The General Phases of a Computer Attack

#1 Reconnaissance (information gathering)

Collect information using different tools to gain all information about the target organization, application, or network. This is the longest phase, lasting weeks or months.

  • Internet searches
  • Social Engineering
  • Dumpster diving

 

#2 Scanning (Finding Exploits)

Once the attack has found enough information to understand how the system works, the next phase will be to find the exploits in the target using the information gathered in the reconnaissance phase.

  • Open ports
  • Open Services
  • Default Passwords
  • Vulnerable Applications

 

#3 Gaining Access (Enter the target)

With the exploits found in the scanning phase, the attacker will try to enter the target system using different methods. The attack must gain access to one or more network devices.

  • Session hijacking

 

#4 maintaining Access (accomplish goal)

Once access has been gain to the target, an attacker may want to maintain access to a system or network

  • Backdoors
  • Root-kits
  • Trojans

 

#5 Covering Tracks (remove evidence)

In order to cover their tracks to avoid detection by removing any evidence from the system.

  • Change log files

 

What is Big Data?

What is it?

The large volume of data that inundates a business on a day to day basic, both structured and unstructured. It’s not the amount of data, it is what organizations do with the data that matters. Data can be analyzed for insights that lead to better decisions and strategic business moves. Yet they include data sets that are beyond the ability of commonly used software tools to capture, manage, and process data.

Why is Big Data important?

The importance of big data does not revolve around how much data you have but what you do with it. Data taken from any source and analyzed helps to find answers that enable:

  • Reductions in cost & time
  • New product developments
  • Smarter decision making

How does big data work?

Big data work on the principle that the more you know about anything or nay situation, the more reliably you can gain new insights & make predictions about what will happen in the future. By Comparing more data points new relationships will begin to emerge that were previously hidden, these relationships will enable us to learn and inform our decisions.

  • Building models on data collected
  • Running simulations
  • Tweaking the value of data points each time
  • Monitoring how it impacts our results

Challenges to Big Data include:

  • Capturing Data
  • Data Storage
  • Data Analysis
  • Searching, Updating, Transferring
  • Information Privacy
  • Visualization

 

References

Big Data what it is and why it matters

Big Data Wikipedia

https://www.forbes.com/sites/bernardmarr/2017/03/14/the-complete-beginners-guide-to-big-data-in-2017/#5859e87c7365

Big Data – Techtarget

Data Protection

As Data is sent around the world the growth of cyber crime has exposed the personal data on millions of consumer, which has led some jurisdictions around the world to look to regulatory measures to help to look to regulatory measures to help safeguard this personal data. Stricter rules about handling sensitive customer data are being, or have been, implemented to address these- concerns. The implementation of new data protection laws raises questions about if a jurisdiction are implementing  ways the prevent the ability to get their citizens’ data through legal ways.

Japan has reformed its privacy law and established specific rules for handling person information that would be applicable to cloud providers.

China has tightened laws on foreign data and cloud services, implemented new surveillance measures, and enhanced their scrutiny of cross-border data transfer. The regulations requires firms to store data locally in China, forcing cloud providers to transfer the management of their cloud businesses to Chinese-owned companies, or directly partner with Chinese ventures to comply to the regulation

 

Boarder in the Cloud By Keith Kirkpatrick

Kovter (Trojan 2018)

Kovter

A Trojan, acting as click fraud malware or a ransomware downloader. It cannot spread on its own, relies on users to run them by mistake or visit a malicious webpage it is disseminated via malspam email attachments containing malicious office macros. Reports indicate that infections have received updated instructions from command and control infrastructure to serve as a remote access backdoor.

Kovter has transformed through various iterations in its lifespan. Originally, Kovter acted as a form of police ransomware by locking infected devices and displaying a fake message pretending to be a fine payment message from legitimate law enforcement entities. Then evolved into Click fraud malware using code injection to infect its target, stole information and exfiltrated to its Command & Control (C2) servers. It current version is a fileless malware installed using by autorun registry entries and expands by adding file components for shell spawning techniques.

 

Platforms targeted:   Windows system

Infection Flow

  1. Arrives by spam mail
  2. Installs components for shell spawning
  3. Creates a registry entry containing malicious scripts;
  4. Injects a shell code in the PowerShell process upon system restart or upon execution of the shortcut or batch file
  5. Shell code will spawn the regsvr32.exe process that will connect to various URLs for click fraud.

