Hey, everyone, welcome back to the course. So in this video, we're just gonna talk about some information, security threats and attacks. We'll talk about a kind of a 10,000 ft, are very high level.
So we're gonna talk about some common moved motives of adversaries. We're gonna talk about also some common attack factors as well.
And we'll talk about some basic network threats as well as some of the common host threats you'll see out there
and also some application threats.
So what are some common motives of the adversaries? Well,
a lot of times it may be things like hacktivism, right? So it might be trying to steal, uh, information. So maybe information about police officers like here in the US, with a lot of the pro testing and stuff that's been going on over the past couple of years.
It could be that your competitors were trying to steal your intellectual property. Could be that they're trying to delete it or manipulated in some way. So the five years of research that your healthcare company has been doing to get that new vaccine out, the Attackers are hired by your competitors
to go in and mess all that up so that what your competitors can win and you go out of business. Unfortunately,
that's actually happened in several instances. Could also be motives of fear and panic, right? So if people, for example, the election, um, that happened in 2020 with US and presidential election, there's a lot of fear around. Will the voting systems be hacked? Will Attackers manipulate the votes to
help one candidate win over the other etcetera, etcetera. So because of that,
there was a lot of security measures put in place. But that can happen, right? If you can get into certain systems, you can cause widespread fear and panic based off the disinformation that you're providing as an adversary.
And another motive is a damage, the reputation of the organization. So if I'm a company that claims to be very secure, whatever, in fact, I've seen one, uh, I won't mention their name, but they claim that none of their clients had ever suffered a data breach, which, when I looked at some of the client list,
I know for a fact some of them have right, so a boast like that by a company
can trigger people attacking you. And once you're attacked like that and you're boasting like, Hey, we're very secure. Our clients are secure. That could really damage your reputation also for, like, financial services or healthcare organizations. Do you really trust your doctor? If they've lost your data once, do you really trust to go back to them, or
are you gonna start shopping around for someone that uses best practices
Financial? This is actually one of the biggest motivators right here, especially for avatars. SYRIZA target enterprises. Uh, typically, it's financially motivated just because it could be ransomware attack. It could be, um, just stealing certain data, saying we're gonna publish this if you don't pay us X amount of dollars in Bitcoin. So a lot of
ah, lot of attacks. In fact, I think the majority of attacks
from looking at the Verizon Data Breach report investigation report. Most of the attacks are gonna be financially related or financially motivated.
You've got a smaller minority of that. That's gonna be the nation state. So thank you for your Russia, your China hackers, your North Korea hackers, um, little less on against the average Joe for a nation state,
usually against larger enterprises where there's a specific gain, or just for intelligence preferences against
infrastructures of government, government organizations around the world as well as attacks on critical infrastructure.
So what are some of the common attack factors? Well, malware is a pretty prevalent one out their attacks through the cloud eso attacking through simple things like security. Miss Configurations, Right? Just grabbing the data from Insecure s three buckets
attacks via mobile. So doing smashing on other attacks via mobile against an organization's employees. Insider threats to some extent, right? These aren't
like a majority or anything, but that is a common attack vector right? Employee gets disgruntled or someone pays them off to do something. They say, Hey, I can I don't make anything in my job of asked for a raise five times. I know I'm not getting one. This person that I've that I've become friends with, why quote unquote friends with
on social media has offered me $25,000 cash
to just give them, you know, one password, or just give him an I P address or just tell them a little more about the company. So that's what we need to be mindful with insider threats a p T. So advanced, persistent threat groups. We do see this, um, with larger enterprises, your joe Schmo Small business. Probably not.
Ah, likely thing you'll see. However you just never know, Right?
So what are some network threats that we see out there? Um, sniffing in a variety of ways, right in a variety of fashions for a variety of purposes. But sniffing is one where we could grab credentials, etcetera, doing things like man in the middle Attacks were again. We can use sniffing to grab information once we've taken over the session
and DNS poisoning attacks as well.
Password attacks are very common one, especially things like credential stuffing
and our denial of service attacks. Right. So our DOS attacks, as well as our DDOS or distributed denial of service attacks again, we'll cover those later on in this course
and some of the host threats, of course. Mauer again being a pretty prevalent want, especially ransomware nowadays and especially in things like health care organizations, foot printing, just a knave, er seri, identifying everything they can about vulnerabilities on the host machine privilege escalation. Once we get access to a specific account on the machine.
Let's say it's just a regular user account. Then I escalate my privileges.
Do you get an admin account and then from there, potentially move laterally through the network? Or if that's the machine I wanted? If that's where the data is at on a database server, for example, then I just grab
the data that I want or whatever objective. I actually had
arbitrary code execution as well as physical security, right? A lot of people think everything's coming through the Web, but
in reality, none of your security measures matter if I can pick up your laptop, walk out the door right. If you have no full disk encryption, if you've left it unlocked, it doesn't matter that you've got a super long password. If I could just access to device, right? So we always have to be mindful of physical security as well
application threats. So things like not validating inputs. So when we think of that, we can think of simple things like sequel injection, attacks, security, Miss configurations. I talked about that right with s three buckets. Vory claiming cloud issue a swell as other issues religious security miss configurations on Web servers,
broken session management as well as information disclosure. What kind of information are we essentially leaking out there for everyone to find?
So all of the following are examples of network specific threats, except which one is a password attacks sniffing, arbitrary code execution or D das?
So the answer is arbitrary. Code execution. Remember, that's a host specific threat.
So in this video, we just talked about some of the common, uh, information, security threats and attacks. We talked about some of the common motives that Attackers might have again financial being a very, very big one. There we talked about some of the common attack vectors they used. You notice Mauer on both areas there,
and we also talked about some network threats, application threats as well. Some host threats keep in mind
thes air. Not all the possible threats across the board