DOCSLIB.ORG

Table of Contents

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Table of Contents Table of Contents !!!!!“Cyber!Threats:!An!Overview!for!Opera7onal!Risk!Managers”! 1. Introduction 3 2. Cyber Threats as Global Threats 4 3. Perpetrators of Cyber Attacks 6 4. Cyber Security Strategy & PICNICs 7 ! Case Study #1: Social Engineering at the Pentagon 8 5. Gateways of Internet Vulnerability 9 ! Case Study #2: Anonymous versus Booz Allen Hamilton 10 6. Current Top Cyber Threats • Distributed Denial of Service (DDoS) Attacks 11 • BotNets 13 • Viruses 14 ! Case Study #3: Aramco 15 • Worms 16 • Trojan Horses 17 • Logic Bombs 18 • Phishing and Spear Phishing 19 • Exploit Kits 20 • Drive-by Exploits 21 • Code Injection Attacks 22 • Rogueware 23 • Rogue Certificates 24 RBC Enterprise Operational Risk Management 1 Table of Contents !!!!!“Cyber!Threats:!An!Overview!for!Opera7onal!Risk!Managers”! • Identity Theft 25 • Confidential Information Breaches 26 ! Case Study #4: Hacking the Dalai Lama 27 • Targeted Attacks 29 ! Case Study #5: Stuxnet 30 7. Malware as a Service (MaaS) 33 8. Zero-day Vulnerabilities 34 • Heartbleed 35 • Shellshock / Bash 36 9. The Problem of Attribution 37 10. The Bleeding Edge: Supply Chain Hardware Hacking 38 ! Case Study #6: Android Phone Hardware Hack 39 11. Hackbacks and the Legal Limits of Cyber Self-Defense 40 12. Insurance Against Cyber Threats 41 ! Case Study #7: Target and the Cost of Cyber Attacks 42 13. Comments from the Head of U.S. Cyber Command 43 14. Conclusion 44 15. Contact Information 45 16. Disclaimer 46 RBC Enterprise Operational Risk Management 2 1. Introduction !!!!!“Cyber!Threats:!An!Overview!for!Opera7onal!Risk!Managers”! The purpose of this presentation is to provide an overview of the current state of Cyber Threats to Operational Risk Managers and other non-technologists. • Cyber Security has always been and will always be primarily the responsibility of IT departments. • As the frequency and severity of incidents has increased, regulators have stressed the need for greater awareness and communication across organizations. • Because of Operational Risk Management’s high level of visibility with senior management, ORM is well positioned to be a positive force for change in an organization in both heightening the awareness of and improving the responses to Cyber Threats. RBC Enterprise Operational Risk Management 3 2. Cyber Threats as Global Threats !!!!!“Cyber!Threats:!An!Overview!for!Opera7onal!Risk!Managers”! On February 26, 2015, James Clapper, the U.S. Director of National Intelligence, gave his annual “Worldwide Threat Assessment of the US Intelligence Community” to the Senate Select Committee on Intelligence. For the third year in a row, “Cyber Threats” topped the list of Global Threats. RBC Enterprise Operational Risk Management 4 2. Cyber Threats as Global Threats !!!!!“Cyber!Threats:!An!Overview!for!Opera7onal!Risk!Managers”! Here is the list of “Global Threats,” in the order they were presented in the version of the document that has been made available to the public: " Cyber Threats " Counterintelligence " Terrorism " Weapons of Mass Destruction and Proliferation " Space and Counterspace " Transnational Organized Crime " Economics and Natural Resources " Human Security The “Worldwide Threat Assessment” also discusses specific regional threats in the Middle East, Europe, Asia, Latin America, and sub-Saharan Africa. The unclassified version of the file is available online: http://www.dni.gov/files/documents/Unclassified_2015_ATA_SFR_-_SASC_FINAL.pdf RBC Enterprise Operational Risk Management 5 3. Perpetrators of Cyber Attacks !!!!!“Cyber!Threats:!An!Overview!for!Opera7onal!Risk!Managers”! According to the report, the major perpetrators of cyber attacks are as follows: • Cybercriminals Cybercriminals are motivated by financial gain. They range from individuals to vast networks that are organized on an international level. • Terrorists Their preferred targets are usually critical infrastructure, such as energy production and telecommunication, and military targets. • Hacktivists Hacktivists are politically motivated. They usually target high profile websites, corporations, intelligence agencies, and military institutions. • Nation States Many nation states have advanced offensive cyber capabilities, and can use them in hostile actions against adversaries, or for general espionage. • Corporations Some corporations and organizations engage in activities like theft of intellectual property to gain competitive advantage over their competitors. • Current or Former Employees Employees have insider knowledge of firm’s systems, resources, and defenses. • Random Individuals RBC Enterprise Operational Risk Management 6 4. Cyber Security Strategy & PICNICs !!!!!