Infection: Email attachment with JavaScript file hiding inside a 7-zip

Upon execution it downloads the second part from C2 servers and saved to %TEMP%. Once completed the Kovter elevates to a fileless operation and persistence status. It’s obfuscated JavaScript and binary payloads are written into the Windows Registry.

Prevention

  • Being careful when downloading anything from internet
  • Using an ad blockers within a web browser
  • Disabling JavaScript on a web browser

Mitigation

Running an antivirus scan, such as Windows Deference, will flag any problem programs that are of concern. Kovter uses either Explorer.exe or Regsvr32.exe to launch and run in memory.  In most Windows environments, there won’t be any Regsvr32.exe processes running for any length of time in memory. If it is found running it is possibly nefarious and should be reviewed. To identify bad versions of explorer and Regsvr32.exe, look at the number of libraries loaded in its memory space and where on disk the process was launched.

 

References:

Kovter Malware Fileless Persistence Mechanism (IBM X-Force Exchange)

Kovter Killer: How to Remediate the APT of Clickjacking

Top 10 Malware January 2018

Threat Spotlight: Kovter Malware Fileless Persistence Mechanism

 

What is MS Active Directory

The role of a directory service is to store information about a computer network and offers features for retrieving and managing that information. Whether an organization consists of a single facility or has multiple locations, a directory service provides a centralized management tool for users and resources in all location.
Windows Active Directory is a directory service based on standards for defining, storing, and accessing directory service objects. Its hierarchical database enables administrators to organize users and network resources to reflect the organization of the environment in which it used:

  • Hierarchical organization
  • Centralized/distributed database
  • Scalability
  • Security
  • Flexibility
  • Policy-base administration

Working with user accounts is one of the most important Active Directory administrative tasks. User accounts are the main link between real people and network resources, and are referred to as “domain user accounts.” User accounts have two main functions in Active Directory:

  • Provide a method for user authentication to the network
  • Provide detailed information about a user

The overview of the Active Directory Structure contains a physical and logical structure. The physical structure consists of sites and servers configuration as a domain control. An Active Directory site as nothing more than a physical location in which domain controllers communicate and replicate information regularly. Whereas, the logical structure of Active Directory makes it possible to the pattern the directory service’s looks and feel after the organization in which it runs. The Organizing components of Active Directory are composed of domains, forests, trees, and organization units.

A Group Policy Object (GPO) is a list of settings administrators use to configure user and Computer operating environments remotely. Group policies can specify security settings, deploy software, and configure a user’s desktop, among many other computer and network settings. They can be configured to affect an entire domain, a site, and, most commonly, users or computers in an OU. The GPO scope defines which objects a GPO affects. When Active Directory is installed, two GPOs are created and linked to two containers a default domain policy and default domain controllers policy.
These default policies don’t define any user-specific policies, they are designed to provide default security settings for all computers in the domain. You can view, create, and manage GPOs by using the Group Policy Management console (GPMC). Each GPO has two main nodes a computer and user configuration.

Links:

Microsoft: Active Directory Domain Services Overview

Techopedia explains Active Directory (AD)

What does a Computer Systems Analyst do?

A Computer Systems Analyst is an IT professional who specializes in the analysis, design, and implementation of an information system for a company or organization.  What a Computer Systems Analyst does is assess the suitability of informational systems in terms of their intended outcome and liaise with end users, venders, system administers, programmers. Systems Analysts are often the company’s best line of defense against an internal or external IT disaster.  The role of this type of analyst within an IT project is to serve as the change agent who can identify the organizational needs, design a system to implement the requirements of the project, and train others to use the system once developed. Computer Systems Analyst must be familiar with a wide range of:

  • programming languages
  • operating systems
  • hardware platforms

However, they do not participate in actual hardware or software development.

Other responsibilities include:

  • developing cost analysis
  • design considerations
  • staff impact amelioration
  • implementations timelines

One the most important tools a Computer Systems Analyst have is the system development life cycle.  Once a development project gains necessary approvals from all participants, the System Analyst’s stage can begin.  Information can be gathered about the existing system in order to determine the requirements for an enhanced system or a brand new system.  The end product of this stage, known as a deliverable, is a tangible or intangible object that can be delivered to a customer.

