Thursday, 27 February 2020

Second part of Case Study - Samsung company; its security.

Samsung


The Samsung Group is a South Korean multinational corporation with subsidiaries and is one of Korea's largest companies, supplying about one-fifth of the country's total exports primarily focused on electronics, heavy industry, construction, and defense.


According to Samsung's official sites, they have built strong security due to their " DNA" ðŸ™‚ . The company is using its own security system called Knox. The mobile devices are designed from the chip up with defense-grade protection so Knox can protect the smartphone from the moment the user first turns it on. In addition, they have implemented some futures namely, Face Recognition and Ultrasonic Fingerprint. Knox is using multi-layered security that is built-in. It provides multi-layered protection, it protects users' most sensitive information against malware and malicious threats (Samsung Knox, 2020).

Image result for knox security
Samsung Knox security system.

Vulnerabilities:

CVS has report KNOX security has found just three vulnerabilities at a low level. The report is presented below. 



At the moment the KNOX platform is using by countries such as the UK and US, more precisely by government departments, and not only, but it is also used by NASA. However, Tung (2020) has published on his web article that,  Project Zero's Gal Beniamini, have broken the disk encryption, a KNOX hyper-visor design to protect Linux.
Another aspect regarding the Knox security was exposed by Israeli researchers. They have found three vulnerabilities, namely the androids were tested Galaxy 6 and Note 5 in June 2016, have offered totally access to the hackers, that have accessed the phones.

Method
 Samsung succeeded to fix the issue in the KNOX program and updates the program on a regular base. Samsung will occasionally send security updates to the device as needed (Samsung, 2020). Additionally, Samsung required permission from users to collect information regarding KNOX functionality. SE for Android sends security reports to help Samsung to identify threats to your security by allowing your phone to collect and send data in encrypted form(Samsung, 2020). 

Conclusion:
Knox from Samsung is a reliable source of security, it provides a high-level protection against cybercrime, this is also evidenced by the CVS report, moreover, governments and important organizations are using KNOX security to protect their device and networks.

Reference list:

Tung, L. (2017). ​Google Project Zero: How we cracked Samsung's DoD- and NSA-certified Knox | ZDNet. [online] ZDNet. Available at: https://www.zdnet.com/article/google-project-zero-how-we-cracked-samsungs-dod-and-nsa-certified-knox/ [Accessed 4 Mar. 2020]

Samsung Knox. (2020). Samsung Knox | Secured by Knox. [online] Available at: https://www.samsungknox.com/en/secured-by-knox [Accessed 20.02. 2020].

Burgess, M. (2020). Major security flaw in Samsung Knox could give hackers 'full control' of your phone. [online] Wired.co.uk. Available at: https://www.wired.co.uk/article/samsung-knox-security-vulnerabilities [Accessed 4 Mar. 2020].

Thursday, 20 February 2020

First case study- Apple and its security.

First case study- Apple phone and its security.



Have Apple any issue regarding its security? It's any possibility to access Apple devices?
I put my self some questions after I hard a university teacher, which said,, We can access an Apple device, accessing first a smart device which is connected with the Apple device. As an Android user, I will study both android and iOS systems. In addition, I want to find out if Apple company will convince me to buy its devices or I will be using the Android system. For the case study regarding the Android system, I will study about the Samsung company. Samsung is a loyal competition for the Apple company.
Image result for Apple

Apple, iOS.

The first iPhone was launched in 2007 by Steve Jobs. That rapidly became one of the most widely discussed consumer products ever. With a brand like a computer screen touch screen, thousands of customers race to be the first to purchase the device, including computers and Wi-Fi connectivity. Opponents have been quick to launch phones for similar features.
According to Apple, the company is using hardware security, antivirus software is building into hardware. It has security competences designed into silicon. This kind of security is found in any Apple products which running iOS, iPadOS, macOS, watchOS, and tvOS (Apple Support, 2020).
As I said, I choose to study the iPhone device's security.
The most critical component is the Secure Enclave, which is built into modern devices. Secure Enclave is a type of cryptography. The enclave provides a foundation for encrypting data, secure boot in macOS and biometrics.

About Secure Enclave:


Secure Enclave is a hardware-based key manager isolated from the main processor that provides an extra layer of security.
If the devices have been compromised, the Secure Enclave maintains the integrity of its cryptographic operations.

