additional difficulty,