Time
1 hour 51 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

Phishing Now we look at the Social Engineering Malware type Phishing. This lesson explains in great depth what Phishing is, the various forms it has, how to detect a phishing event, and how effective this type of attack is. We'll break down and thoroughly discuss the Phishing, Spim, and similary phishing type attacks from what happens at the server level, to takes place on the client side and then discuss how phishing attacked can be mitigated. [toggle_content title="Transcript"] Another type of attack we're looking at now is something called, "The Phishing Attack". This is a social engineering attack, via email. A social engineering attack via email. Malicious persons will send an email with the aim of allowing their victims give out confidential information. Credentials, passwords and information like that. A social engineering attack via email, is what we call phishing attack. Next we have Spim. Spim is actually Spam over instant messaging. Usually on a social website or on a social site. Malicious persons will give unsolicited mails, unsolicited requests through instant messengers. That is Spim. Next we have Vishing. This is social engineering attack over telephone or VoIP. That is, Voice over Internet Protocol. The telephone or VoIP. The Malicious persons will call you to deceive you to confuse you. Make you carry out acts you're not usually would carry out. Then, we talk about Spear Phishing. In this type of attack a single person could be targeted or a group of people that have something in common. The malicious person will take out their time to seek out a group of people who have something in common. The attack is fashioned in such a way that these people will be willing to go online to release their credentials give out very personal information. Social security numbers, credit card numbers or information of that matter. That is spear phishing. We also have another type of attack we call the x-mas attack. This is a type of attack in which routers--the malicious persons will try to overwhelm your routers with packets on which every option of the selected protocol is set. Such packets require more processing than normal packets. This could cause routers and host to spend too much time processing these requests. Ultimately this could be a form of denial of service attack. That is the x-mas attack. Some other people would use x-mas attacks to determine the protocol settings by examining the responses to the packets to the target network. This way they can check how the packets are responded to. To know what infrastructure you have on your network. That is x-mas attack. Another type of attack we look at now is the pharming attack. In this attack malicious persons will seek to corrupt the host files on the systems. The systems have the host files which documents-- addresses to web servers or servers on the networks. By corrupting the address, the IPO addresses or the names on the host file, it is possible to redirect the traffic. The objective is to redirect the traffic. However the attack is carried out on the host file, to redirect the traffic. This attack is similar to what we call a DNS Poisoning. The DNS poisoning attack, malicious persons will attack the DNS tables. Change the addresses, the IP addresses on the DNS tables, to point traffic to other sites of interest to them. A user is sat at his computer, types in the URL of a website. However the DNS will resolve that name to different websites because the DNS addresses have been corrupted. Ultimately the traffic is redirected. So rather than you're arriving on the site, you're arriving on some fictitious site or a site of the choice to which the attacker has redirected the traffic. We also have ARP poisoning. In the ARP poisoning attack, the ARP cache is corrupted by malicious persons to redirect your traffic. Ultimately in these three types of attacks the objective is to redirect traffic. But, in the first one, the famine attack, we're attacking the host file, we're corrupting the DNS tables and we are corrupting the ARP cache. So, we attack the host files, corrupt the DNS tables, corrupt the APR cache. These three types of attacks would result in a traffic redirection on the internet. In this type of attack malicious persons will seek to use the flaws that exist within the software escalate their privilege to that of an administrative level. Usually when they attack systems it will be the system of a basic user. A basic user is limited to what they could do. By escalating the flaws, by exploiting the flaws that exist within the software, they're able to escalate their privilege attain a privilege of an administrator. Whereby they can now carry out whatsoever they wish to do on the system or on the network. That is privilege escalation. We also have another attack called the malicious insider thread. The malicious insider thread is a very nasty type of attack in that the people attacking you are already on the inside. Your staff, personnel, your customers, your client, your students. This is a very dangerous attack because you have trusted these people and yet they are now malicious. They have been trusted. They have access to the facility. They have access