Secure Enclave



   Fig1.  The Secure Enclave processor

Review

Due to their security, Apple imposed the customer restricted access, for example, to download software from unknown sources.  Apple focuses on absolute control of all elements of its product from the software all the way down to the hardware. But this makes for much better software support on the positive side and a better overall experience. However, Apple offers some restrictive futures which help the customer to stay safe. One of these features is the Parental controls app: such settings offer various ways of preventing children from consuming inappropriate content. This app coming with features such as Screen Time, a feature that Apple has introduced to iOS 12, reveals how much time a customer spending on his iPhone or iPad, for example, pale if the customer wants to know how much time spend on Facebook, Instagram or playing games. Furthermore, the Screen Time app contains another setting in which parents can enable them to reach children from inappropriate content and managing their time. 
 from: McElhearn, K. (2020)



Although they have built strong security which believed is impenetrable they have a breach in the security system. According to CVE Details, who has noticed that in 2019, iOS contains 1655 vulnerabilities in the security system, most of the latest vulnerabilities are related to the Bluetooth BR / EDR  and multiple memory corruption issues (Cvedetails.com, 2020).

According to Matthews (2019), a team of researchers at Google in February warned Apple of vulnerabilities that persisted for two years and allowed hackers to install malware on iPhones after people visited specific websites. Although it happens for more than two years, it went public just in February 2019, after Google publish it. They revealed five so-called exploit chains that connect vulnerabilities in security together and allow hackers to move through each layer of security protections built into an operating system (Matthews, 2019).
The exploit chains took advantage of 14 total security vulnerabilities that allowed cybercriminals to gain full phone control after putting malware on it that served as a tracking implant. The cybercriminals set Malware into these sites and infect the iPhones through websites. Researchers have confirmed, thousand of the user were hacked, without being aware of it. Nonetheless, the researchers reported that thousands of visitors were likely to go to those online destinations every week, and since September 2016 the malware existed, and since at least 2017 the impacted sites have been live online (Matthews, 2019). The most vulnerabilities were found in the Apple system iOS 10 to 12. These vulnerabilities have plagued most of Apple's iOS 10 to 12 operating systems, Google information also discusses how cybercriminals have made a "sustained effort" to exploit these vulnerabilities (Matthews, 2019). The researchers at Google did not attempt to accuse or say anything about the groups that organized those attacks. Nonetheless, after the news broke, TechCrunch claimed that its sources claim that the infected websites that contain the malware were actually part of a state-based attack— and possibly one from China (Matthews, 2019).  A prediction is related that these attacks will extend to the android system, Forbes state, the individuals who given that data moreover charged that the assaults expanded to Windows and Android frameworks. Be that as it may, Google did not comment on that plausibility  (Matthews, 2019).

Google has given the Apple, seven days to fix that issue and come with any further solution to avoid that kind of problem not come in the future. Apple patched the issues and released a security patch six days after hearing about what Google discovered, but the firm hasn't released a statement yet.
Apple fixed this flaw in a patch carried out in Patch 12.1.4

In conclusion, Apple has strong security , however,  it can be broke. Therefore, users should not just trust that the security offered by Apple is sufficient to protect them from attack. Regarding the privacy and the possibility to have full freedom, Apple has restricted users access to install any app on the iPhone.
Customers should pay more attention to what Google has discovered, avoid accessing untrusted sites and update their devices



(How Apple security is broken by devices like smart devices?? (Cvedetails.com, 2020)   )



References list:

Apple Support. (2020). Hardware security overview. [online] Available at: https://support.apple.com/en-gb/guide/security/secf020d1074/1/web/1 [Accessed 18 Feb. 2020].

Cvedetails.com. (2020). Apple iPhone Os: List of security vulnerabilities. [online] Available at: https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html [Accessed 27 Feb. 2020].


Matthews, K. (2019). Incident Of The Week: Apple iPhones Affected By Data Breach Discovered By Google’s Project Zero Security Researchers. [online] Cyber Security Hub. Available at: https://www.cshub.com/malware/articles/incident-of-the-week-apple-iphones-affected-by-data-breach-discovered-by-googles-project-zero-security-researchers [Accessed 25 Feb. 2020].


 McElhearn, K. (2020). iOS 12 Parental Controls and Restrictions: How to protect your kids on iPad, iPhone, iPod touch. [online] The Mac Security Blog. Available at: https://www.intego.com/mac-security-blog/protect-your-kids-on-ios-devices-with-parental-controls/ [Accessed 27 Feb. 2020].

Wednesday, 19 February 2020

Case study information- Apple Company- Plan.

Who is your subject?
I have chosen for my case study Apple company, more precisely security on Apple devices.