“Cyber!Threats:!An!Overview!for!Opera7onal!Risk!Managers”! Many companies use some version of the following three-pronged approach as the basis of their cyber security strategies: 1. Hunkering down behind industrial strength firewalls. 2. Hardening user computers and workstations with anti-virus software. 3. Limiting computer and network access by restricting the use of Wi-Fi, USB inputs, Remote Access, external hard drives, etc. So, has this three-pronged strategy been effective? • The answer is a qualified “Yes.” While practically all financial services firms have been subject to cyber intrusions of one form or another, the number of firms that have been severely impacted appears to be limited. However, that list is growing. Also, attackers are well acquainted with these strategies, and plan their attacks accordingly. • Almost all cyber security strategies have “PICNIC” vulnerabilities: ! PICNIC = “Problem In Chair, Not In Computer” PICNICs are usually associated with end users. However, PICNICs can also refer to IT departments. • Social Engineering and a basic understanding of Psychology have been used numerous times by attackers to come up with PICNIC exploits that can offset or negate even sophisticated cyber security strategies. [see Case Study #1 on slide #8] RBC Enterprise Operational Risk Management 7 Case Study #1: “Social Engineering” at the Pentagon !!!!!“Cyber!Threats:!An!Overview!for!Opera7onal!Risk!Managers”! The Pentagon in Arlington, Virginia houses the US Department of Defense. It is one of the largest office buildings in the world, and one of the most secure. The Pentagon has strict rules about the use of USB thumb drives on their computers. One of their IT security areas decided to see how effective their protocols were. So, over the course of several days, they seeded several Pentagon parking lots with thumb drives, to see how many would get used on Pentagon computers. The only software on the thumb drives was a program that called back to a host to say it was plugged in, and the IP of that computer. They found that 20% of the thumb drives got plugged in. A few weeks later, they decided to repeat the experiment, but this time with a Social Engineering component – they branded the drives “CIA,” “FBI,” or “NSA” to make them more enticing. Almost 80% of the falsely branded drives got plugged in. "Cyber!Threats"!|!Neil!Roth!|!11!DeCember!2014! RBC Enterprise Operational Risk Management 8 5. Gateways of Internet Vulnerability !!!!!“Cyber!Threats:!An!Overview!for!Opera7onal!Risk!Managers”! From it’s earliest incarnations, the internet was designed to facilitate the rapid, accurate, and effective communication of information. Security was never the primary concern. As such, there are several things to keep in mind: 1. Instantaneous Action at a Distance The people attacking your company may be based in countries that don’t even have an extradition treaty with your country, so legal recourse may be difficult or impossible. 2. Anonymity in Cyberspace Cyber criminals who have the requisite skills in hiding or obscuring their activities have a big advantage over their targets. 3. Lack of Borders Nations have at least some degree of control over their physical borders. Controlling internet borders is much more difficult. 4. Asymmetries of Cyberspace A small group of actors can effectively attack large targets. [see Case Study #2 on slide #10] RBC Enterprise Operational Risk Management 9 Case Study #2: “Anonymous” versus Booz Allen Hamilton !!!!!“Cyber!Threats:!An!Overview!for!Opera7onal!Risk!Managers”! In 2011, the hacktivist group “Anonymous” breached the cyber defenses of US contractor Booz Allen Hamilton, and posted the encrypted passwords of thousands of US military personnel online. After the hack was reported in the media, and confirmed by the Pentagon, Booz Allen Hamilton tweeted that its security policy restricted it from commenting on attacks against its systems. In response, Anonymous tweeted: “You have a security policy? We never noticed. We infiltrated a server that basically had no security measures in place. We were able to run our own shell application, and begin plundering. We were also able to grab 4GB of your source code and wipe it from your system. We are Anonymous. We are AntiSec. Expect us.” RBC Enterprise Operational Risk Management 10 6. Top Cyber Threats: DoS and DDoS Attacks !!!!!“Cyber!Threats:!An!Overview!for!Opera7onal!Risk!Managers”! “Denial of Service” (DoS) attacks are an attempt to make a resource unavailable to its users. “Distributed Denial of Service” (DDoS) attacks occur when multiple sources launch simultaneous DoS attacks against a single target. The “Low Orbit Ion Cannon” (LOIC) is the most popular application used for DDoS attacks. The LOIC features a user-friendly web-based interface. An attacker simply enters a URL or an IP address, then clicks to commence an attack.