to the network. They have access to your database. They have access to your resources. Not always when we are attacked should we look outside. The attackers could already be amongst us. We refer to this as malicious insider threads. Another type of attack is something called a client side attack. On our networks we have machines with client operating systems. We have machines with network operating systems. Those are the servers. The clients' operating systems examples like Windows XP, Windows 7, Windows 8. When malicious people seek to use the flaws within the client operating systems, we say this is a client side attack. It registers to administrators where the attack is coming from. Malicious people will seek to attack networks usually through client side flaws. Flaws on the client operating systems. This is what we regard as a client side attack. Finally, for this section, we have the transitive access attack. This is the type of attack that takes advantage of the transitive access given, in order to steal or destroy data on systems. This type of attack exploits the trust relationships by attacking from the client side of a network. The transitive access that is given to access to resources on a network will be exploited to gain unauthorized access to resources on a network. Next, we look at some password attacks. We have several types of password attacks. We have the brute force attack, the dictionary attack, hybrid attack, birthday attack, rainbow tables. These are numerous type of password attacks. We start off with the brute force attack. In this type of attack, a malicious person, is sat at the system guessing character after character. One password after the other hoping to successfully gain the right password to get access to the network, or the system. That is a brute force attack. You are guessing one character after the other or one password after the other, try and miss, try and miss, sort of fashion. Another one is something called a dictionary attack. In this type of attack, a malicious person will gather information about the person. They could that about from a social website. They could do that about from observing an individual. You collect a dictionary of words, have this in a piece of software and you run it against the system. Hopefully seeking to obtain the right password from information about the person. We call this a dictionary attack. We also have hybrid attacks. Hybrid attacks are types of attacks against your passwords that involve one or two, or two or more types of attacks. A hybrid. Multiple attack methods are involved to crack a password. Then there is a birthday attack. These type of attacks exploit weaknesses in mathematical algorithms that are used to generate the hashes. The type of attack takes advantage of the probability of different inputs producing the same encryption output given a large set of input. Malicious persons will seek to randomly generate large inputs into systems hoping to come up with the appropriate password for an account. Then we have rainbow tables. A rainbow table attack. This is a precompiled set of plain text, matching cipher text usually malicious persons have obtained the cipher text from a system. They then try to key in different types of plain text hoping to achieve a cipher text that matches cipher text they capture from the system. This way we now can tell what the password was to generate the cipher text. Another type of attack is something we call Typosquatting or URL hijacking. Typosquatting or URL hijacking. This is a very tricky interesting type of attack. Malicious persons would register names, very similar to some organizational names. Such that when users make a mistake, you are typing out a name to a website you make a mistake. You unsearched a name, simply you miss one character or you put in the wrong character, you are redirected to another website. A website where malicious persons could then infect your systems or also capture your credentials or eavesdrop on your communications. You make a typo while you are typing in the address. Rather than get the error message you're actually led to a real website that has been paid for, created by malicious a person. Essentially your traffic is hijacked to another website. This is what we call typosquatting or URL hijacking. Finally for the 3.2 section we have the Watering Hole Attack. The watering hole attack is a type of attack in which the malicious persons will plant or place their Trojans or malicious software on websites that many people frequently visit. People frequently visit these websites for maybe downloads or drivers or software of that sort. Malicious persons will then plant this malicious software on such sites such that when you get there you probably download their malicious payloads. This is the site a lot of people want to go, hence the name the "Watering Hole". You want to go there to get your updates or you want to go there to get specific drivers. You want to go there to receive help for system information. Malicious persons then put their own malicious software on such sites to infect your systems or corrupt your systems when you arrive at such sites. That is the watering hole attack. Join us in our next video. Thank you. [/toggle_content]