Why have you chosen them as a subject?

I participate to ope day and who held the conference has talked about the lack of security in Apple devices.

Some background information about them.

I have some basic knowledge, however not enough: Apple is an American company. The company is using own operating system, which is called the macOS.

Context to your major project.

I will study different types of cyberattacks also I will including how Apple Security is broken by an attack against smart devices that are connected with Apple's devices.

My case study structure:
Introduction
Review
Method
Conclusion

In addition, I want to study two companies that are using iOS and Android.




References list:

Apple Support. (2020). Hardware security overview. [online] Available at: https://support.apple.com/en-gb/guide/security/secf020d1074/1/web/1 [Accessed 18 Feb. 2020].


  Google Books. (2020). iPhone and iOS Forensics. [online] Available at: https://books.google.co.uk/books?hl=en&lr=&id=DXzb8remIh4C&oi=fnd&pg=PP1&dq=apple+company+and+its+security&ots=5GL7zVkCaZ&sig=ylKcxDO0A8WofprPDi3_YnvlZrg&redir_esc=y#v=onepage&q=apple%20company%20and%20its%20security&f=false [Accessed 19 Feb. 2020].

  Schulze, M. (2020). Clipper Meets Apple vs. FBI—A Comparison of the Cryptography Discourses from 1993 and 2016. [online] Cogitatiopress.com. Available at: https://www.cogitatiopress.com/mediaandcommunication/article/view/805/805 [Accessed 19 Feb. 2020]. or
  
  Schulze, M. (2017). Clipper Meets Apple vs. FBI—A Comparison of the Cryptography Discourses from 1993 and 2016. Media and Communication, 5(1), p.54.

Tuesday, 18 February 2020

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks


Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks




A Distributed Denial of Service (DDoS) Assault is one of the most powerful weapons on the Internet. If a website getting "brought down by hackers," it generally means that it has become a target of a DDoS attack. In brief, this implies that criminals have tried to make a server or device inaccessible by overwhelming or collapsing a website with too much traffic. According to Weisman from NortonLife Lock, Distributed Denial of Service attacks hit websites and online services. The aim is to flood them with more data than the server or the network can handle. The goal is to make the website or service inoperable.

ddos attack

Fig. DDoS Attack

When starting the DDoS Attack?

In 2000, Michael Calce, a 15-year-old boy who used the online name "Mafiaboy," conducted one of the first DDoS attacks reported. Calce also broken into a variety of schools ' computer networks. They used their database to conduct a DDoS assault that disrupted many major websites, including CNN, E-Trade, eBay, and Yahoo. Calce was tried at the Quebec Youth Court for his crimes. As an adult, he became a "white-hat intruder" who discovered flaws in big corporations ' computer systems (Weisman, n.d.)
The most recently DDoS attack took place in October 2016, a flood of distributed denial of service (DDoS) attacks affecting tens of millions of Internet Protocol (IP) addresses was detected and the Dyn domain name network (DNS) was targeted. This attack has a magnitude of 1.2 Terabytes and implicated the Internet of Things (IoT).
According to the 12th annual report of the Arbor Network released in Waterman2, the scale and rise of the DDoS attacks have been the greatest in the last year and have also grown in magnitude over the last few years.
The targets at this kind of attack have a range from own home to the biggest organizations such as the government. Arbore network has shown that are around 1000 DDoS attack every day (Mahjabin et. al., 2017). 
One of the reasons for these attacks is related to the desire to steal money. One of the main motivations to assault such users is for some financial gain, but the enticing goal for a DDoS attack can be porn or online gambling sites (Mahjabin et. al., 2017). 
In a quarterly survey by Kaspersky Lab, it can be found that several e-commerce pages were the primary focus of DDoS attacks in the second quarter of 2011( KasperskyLab, 2011 cited in Mahjabin et. al. 2017)






                        figure

Figure 2. Breakdown of attacked sites in Q2 2011.

The most common reasons for this attack are (Mahjabin et. al., 2017):


  • Financial or economic benefits, attacks who come under this motive are known to be the riskiest attacks because they expect a financial benefit from the attacks. In such a scenario, the assailants are highly experienced technicians. Therefore, in the present case, this type of attack is hard to stop.
  • Revenge, this is another reason for the DDoS assaults, where some disgruntled (possibly technologically less skilled) individuals carry out the attacks as a compensation of some alleged oppressions.
  • Ideological belief, some of the attackers were inspired to strike the goal because of their ideological beliefs. This has become an important factor behind the assaults on DDoS. Although they are not as common as other reasons, their impacts and scales are as high as they have been seen in recent years.
  • Intellectual challenge, the attackers of this group are mainly motivated to conduct DDoS attacks to show off their capabilities and power. The availability of the easy-to-use attack tools and botnets motivates these attackers to conduct experiments of DDoS attacks.
  • Cyberwarfare, this is another essential incentive for an assault that poses a threat and has a significant economic effect on its goals. Typically, some well-trained people from a military or terrorist organization are carrying out attacks of this kind.

