4. CYBER SECURITY THREAT OR RISK
1. Human Nature
2. Malware
3. Phishing Attacks and Social Engineering
4. Formjacking
5. Inadequate Patch Management
6. Outdated Hardware and Software
7. Man-in-the-Middle Attacks
5. HUMAN NATURE
• Capital One recently had more than 100 million customer accounts
compromised in a data breach. But, not by a random hacker or even an
employee.
• Capital One uses Amazon Web Services (AWS) for their cloud hosting and
a former AWS employee exploited a misconfigured firewall to gain access
to 140,000 Social Security numbers, 1 million Canadian Social Insurance
numbers and 80,000 bank account numbers, plus an undisclosed number
of people’s names, addresses, credit scores, credit limits, balances, and
other information.
• Capital One expects to face $100-150 million in costs, including customer
notifications, credit monitoring, tech costs, and legal support due.
• Not to mention any potential company stock value losses.
7. PHISHING ATTACKS AND SOCIAL ENGINEERING
• Phishing is a fraudulent attempt to elicit sensitive information from a
victim in order to perform some type of action.
• Phishing comes in many forms:
• General phishing
• Spear phishing
• CEO fraud
• Smishing
• Vishing
• Clone phishing
• Domain spoofing
• URL phishing
• Watering hole phishing
• Evil twin phishing
9. FORMJACKING
• British Airways formjacking attack resulted in more than 380,000
credit cards being stolen at an estimated loss of $17 million, plus
£183 million fine levied by the EU for the lack of GDPR
compliance.
• Attackers injected malicious JavaScript code onto Ticketmaster’s
website after compromising the chatbot used for customer
support on Ticketmaster websites. The attackers altered the JS
code to capture payment card data from customers and send it to
their servers. The malicious code may have been on the
Ticketmaster website for almost a year.
10.
11. INADEQUATE PATCH MANAGEMENT
• EternalBlue is an exploit allegedly developed by NSA.
• It exploits Microsoft vulnerabilities and led to worldwide attacks that
included the Petya and WannaCry ransomware.
• Microsoft released patches for EternalBlue, but many organizations
didn’t apply the patch and remained vulnerable or they were using old
systems past their end-of-life period.
• The National Healthcare System (NHS) in the UK had thousands of
appointments and surgeries cancelled, which cost NHS more than £100
million.
• Two years after the WannaCry attacks, EternalBlue continues to impact
systems around the world.
12. OUTDATED SYSTEMS
• Data breaches and other security incidents result from
outdated or unpatched technologies.
• Equifax’s 2017 data breach that exploited a patchable
vulnerability that wasn’t patched is an example.
13. MAN-IN-THE-MIDDLE ATTACKS
• A notable example of a MitM attack occurred when a group of
agents from Russia’s GRU tried to hack into the office of the
Organization for the Prohibition of Chemical Weapons.
• They used a Wi-Fi spoofing device to try to get the results of an
investigation.
• The attack failed, but evidences that no one — not even
governments — are exempt from being MitM attack targets.
14. THREATS
• A Threat is a negative event that can lead to an undesired
outcome, such as damage to, or loss of, an asset.
• Threats become dangerous because of a vulnerability in a
system.
• Threat is used interchangeably with both Attack and Threat
Actor, and is often substituted for a Danger.
15. THREAT ACTORS
• Threat Actors are the person, actor, entity, or organization that is
initiating a given scenario, such as a hack attempt.
• Threat Actors include:
• Hacktivists
• Cybercriminals
• Disgruntled insiders
• Nation States
• Careless employees
• Nature
16. VULNERABILITIES
• Vulnerabilities are weaknesses in a system that make threats possible.
• A Vulnerability is a weakness exploited by a Threat Actor to do Harm.
• Examples of Vulnerabilities include:
• Lack of proper building access control
• Cross-site Scripting (XSS)
• SQL Injection
• Cleartext transmission of sensitive data
• Failure to check authorization to sensitive resources
• Failure to encrypt sensitive data at rest
17. RISK
• A Risk is the chance that something bad may happen including
the Harm if it does happen.
• The result of combining Probability and Impact:
risk = probability x impact
18. SUMMARY
• A Threat is a negative scenario you want to avoid
• A Threat Actor is the agent that makes a Threat happen
• A Vulnerability is a weakness that can be exploited in order to attack you
• A Risk is a negative scenario you want to avoid, combined with its
probability and its impact
• The difference between a Threat and a Risk is a Threat is a negative
event by itself, where a Risk is the negative event combined with its
probability and its impact.