Video Transcription

00:04
another type of attack we look looking at now is something called phishing attack. This is a social engineering attack
00:11
that email
00:14
the social engineering attack, their email
00:17
militias. Persons will send an email
00:24
with the aim off,
00:26
allowing their victims
00:30
give out confidential information credentials, passwords
00:35
on information like that.
00:37
So social engineering attack. Their email is what we call phishing attack.
00:42
Next we have spinning.
00:51
Spin is actually spar we over instant messaging
01:08
spot over instant messaging. I'm usually on the social website on social site. Malicious persons will
01:18
give on solicited Mills also visited requests through instant messengers
01:25
that is speaking
01:26
next we have vision.
01:37
This is a social engineering attack
01:41
over telephone. Or avoid that his voice over Internet protocol,
01:47
their telephone.
01:53
Oh,
01:56
void.
01:57
The malicious persons will call you
02:00
to deceive you. To confuse you,
02:04
make you carry out at, you know usually will carry out.
02:08
Then
02:10
we talk about spearfishing.
02:23
In this type of attack,
02:25
a single person could be targeted or a group of people that have something in common.
02:30
The militias people will take their time to seek out a group of people who have something in common on the attack is fashion in such a way that these people will be willing to go online to release their credentials, give out very personal information, Social Security numbers,
02:49
credit card numbers on the information of that matter
02:53
that is spearfishing.
02:57
We also have
02:59
another type of attack
03:02
we call
03:04
the Xmas attack.
03:17
This is a type of attack in which
03:21
routers the malicious persons will try to overwhelm your routers with pocket
03:27
on which every option off the selected protocol is set.
03:31
Such pockets require more processing than normal pockets.
03:38
This can cause routers and host to spend too much time processing this request.
03:43
Ultimately, this could be a form of a denial of service request attack, a form of denial of service attack.
03:51
That is the Xmas attack. Some other people would use experts attacks to determine the protocol settings
03:58
by examining the responses to the pockets
04:00
to the target network.
04:02
This way they can check how the pockets are responded to to know what infrastructure you have on your on your network
04:14
that is an ex must attack.
04:15
Another type of attack we look at now is the farming attack.
04:33
In this attack, malicious persons will seek to corrupt the host files on the systems. The systems have the host file, which
04:45
documents, addresses, toe Web servers or
04:48
servers on the network. So by corrupting the address the I P addresses on all the names on
04:56
the host file, it is possible to redirect the traffic. The objective is to redirect the traffic. However, the attack is carried out on the host fire to redirect the traffic
05:08
go.
05:11
This attack is similar to what we call a Dennis poisoning.
05:21
The dean is poisoning attack.
05:26
Malicious persons will attack the d. N. A. Stables
05:30
change. The address is the I P addresses on the Deanna's tables toe point traffic to other sides off interest to them so they use. I sat at this computer types in the earl of a website. However, the Deena's will
05:47
resolve that name toe different website because the Deena's addresses have been corrupt.
06:00
Ultimately, the traffic is redirected. So rather than you're arriving on this site, you are arriving or some
06:09
official site or a site off the choice to reach the attacker As we directed the traffic,
06:15
we also have a RP poisoning
06:24
in the air. People isn't in attack.
06:29
The AARP kash is corrupted by malicious persons to redirect your traffic. So ultimately, in these three times off attacks,
06:39
the objective is to redirect traffic. But
06:42
in the 1st 1 the farming attack were attacking. The host fire
06:46
were corrupting the D N. A stables
06:49
on were corrupting the air pick cash.
06:53
So we are talking the host files
07:00
core of the D. N. A stables
07:08
core of the AARP. Koch.
07:20
These three times of attacks will result in traffic redirection on the Internet.
07:28
In this avatar, malicious persons will seek toe use the flaws that exist within the software, escalate their privilege, toe that off on administrative level.
07:39
Usually when they attack systems, it will be the system of a basic user. The basic user is limited to what they could do.
07:46
So by escalating the floors by exploiting the flaws that exist within the software they ableto escalate, their privilege attained a privilege off an administrator whereby they can now carry out whatsoever they wish to do on the system or on the network that is privilege escalation.
08:07
We also have another attack called the militias insider threat.
08:26
The militias inside a trip is a very nasty type of attack in that
08:31
the people attacking you already on the inside.
08:35
Your staff
08:37
does it now.
08:39
Your customers, your client, your students.
08:45
This is a very dangerous attack because you are trusted. These people. And yet
08:50
they are now militias. They have been trusted. They have access to the facility. They have access to the network. They have access to your database. We have access to your resources.
09:03
Not always When we are talk, should we look outside?
09:05
The Attackers could already be amongst us. So we refer to these as militias. Insider threat.
09:16
Another type of attack is something called a blindside attack.
09:31
You're not my networks. We have
09:33