Salary range in 2013

  • $63,860 to $ 102,480

Education

  • Bachelor’s Degree
  • Computer Science
  • Information Science

Skills

  • Technical knowledge
  • Oral & written communication
  • Understanding of the business or organization daily operations
  • Critical thinking skills

Of the skills I have listed, there are two skills in which I would like to go into more detail are critical thinking and communication skills, something that is not addressed in most IT programs. First of all, communication skills are vital to any type of position, in particular a system analysis must interact with people at all levels within an organization from operational employees to senior executives, and outside the company which may include hardware & software venders, customers, and government officials. Lastly, important critical thinking skills ability to

  • Compare
  • Classify
  • Evaluate
  • recognize patterns
  • analyze cause-and-effect
  • apply logic

 

Works Cited

Bratcher, Emily H. Computer Systems Analyst: Salary. 2015. Web Page. 18 February 2015.

Computer Systems Analysts. 8 January 2014. Web Page. 18 February 2014.

toptenreviews. Systems Analyst. 2015. Web Page. 18 Febuary 2015.

Wikipedia, the free encyclopedia. Systems analyst. 23 February 2015. Web Page. 18 February 2015.

What is Cyber-Warfare?

In the past, cyber-warfare was a fictional concept presented in movies and TV shows.  A recent example includes the action thriller Blackhat (2015,) where the FBI teams up with China to locate cyber-criminals that have hacked a Hong Kong nuclear plant and the Mercantile Trade Exchange in Chicago.  Unfortunately, cyber-warfare is more than just a fictional concept. Today, there is more and more evidence that some countries are using state sponsored hacking to infiltrate other countries’ networks and infrastructure.

Why is this a real threat?  Strategic cyber-warfare, unlike the term as it may imply, does not involve hand-to-hand combat.  It represents a great threat, not only the military but the general public.  Cyber-warfare is an internet-based conflict involving politically motivated attacks on information and information systems.  Cyber-warfare attacks and disables websites and networks.  It disrupts essential services, steals or alters classified data, cripples financial systems, and much more.  Once an attack is launched, it is hard to figure out who launched the cyber-attack.  Along with industry leaders, the US department of Defense is becoming more aware and now implementing security measures in order to better protect the public and prepare for future threats from state sponsored hacker attacks.

Cyber-warfare is politically motivated by enemy countries to attack another country’s infrastructure such as (but not limited to,) water treatment plants, power grids (electricity and natural gas,) telecommunications, and public transportation.  Targets are either strategic or tactical for the sole purpose of espionage or sabotage.  Cyber-espionage entails stealing sensitive information or gaining insight into another infrastructure such as enemy troop movement or weapons systems.  Cyber-sabotage can cause equipment failure and significant damage such as nuclear meltdown or massive power outages.

One of the possible targets for state sponsored hackers is our country’s electrical power grid.  The U.S. Department of Homeland Security is working together with energy providers to enhance the security of control systems.  More security is being developed and implemented as the next generation of “smart grid” energy networks are being built.

What happens during a cyber-warfare attack?  Hackers target and attack an opponent’s network infrastructure or resources in their database that contain sensitive data.  They infiltrate a given system to determine flaws and explore those flaws to gain control of that system and/or destroy it beyond recovery.

Malware (short for malicious software) is the term for hostile or intrusive software designed to cause intentional harm to computer systems.  Disguised or embedded into non-malicious files, malware includes viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware.  Some of the known malware tools that state sponsored hackers have used in their attacks are:

Flame (also known as “Skywiper,”) was discovered in 2012 by the MAHER Center of Iranian National and used to target countries in the Middle East.  This type of malware created a fake Microsoft document appearing as an update through Microsoft. It was distributed to all computers on the network running a Window’s operating system.  Purely espionage by design, Flame recorded audio, screenshots, keyboard activity, network traffic, and recorded Skype conversations that scattered throughout the world.

Stuxnet, a computer worm, was discovered in 2010 and targeted industrial programmable controls (PLCs.)  PLCs allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, and power plants.  The virus propagates throughout the network modifying the codes and giving unexpected commands.  Iran’s Natanz nuclear facility was the target of a Stuxnet worm which sabotaged operational capacity and caused serious technical problems forcing shutdown.

Cyber-warfare is more than a fictional concept.  It is very real.  While movies and TV transmit a popular perception of cyber-warfare, they exist solely for entertainment.  The challenge is to differentiate cyber-warfare in the real world and find ways to minimize the damage and ultimately prevent them.