Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

4/25/2018
08:15 AM
Alan
 Zeichick
Alan Zeichick
Alan Zeichick
50%
50%

5 New Network Attack Techniques That Will Keep You Awake at Night

You can't trust anything -- not the cloud, not hardware, not industrial control systems. Take nothing for granted, advise the experts, and trust nothing.

Get ready for insomnia. Attackers are finding new techniques, and here are five that will give you nightmares worse than after you watched the slasher film everyone warned you about when you were a kid.

At a panel at the 2018 RSA Conference in San Francisco last week, we learned that these new attack techniques aren't merely theoretically possible. They're here, they're real, and they're hurting companies today. The speakers on the panel laid out the biggest attack vectors we're seeing -- and some of them are either different than in the past, or are becoming more common.

Here's the list:

1. Repositories and cloud storage data leakage
People have been grabbing data from unsecured cloud storage for as long as cloud storage existed. Now that the cloud is nearly ubiquitous, so are the instances of non-encrypted, non-password-protected repositories on Amazon S3, Microsoft Azure, or Google Cloud Storage.

Ed Skoudis, the Penetration Testing Curriculum Director at the SANS Institute, a security training organization, points to three major flaws here. First, private repositories are accidentally opened to the public. Second, these public repositories are allowed to hold sensitive information, such as encryption keys, user names, and passwords. Third, source code and behind-the-scenes application data can be stored in the wrong cloud repository.

The result? Leakage, if someone happens to find it. And "Hackers are constantly searching for repositories that don’t have the appropriate security," Skoudis said.

2. Data de-anonymization, and correlation
Lots of medical and financial data is shared between businesses. Often that data is anonymized. That is, scrubbed with all the personally identifiable information (PII) removed so it's impossible to figure out which human a particular data record belongs to.

Well, that's the theory, said Skoudis. In reality, if you beg, borrow or steal enough data from many sources (including breaches), you can often correlate the data and figure out which person is described by financial or health data. It's not easy, because a lot of data and computation resources are required, but de-anonymization can be done, and used for identity theft or worse.

3. Monetizing compromised systems using cryptominers
Johannes Ullrich, who runs the SANS Internet Storm Center, said that hackers care about selling your stuff, like any other criminal. Some want to steal your data, including bank accounts, and sell that to other people, say on the Dark Web. A few years ago, hackers learned how to steal your data and sell it back to you, in the form of ransomware. And now, they're stealing your computer's processing power.

What's the processing power used for?

"They're using your system for crypto-coin mining," the experts said. This became obvious earlier this year, he said, with a PeopleSoft breach where hackers installed a coin miner on thousands of servers – and never touched the PeopleSoft data. Meanwhile, since no data is touched or stolen, the hack could stay undetected for months, maybe years. (See Malwarebytes: Cryptomining Surges as Ransomware Declines.)

4. Hardware flaws
Meltdown and Spectre, which exploited flaws in microprocessor design, were not flukes, Ullrich said. Spectre and Meltdown allowed hostile programs to access other programs' memory. But other hacks can allow unintended code to execute on the microprocessor, or leak information from caches. (See In Wake of Spectre & Meltdown, Intel Shifts Memory Scanning to GPU.)


The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

Ullrich warns against relying upon the hardware features of a system for security, and backing that up with robust software.

"Hardware has complexity issues. You have to think, how much can you trust your hardware, especially if you're depending on hardware features to separate processes," Ullrich said. If you can't trust hardware, he asks, who can you trust? "Trust no one."

5. Exploitability in industrial control systems
Everyone running a power plant or a dam is probably kept awake by the ability of hackers to target, infiltrate and manipulate industrial controls -- like those which ran Iran's nuclear enrichment centrifuges, and which were successfully damaged by the Stuxnet.

Attacks on industrial controls, including widely used Supervisory Control and Data Acquisition (SCADA) systems, are becoming more widespread. James Lyne, Head of R&D for SANS, is concerned that these systems rely upon obscurity and isolation for protection -- and may not have been robustly tested for flaws.

Perhaps it's only a matter of time before hackers use hijacked industrial control systems to turn things off, turn things on, damage things or worse. That's good stuff for your nightmares.

"How prepared are we?" asks Lyne.

Sweet dreams.

Related posts:

— Alan Zeichick is principal analyst at Camden Associates, a technology consultancy in Phoenix, Arizona, specializing in enterprise networking, cybersecurity, and software development. Follow him @zeichick.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.