Posted: February 19th, 2022

Cyberattacks

Cyberattacks
A cybersecurity threat happens to be any act that is maliciously conducted to seek to damage, disrupt or steal data or the digital life. Cyber-attack refers to an assault that is launched using one or more computers against various networks or computers. These attacks can steal data, disable computers, or, rather, the criminals behind the attacks can use a breached computer to launch more attacks. Examples of cyber-attacks are such as the denial of service attacks, data breaches, computer viruses, among others. The common types of attacks are malware, phishing and man-in-the-middle.
According to the MITRE ATT&CK framework, some of the tactics used in perpetrating an attack by adversaries include one, persistence, any action, access or configuration change to a system that allows an adversary to have a presence that is persistent (The MITRE Corporation). Two, defense evasion which is a tactic used by an adversary in evading detection. Three, discovery is a technique that allows an adversary to acquire knowledge about a system and its internal networks. Four, credential access is a tactic used within an enterprise environment resulting in the control over or access in a system, service or domain credentials.
Approaches
The different approaches used by attackers in conducting cyber-attacks are classified under each tactic. For example, in persistence, the attackers use various techniques like DLL search order hijacking, which is an attack that takes advantage of the manner which windows handles DLL in allowing attackers load codes that are malicious into a clean process and legitimate credential (Strom, Blake E., et al.). In defense evasion tactics, the attackers use techniques like binary padding, which changes the checksum of a file to avoid hash-based anti-virus signatures and code signing, which is a method of adding digital signatures on a file, executable, program or software update to enable verification of its integrity and authenticity.
In discovery tactic, techniques used are account discovery and application window discovery where adversaries attempt to acquire a list of open application windows to convey information on how the system is used or acquire context to collected information (Strom, Blake E., et al.). In the credential access tactic, the techniques used include brute force, which is an attack where the attacker submits several passwords or passphrases to guess the correct one and credential dumping, which is an attack that extracts or dumps user authentication credentials such as passwords and usernames from the targeted computer to enable the attacker to reenter that computer at will.
detection and mitigation
strategies used to mitigate persistence include applying whitelist in preventing malicious software and unapproved programs from running, patching the vulnerabilities of an operating system, and restricting administrative privileges from applications and operating systems depending on the user’s duties. In mitigating defense evasion, all pods should be monitored, and an anti-evasion malware detection technique is applied to trick the malware into attacking itself (Choi, Seungoh, et al.). to mitigate code signing, binary and application integrity is enforced with digital signature verification in preventing codes that are untrusted from being executed. Credential access protection is mitigated by using capabilities to prevent successful access of credentials by adversaries, including blocking all credential dumping forms.
In general, there are steps taken in detecting threats. These are one, knowing the firm’s network by auditing the devices connected in the network to find out if they are authorized or unauthorized. Two, keep monitoring the firm’s network by collecting log and event data from devices then correlate the data obtained across multiple devices. That helps in identifying patterns that may show malicious activities. Three, acquire a plan and a process on how to perform these activities and how to react to them. Four, it is good to keep automating as much as possible to ensure that human errors are minimal, and a consistent process is put in place over time. Five, a managing team of a high human component, should be put in place.
references
The MITRE Corporation, www.mitre.org/sites/default/files/publications/16-3713-finding-cyber-threats%20with%20att%26ck-based-analytics.pdf.
Strom, Blake E., et al. “Mitre att&ck: Design and philosophy.” Technical report (2018).
Strom, Blake E., et al. “Finding cyber threats with ATT&CK-based analytics.” The MITRE Corporation, Bedford, MA, Technical Report No. MTR170202 (2017).
Choi, Seungoh, et al. “Expansion of {ICS} Testbed for Security Validation based on {MITRE} ATT&CK Techniques.” 13th {USENIX} Workshop on Cyber Security Experimentation and Test ({CSET} 20). 2020.