Load more

Recommended publications
  • Systematization of Vulnerability Discovery Knowledge: Review
    Systematization of Vulnerability Discovery Knowledge Review Protocol Nuthan Munaiah and Andrew Meneely Department of Software Engineering Rochester Institute of Technology Rochester, NY 14623 {nm6061,axmvse}@rit.edu February 12, 2019 1 Introduction As more aspects of our daily lives depend on technology, the software that supports this technology must be secure. We, as users, almost subconsciously assume the software we use to always be available to serve our requests while preserving the confidentiality and integrity of our information. Unfortunately, incidents involving catastrophic software vulnerabilities such as Heartbleed (in OpenSSL), Stagefright (in Android), and EternalBlue (in Windows) have made abundantly clear that software, like other engineered creations, is prone to mistakes. Over the years, Software Engineering, as a discipline, has recognized the potential for engineers to make mistakes and has incorporated processes to prevent such mistakes from becoming exploitable vulnerabilities. Developers leverage a plethora of processes, techniques, and tools such as threat modeling, static and dynamic analyses, unit/integration/fuzz/penetration testing, and code reviews to engineer secure software. These practices, while effective at identifying vulnerabilities in software, are limited in their ability to describe the engineering failures that may have led to the introduction of vulnerabilities. Fortunately, as researchers propose empirically-validated metrics to characterize historical vulnerabilities, the factors that may have led to the introduction of vulnerabilities emerge. Developers must be made aware of these factors to help them proactively consider security implications of the code that they contribute. In other words, we want developers to think like an attacker (i.e. inculcate an attacker mindset) to proactively discover vulnerabilities.
    [Show full text]
  • Attacking from Inside
    WIPER MALWARE: ATTACKING FROM INSIDE Why some attackers are choosing to get in, delete files, and get out, rather than try to reap financial benefit from their malware. AUTHORED BY VITOR VENTURA WITH CONTRIBUTIONS FROM MARTIN LEE EXECUTIVE SUMMARY from system impact. Some wipers will destroy systems, but not necessarily the data. On the In a digital era when everything and everyone other hand, there are wipers that will destroy is connected, malicious actors have the perfect data, but will not affect the systems. One cannot space to perform their activities. During the past determine which kind has the biggest impact, few years, organizations have suffered several because those impacts are specific to each kinds of attacks that arrived in many shapes organization and the specific context in which and forms. But none have been more impactful the attack occurs. However, an attacker with the than wiper attacks. Attackers who deploy wiper capability to perform one could perform the other. malware have a singular purpose of destroying or disrupting systems and/or data. The defense against these attacks often falls back to the basics. By having certain Unlike malware that holds data for ransom protections in place — a tested cyber security (ransomware), when a malicious actor decides incident response plan, a risk-based patch to use a wiper in their activities, there is no management program, a tested and cyber direct financial motivation. For businesses, this security-aware business continuity plan, often is the worst kind of attack, since there is and network and user segmentation on top no expectation of data recovery.