DDoS components


1) Master Mind/Planner: The Original Attacker, who creates reasons and answers for, why, when, how and by whom the attack will be performed.



2) Controller/Handler: Co-ordinator of the original attacker, who may be one or more than one machine, is used to exploit other machines to process DDoS attack


3) Agents/Zombies/Botnets: Agents, also known as slaves or attack daemons, subordinates are programs that actually conduct the attack on the victim. These programs are usually deployed on host computers. These daemons influence both the machines: target and the host computers. It facilitates the attacker to gain access and infiltrate the host computers.

4) Victim/Target: A victim is a target host that has been selected to receive the impact of the attack.

How it takes place?

Typically, DDoS attackers rely on botnets – collections of a network of malware-infected systems that are centrally controlled. These infected endpoints are usually computers and servers but are increasingly IoT and mobile devices. The attackers will harvest these systems by identifying vulnerable systems that they can infect through phishing attacks, malvertising attacks, and other mass infection techniques. 

DDoS impact

Cash, resources, clients and even credibility may be lost in the event of a DDoS attack. Depending on the severity of the assault, services may be down for 24 hours, several days, or even a week. In reality, Kaspersky Lab's survey revealed that one in five DDoS attacks could last for days or even weeks, attesting to their complexity and serious threat to all businesses.

Defense

A modern DDoS defense should include four critical requirements:
  • Precision: It’s crucial for companies to implement a precise DDoS defense system
  • Scalability: Given the sheer size of today’s DDoS attacks it’s more important than ever for DDoS protection systems to be scalable in depth, breadth and height.
  • Wartime Response Efficiency:An automated DDoS defense system can eliminate the need for costly and time-consuming manual intervention.
  • Affordability: Companies can keep costs low without sacrificing performance with smaller, more efficient and more affordable DDoS protection system. This reduces the number of appliances needed, decreases cost and cuts down on rack space, saving both time and money.

To sum up, the DDoS attack is one of the most destructive cyber attacks due to a large number of devices involved and the purpose of which that was created. Over the years these attacks have produced important material damage and also the loss of vital information. Many attacks start via a phishing email, malware or and other mass infection techniques. Companies should improve and work in their security on a regular base.

References list:

KnowHostBlog, 2019. DDoS Attack. [image] Available at: <https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.knownhost.com%2Fblog%2Fddos-protection-critical%2F&psig=AOvVaw2_4fpFrSXfFVQRAlbp7y4E&ust=1583832896322000&source=images&cd=vfe&ved=0CAIQjRxqFwoTCPjZj8WLjegCFQAAAAAdAAAAABAD> [Accessed 9 February 2020]

Mahjabin, T., Xiao, Y., Sun, G. and Jiang, W., 2017. ‘A survey of distributed denial-of-service attack, prevention, and mitigation techniques’, International Journal of Distributed Sensor Networks. [Online]. Availble at  doi: 10.1177/1550147717741463. [Accessed 9 February 2020]

Weisman, S., n.d. What Is A Ddos Attack?. [online] Us.norton.com. Available at: <https://us.norton.com/internetsecurity-emerging-threats-what-is-a-ddos-attack-30sectech-by-norton.html> [Accessed 8 February 2020].

Car hacking

Car hacking

Are autonomous cars more vulnerable to cyber-attacks?


Recently, autonomous vehicles (AVs) are attracting a great deal of attention. We are required to assist/replace human drivers in maneuvering the car, thereby reducing the likelihood of human error-induced road accidents as a means of improving road safety  (Cui et al., 2019). In addition, AVs can communicate with other cars, facilities, and pedestrians, as they have activated with the vehicle to everything (V2X) communication technology (Cui et al., 2019).

Car hacking is still a major problem these days. Progress is being made by automakers and manufacturers in defending cars from cyber attacks, but the car-hacking threat is still real and could become even more serious in the future as driverless vehicles start talking to each other.



Fig 1.Model cars run in a city miniature at the Elektrobit booth to show how software for highly automated driving works during CES 2018 on January 9, 2018, in Las Vegas, Nevada.