machines with client operating systems. We have machines with
09:37
network operating systems. Those are the service, the client operating systems. Examples like windows X, p windows
09:45
when those seven windows eight. So when militias people seek to use the floors within the client operating system, we say this is a client side attack registers to administrators where the attack is coming from.
10:00
Malicious people will seek to attack networks usually true. Client site floors,
10:05
floors on the client operating system. This is what we get as a client side attack.
10:15
Finally, for this section we have
10:18
the transitive access attack.
10:48
This is the type of attack that takes advantage of the transitive access given in order to steal or destroy their own systems.
10:56
This type of attack exploits the trust relationships
10:58
by our talking
11:01
from the client side off the network,
11:03
the transitive access that is giving toe access to resources on the network will be exploited toe again. Unauthorized access to resources on the network.
11:16
Next we look at some password attacks.
11:20
We have several times off password attacks. We have the brute force attack a dictionary attack, hybrid attack. But they attack rainbow tables.
11:30
These are numerous types off password attacks.
11:33
We start off with a brute force attack
11:46
in this time over Todd. Malicious person. It's not a system guessing character after character. One pass one after the other, hoping to successfully gain the right password to get access to the network or the system
12:00
that is a brute force attack. You're guessing one character after the other one. Pass one after the other. Try a mistrial. Mistrial means
12:09
sort of fashion
12:09
I know Don't want is something called dictionary attack.
12:22
In this type of attack, malicious person will gather information about the person who could do that about from a social website. They could do that about from observing and individual. You collect dictionary of words. Have this in a piece of software on you. Run it against the system,
12:41
hopefully seeking to
12:43
obtain the right password from information about the person we call these dictionary attack.
12:52
We also have
12:54
hybrid attacks.
13:03
I breathe. Attacks are types of attacks against your passwords that involved one or two or two or more types of attacks. Hybrid multiple attack metals. I involved
13:16
to crack a password.
13:22
Then there is but the attack.
13:37
These times of attacks exploit weaknesses in mathematical algorithms
13:41
that I used to generate the hashes.
13:45
The type of attack takes advantage, or the probability off different
13:48
inputs producing the same encryption outputs. Given a large set off imports,
13:54
so malicious persons will seek
13:56
two
13:58
randomly generate large inputs into systems, hoping to come up with the appropriate password for an account.
14:11
Then we have rainbow tables,
14:33
a rainbow table attack. This is a pre compiled,
14:35
um,
14:37
set off plain text much in psychotics.
14:41
Usually malicious persons have obtained the cipher text
14:46
from the system,
14:48
didn't try toe
14:50
getting different types of plain text hoping to achieve
14:54
a psychotic. That much is psychotic. They capture from the system.
15:00
This way we now can tell what the password was to generate the cipher text
15:05
another type of attack. You something we called
15:09
type was squatting or you are ill
15:13
hijacking
15:15
here,
15:30
Typo squatting or you are in my jacket.
15:33
This is a very
15:35
tricky, interesting type of attack.
15:37
Malicious persons will register names
15:41
very similar to some organizational names, such that when users making mistake, you are typing out a name to a website. You make a mistake on such a name simply, you miss one Kurata, you put in the wrong character.
15:58
You are directed to another website,
16:00
the website where
16:03
malicious person schooled and infect your system, or also capture your credentials or eavesdrop on your communications. So you make a typo while you're typing in the address rather than get a Aramis. If you actually led to a real website that has bean paid for
16:22
created like weed by militias person,
16:25
essentially
16:26
your traffic is hijacked
16:29
to another website.
16:30
So this is what we call type of squatting or you are l hijacking.
16:34
Finally, for the 3.2 section. We have the watering hole attack.
16:53
The watering hole attack is a type of attack in which the malicious persons will
16:59
plant or place there Trojans or malicious software on websites that many people frequently visit.
17:07
People frequently visit this website for maybe downloads or drivers or software off. That sort of malicious persons will then plant these militia software on such sights, such that when you get there, you probably download their militias. Payloads.
17:26
This is a site A lot of people want to go as they named the watering hole. You want to go there to get your updates, or you want to go there to get specific drivers. You want to go there toe to receive help for system information. Malicious persons then put their own malicious software on such sights
17:45
to infect your system or corrupt your systems. When you are about such sites, that is the watering hole attack.
17:53
Join us in our next video.
17:56
Thank you

Up Next

Fundamental Vulnerability Management

Vulnerability Management is a continuous information security risk process that requires management oversight and includes a 4-tier approach of: discovery, reporting, prioritization, and response

Instructed By

Instructor Profile Image
John Oyeleke
Lead IT Security Instructor
Instructor