    [Show full text]
  • Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE of CONTENTS 2016 Internet Security Threat Report 2
    Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE OF CONTENTS 2016 Internet Security Threat Report 2 CONTENTS 4 Introduction 21 Tech Support Scams Go Nuclear, 39 Infographic: A New Zero-Day Vulnerability Spreading Ransomware Discovered Every Week in 2015 5 Executive Summary 22 Malvertising 39 Infographic: A New Zero-Day Vulnerability Discovered Every Week in 2015 8 BIG NUMBERS 23 Cybersecurity Challenges For Website Owners 40 Spear Phishing 10 MOBILE DEVICES & THE 23 Put Your Money Where Your Mouse Is 43 Active Attack Groups in 2015 INTERNET OF THINGS 23 Websites Are Still Vulnerable to Attacks 44 Infographic: Attackers Target Both Large and Small Businesses 10 Smartphones Leading to Malware and Data Breaches and Mobile Devices 23 Moving to Stronger Authentication 45 Profiting from High-Level Corporate Attacks and the Butterfly Effect 10 One Phone Per Person 24 Accelerating to Always-On Encryption 45 Cybersecurity, Cybersabotage, and Coping 11 Cross-Over Threats 24 Reinforced Reassurance with Black Swan Events 11 Android Attacks Become More Stealthy 25 Websites Need to Become Harder to 46 Cybersabotage and 12 How Malicious Video Messages Could Attack the Threat of “Hybrid Warfare” Lead to Stagefright and Stagefright 2.0 25 SSL/TLS and The 46 Small Business and the Dirty Linen Attack Industry’s Response 13 Android Users under Fire with Phishing 47 Industrial Control Systems and Ransomware 25 The Evolution of Encryption Vulnerable to Attacks 13 Apple iOS Users Now More at Risk than 25 Strength in Numbers 47 Obscurity is No Defense
    [Show full text]
  • The Middle East Under Malware Attack Dissecting Cyber Weapons
    The Middle East under Malware Attack Dissecting Cyber Weapons Sami Zhioua Information and Computer Science Department King Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia [email protected] Abstract—The Middle East is currently the target of an un- have been designed by the same unknown entity 1. The next precedented campaign of cyber attacks carried out by unknown malware of this lineage was Flame [7] which was discovered parties. The energy industry is praticularly targeted. The in May 2012 by Kaspersky Lab while investigating another attacks are carried out by deploying extremely sophisticated malware. The campaign opened by the Stuxnet malware in piece of malware called Wiper [8]. Flame features very 2010 and then continued through Duqu, Flame, Gauss, and unusual characteristics such as large size, large number of Shamoon malware. This paper is a technical survey of the modules, self adapting, etc. As Duqu, Flame’s objective is attacking vectors utilized by the three most famous malware, data collection and espionnage. Gauss [9] is another data namely, Stuxnet, Flame, and Shamoon. We describe their main stealing malware discovered in June 2012 by Kaspersky Lab modules, their sophisticated spreading capabilities, and we discuss what it sets them apart from typical malware. The focusing on banking information. Flame and Gauss exhibit main purpose of the paper is to point out the recent trends striking similarities and several technical evidences indicate infused by this new breed of malware into cyber attacks. that they come from the same “factories” that produced Stuxnet and Duqu [9]. The latest malware-based attack Keywords-Malwares; Information Security; Targeted At- tacks; Stuxnet; Duqu; Flame; Gauss; Shamoon targeting the middle east was the Shamoon attack on Saudi Aramco [10].
    [Show full text]
  • The Dark Reality of Open Source Spotlight Report
    SPOTLIGHT The Dark Reality of Open Source Through the Lens of Threat and Vulnerability Management RiskSense Spotlight Report • May 2020 Executive Summary Open sourCe software (OSS) has quiCkly transformed both And while Heartbleed and the Apache Struts how modern applications are built and the underlying code vulnerabilities are the household names of open source they rely on. Access to high-quality and powerful open vulnerabilities, they are far from the only examples. Open source software projects has allowed developers to quickly source software is increasingly being targeted by integrate new capabilities into their applications without cryptominers, ransomware, and leveraged in DDoS having to reinvent the wheel. As a result, it is now estimated attacks. Unfortunately, OSS vulnerabilities are often a that between 80% and 90% of the code in most modern blind spot for many enterprises, who may not always be applications is made up of open source components. aware of all the open source projects and dependencies Likewise, many of the very tools that have enabled the that are used in their applications. growth of DevOps and CI/CD such as Jenkins, Kubernetes, and Docker are themselves open source projects. With this in mind, we have focused this version of the RiskSense Spotlight report on vulnerabilities in some of OSS also allows organizations to reduce their software today’s most popular open source software, including costs, and is often key to digital transformation efforts more than 50 OSS projects and over 2,600 vulnerabilities. and the transition of services to the cloud. It is no We then used this dataset to provide a risk-based surprise then that a 2020 report from Red Hat found that analysis of open source software to reveal the following: 95% of organizations view open source software as strategically important to their business.