A worst-case scenario would be hackers who penetrate a vehicle through a minor unit, such as an infotainment system, then wreak disruption by taking control of the vehicle's door locks, brakes, engine or even semi-autonomous driving features. According to Eu.usatoday.com (2018), such a scenario was shown to be feasible in a 2015 remote hacking demonstration involving a Jeep Cherokee that rocked the industry and prompted Fiat Chrysler Automobiles to send 1,4 million cars and trucks owners of UBS sticks with software patches to.

The major car manufacturers create an organization called the Automotive Information Sharing and Analysis Center, known as Auto-ISAC, to study and discuss the best cybersecurity practices.

Autonomous vehicles (AV) have vulnerabilities due to software that contains a large number of codes. Parkinson et al. (2017) claim Autonomous vehicles (AVs) are vulnerable to many forms of cyber attacks, the fully AV driving software will have over 100 million lines of code, so security problems can not be predicted (Parkinson et al. 2017, cited in Linkov, V et al. 2019).

An example of a cyber-attack against autonomous cars is presented by Linkov, V. et al. in their journal namely, when tire-pressure monitoring systems are under attacker's influence, they can display false readings and mask a frequent reduction in air pressure leakage. An attack on the tilt sensor may cause the car to slow down or start braking because the sensor indicates a steep gradient (Parkinson et al. 2017, cited in Linkov, V et al. 2019).

In-vehicle connectivity and communication with V2X (Vehicle to everything) are crucial to maintaining AV performance.


Fig. 5

              Fig. 2. Potential attacks on AV and AV communication networks.  (Cui et al., 2019)

AVs can face different types of attacks, passive or active, external or internal, and malicious or rational. The active attacker sends malicious packets to damage other nodes in the network, while passive attackers frequently check communication within the network to gain useful information, external attackers are generally not authenticated and mostly aim to ruin the system's security and availability, while internal attackers are part of the network and can perpetrate any attackers (Cui et al., 2019). 

DoS (Denial of Service) attack is one of the most serious attacks due to the major impact it has on the network connection. Denial of Service (DOS) attack: the main purpose behind a DoS attack is to prevent legitimate organizations from accessing network services and resources; the aforementioned spamming attack and flooding attack are examples of DoS attacks; it can also be called DDOS (Distributed Denial of Service) when several computers and/or internet connexions are used to initiate the attack  (Cui et al., 2019). Furthermore, other attacks that could take place are Flooding, Malware,  Spamming, Wormhole attacks.




Fig. 7


Fig 3. Security attacks on availability and their corresponding countermeasures (Cui et al., 2019).





video: Driverless Cars: A New Challenge to Cybersecurity





   The real problem of hacking AVs is when those cars are lost control and they can harm pedestrians or they can even kill car occupants or other AVs drivers. In March 2018 the first fatal AV crash involving a pedestrian was recorded, this raised worldwide attention to the urgent need to ensure AV safety and security in order to prevent the recurrence of such incidents (Cui et al., 2019). 

In conclusion, Driverless cars tend to be a significant next step in transport technologies. AVs are a new field that needs more attention and new road rules.AVs are primarily driven by the desire to manufacture quicker, more efficient and safer vehicles. However, AVs also face many outstanding security and safety issues (Cui et al., 2019).








Sources:

Cui, J., Liew, L., Sabaliauskaite, G. and Zhou, F. (2019). A review on safety failures, security attacks, and available countermeasures for autonomous vehicles. Ad Hoc Networks, 90, p.101823

Eu.usatoday.com. (2018). [online] Available at: https://eu.usatoday.com/story/money/2018/01/14/car-hacking-remains-very-real-threat-autos-become-ever-more-loaded-tech/1032951001/ [Accessed 28 Feb. 2020].

Linkov, V et al. (2019). Human Factors in the Cybersecurity of Autonomous Vehicles: Trends in Current Research. Frontiers in Psychology, 10.

  The Federalist Society (2018). Driverless Cars: A New Challenge to Cybersecurity. [video] Available at: https://www.youtube.com/watch?v=_YrcslWaUsw [Accessed 1 Mar. 2020].



Survey results and comments

Survey results and comments


I have chosen for my survey a topic regarding antivirus software ''Antivirus software for PC'' including 12 questions, four about the person who does the survey like gender, age, occupation, and another eight-question about the product. I will print parts from my survey and I will add on the blog below.