    [Show full text]
  • Combat Top Security Vulnerabilities: HPE Tippingpoint Intrusion
    Business white paper Combat top security vulnerabilities HPE TippingPoint intrusion prevention system Business white paper Page 2 The year 2014 marked a new pinnacle for hackers. Vulnerabilities were uncovered in some of the most widely deployed software in the world—some of it in systems actually intended to make you more secure. HPE TippingPoint next-generation intrusion prevention system (IPS) and next-generation firewall (NGFW) customers rely on us to keep their networks safe. And when it comes to cyber threats, every second matters. So how did HPE TippingPoint do? This brief highlights the top security vulnerabilities of 2014—the ones that sent corporate security executives scrambling to protect their businesses. And it describes how HPE TippingPoint responded to keep our customers safe. Heartbleed—HPE TippingPoint intrusion prevention system stops blood flow early Any vulnerability is concerning, but when a vulnerability is discovered in software designed to assure security, it leaves businesses exposed and vulnerable. That was the case with the Heartbleed vulnerability disclosed by the OpenSSL project on April 7, 2014. They found the vulnerability in versions of OpenSSL—the open-source cryptographic library widely used to encrypt Internet traffic. Heartbleed grew from a coding error that allowed remote attackers to read information from process memory by sending heartbeat packets that trigger a buffer over-read. As a demonstration of the vulnerability, the OpenSSL Project created a sample exploit that successfully stole private cryptography keys, user names and passwords, instant messages, emails, and business-critical documents and communications. We responded within hours to protect TippingPoint customers. On April 8, we released a custom filter package to defend against the vulnerability.
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]
  • Fractional Dynamics of Stuxnet Virus Propagation in Industrial Control Systems
    mathematics Article Fractional Dynamics of Stuxnet Virus Propagation in Industrial Control Systems Zaheer Masood 1, Muhammad Asif Zahoor Raja 2,* , Naveed Ishtiaq Chaudhary 2, Khalid Mehmood Cheema 3 and Ahmad H. Milyani 4 1 Department of Electrical and Electronics Engineering, Capital University of Science and Technology, Islamabad 44000, Pakistan; [email protected] 2 Future Technology Research Center, National Yunlin University of Science and Technology, 123 University Road, Section 3, Douliou 64002, Taiwan; [email protected] 3 School of Electrical Engineering, Southeast University, Nanjing 210096, China; [email protected] 4 Department of Electrical and Computer Engineering, King Abdulaziz University, Jeddah 21589, Saudi Arabia; [email protected] * Correspondence: [email protected] Abstract: The designed fractional order Stuxnet, the virus model, is analyzed to investigate the spread of the virus in the regime of isolated industrial networks environment by bridging the air-gap between the traditional and the critical control network infrastructures. Removable storage devices are commonly used to exploit the vulnerability of individual nodes, as well as the associated networks, by transferring data and viruses in the isolated industrial control system. A mathematical model of an arbitrary order system is constructed and analyzed numerically to depict the control mechanism. A local and global stability analysis of the system is performed on the equilibrium points derived Citation: Masood, Z.; Raja, M.A.Z.; for the value of a = 1. To understand the depth of fractional model behavior, numerical simulations Chaudhary, N.I.; Cheema, K.M.; are carried out for the distinct order of the fractional derivative system, and the results show that Milyani, A.H.
    [Show full text]
  • FROM SHAMOON to STONEDRILL Wipers Attacking Saudi Organizations and Beyond
    FROM SHAMOON TO STONEDRILL Wipers attacking Saudi organizations and beyond Version 1.05 2017-03-07 Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East. The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012. Dormant for four years, one of the most mysterious wipers in history has returned. So far, we have observed three waves of attacks of the Shamoon 2.0 malware, activated on 17 November 2016, 29 November 2016 and 23 January 2017. Also known as Disttrack, Shamoon is a highly destructive malware family that effectively wipes the victim machine. A group known as the Cutting Sword of Justice took credit for the Saudi Aramco attack by posting a Pastebin message on the day of the attack (back in 2012), and justified the attack as a measure against the Saudi monarchy. The Shamoon 2.0 attacks observed since November 2016 have targeted organizations in various critical and economic sectors in Saudi Arabia. Just like the previous variant, the Shamoon 2.0 wiper aims for the mass destruction of systems inside targeted organizations. The new attacks share many similarities with the 2012 wave, though featuring new tools and techniques. During the first stage, the attackers obtain administrator credentials for the victim’s network. Next, they build a custom wiper (Shamoon 2.0) which leverages these credentials to spread widely inside the organization. Finally, on a predefined date, the wiper activates, rendering the victim’s machines completely inoperable.
    [Show full text]
  • Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries
    Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries Ruian Duan:, Ashish Bijlani:, Yang Ji:, Omar Alrawi:, Yiyuan Xiong˚, Moses Ike:, Brendan Saltaformaggio,: and Wenke Lee: fruian, ashish.bijlani, yang.ji, alrawi, [email protected], [email protected] [email protected], [email protected] : Georgia Institute of Technology, ˚ Peking University Abstract—Mobile application developers rely heavily on open- while ensuring backward compatibility, and test for unin- source software (OSS) to offload common functionalities such tended side-effects. For the Android platform, Google has as the implementation of protocols and media format playback. initiated the App Security Improvement Program (ASIP) [21] Over the past years, several vulnerabilities have been found in to notify developers of vulnerable third-party libraries in popular open-source libraries like OpenSSL and FFmpeg. Mobile use. Unfortunately, many developers, as OSSPolice [15] and applications that include such libraries inherit these flaws, which LibScout [4] show, do not update or patch their application, make them vulnerable. Fortunately, the open-source community is responsive and patches are made available within days. However, which leaves end-users exposed. Android developers mainly mobile application developers are often left unaware of these use Java and C/C++ [1] libraries. While Derr et al. [14] flaws. The App Security Improvement Program (ASIP) isa show that vulnerable Java libraries can be fixed by library- commendable effort by Google to notify application developers level update, their C/C++ counterparts, which contain many of these flaws, but recent work has shown that many developers more documented security bugs in the National Vulnerability do not act on this information.
    [Show full text]
  • Cyberwar: the ISIL Threat & Resiliency in Operational Technology
    Cyberwar: The ISIL Threat & Resiliency in Operational Technology Thesis Presented to the Faculty of the Department of Information and Logistics Technology University of Houston In Partial Fulfillment of the Requirements for the Degree Master’s of Information Systems Security By Gregory S. Anderson May 2017 Cyberwar: The ISIL Threat & Resiliency in Operational Technology ____________________________________ Gregory S. Anderson Approved: Committee Chair: ____________________________________ Wm. Arthur Conklin, PhD Computer Information Systems and Information System Security Committee Member: ____________________________________ Chris Bronk, PhD Computer Information Systems and Information System Security Committee Member: ____________________________________ Paula deWitte, PhD Computer Information Systems and Information System Security ____________________________________ ____________________________________ Rupa Iyer, PhD Dan Cassler Associate Dean for Research and Graduate Interim Chair for Department of Information Studies, College of Technology and Logistics Technology THIS PAGE INTENTIONALLY LEFT BLANK Acknowledgments First, I would like to thank Dr. Chris Bronk and Dr. Art Conklin for their support and guidance throughout my time at the University of Houston. Their dedication to students is unparalleled for any other professor I have come across during my education. I would also like to thank my family for their ongoing encouragement and love. The fostering environment to peruse knowledge and “never settle for less” has been a constant inspiration throughout my life. Lastly, to my partner of 7 years, Lorelei. None of my achievements these past few years would have come to fruition without her continuous love, support, and willingness to sacrifice for the greater good is deeply appreciated. Thank you for being the most patient and steadfast person I have ever known, I love you.
    [Show full text]
  • Extra Credit Homework CS 642: Information Security
    Extra Credit Homework CS 642: Information Security December 10, 2014 This homework assignment is for extra credit. It can only make your grade go up, and you can turn in as much as you finish and still get bonus points (assuming the finished portions are correct). You may not work with a partner. It is due Dec 18, 2014 by midnight local time. 1 ShellShock Shellshock, also known as Bashdoor, is a Unix Bash vulnerability that was made public in September 2014. The bug affected a large number of Internet services since it allowed attackers to remotely execute arbitrary commands in vulnerable versions of Bash. In this problem, you need to finish the following tasks: • (Description) You should read materials about the Shellshock bug and what the error was in the source code of BASH. Provide a brief description (at most a few paragraphs) explaining the vulnerability and describe how to fix the bug. • (Impact) Security experts said that exploits against ShellShock were used to generate Botnets and trigger DDoS attacks. Provide a brief description of how that might work, given your knowledge of the vulnerability. • (Tester) You should write a script that tests whether a BASH environment is vulnerable. Provide the script and explain the details of your code (in a separate text file). 2 Heartbleed The Heartbleed bug, an OpenSSL encryption flaw, was made public in April 2014. The bug had huge consequences, as the vulnerable software was used widely among website servers. Millions of servers were in danger of information leaks. Heartbleed allows hackers to remotely retrieve swathes of process memory from the openssl process.
    [Show full text]