After I finished my survey 10 persons have done it and I will register my results. I think it is enough to finish my task. I will analyze each question individually, however, for answers take together.

The first question about age group: The majority of people asked were in the category between 19-35 age and the percentage of 60%, age categories 36-50 and 51-64 have the same percentage, namely 20%. For for the other age categories there were no answers.
















The percentage between Windows version is similar, however, Windows 10 and 10 Pro occupies the same position which means people prefer to update their technologies what's new on the market.






For section regarding browser,, Google Chrome is the most used browser. That reflects a good
functionality.


Most people use antivirus which means it is important software on the PC software market.



The reasons behind using antivirus software the highest responses received computer performance, control on the website, identity theft. That reflects that people are aware of what happening if they occur cyber attack and what could be the consequences.



Users prefer a variety of software that the market provides, but McAfee 33.3% is on the top followed by Kasperky with 22.2 %. A percent relative smaller not use any software 11.1 %, that's mean one person from ten. Surprizing by update report, 70% do not have a valid antivirus license.








Regarding Spyware just 40% is using spyware software and the majority of 60% are not using a spyware license. Wo be responded at survey they prefer to buy a license from Bitdefender, followed in the same percentage of 16% by McAfee and free software Malwarebyte and  Bullguard. Linked importance of antivirus 60 percent chose the high score (5), which means antivirus is useful.


















Phishing

Phishing


Phishing attacks: defending organizations provides a multi-layered set of mitigations to improve your organization's resilience against phishing attacks, whilst minimizing disruption to user productivity.
Phishing carte bancaire

What is phishing?
Phishing is when attackers attempt to trick users into doing 'the wrong thing', such as clicking a bad link that will download malware, or direct them to a dodgy website.
Phishing can be conducted via text message, social media, or by phone, but the term 'phishing' is mainly used to describe attacks that arrive by email. Phishing emails can reach millions of users directly, and hide amongst the huge number of benign emails that busy users receive. Attacks can install malware (such as ransomware), sabotage systems, or steal intellectual property and money. Phishing emails can hit an organization of any size and type.
An intrusion could have devastating results. For individuals, this includes unauthorized purchases, the theft of funds or the identification of thefts.
In fact, phishing is often used to gain a foothold in corporate or government networks as part of a larger assault, such as an advanced persistent threat (APT) case. In this last scenario, workers become exploited in order to breach security perimeters, spread ransomware inside a closed environment, or obtain unauthorized access to protected data. In addition to increasing market share, reputation, and customer confidence, a company succumbing to such an assault usually sustains significant financial losses.


Phishing attacks
What is a phishing attack
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.

An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.

Moreover, phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT) event. In this latter scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.

An organization succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust. Depending on the scope, a phishing attempt might escalate into a security incident from which a business will have a difficult time recovering.

Phishing attack examples describe by Imperva (Learning Center, 2020).
The following illustrates a common phishing scam attempt:

  1. A spoofed email ostensibly from myuniversity.edu is mass-distributed to as many faculty members as possible.
  2. The email claims that the user’s password is about to expire. Instructions are given to go to myuniversity.edu/renewal to renew their password within 24 hours
Phishing attack example - Phishing email
Several things can occur by clicking the link. For example:

  • The user is redirected to myuniversity.edurenewal.com, a bogus page appearing exactly like the real renewal page, where both new and existing passwords are requested. The attacker, monitoring the page, hijacks the original password to gain access to secured areas on the university network.
  • The user is sent to the actual password renewal page. However, while being redirected, a malicious script activates in the background to hijack the user’s session cookie. This results in a reflected XSS attack, giving the perpetrator privileged access to the university network.
Phishing attack security requires all consumers and companies to take action. Vigilance is important to consumers. A spoofed message also includes small errors that expose its true identity. These may involve spelling errors or domain name shifts, as seen in the URL illustration above. Users should also stop and think about why they're getting such a text.




Learning Center. (2020). What is phishing | Attack techniques & scam examples | Imperva. [online] Available at: https://www.imperva.com/learn/application-security/phishing-attack-scam/ [Accessed 3 Feb. 2020].

Ncsc.gov.uk. (2020). Phishing attacks: defending your organization. [online] Available at: https://www.ncsc.gov.uk/guidance/phishing [Accessed 3 Feb. 2020].



SQL injection

SQL injection

An SQL injection, or SQLi attack, is a web-based intrusion attack that lets hackers use malicious code to bypass security mechanisms and gain access to SQL databases.
Image result for phishing foto


SQL (Structured query language) is is a domain-specific language used in programming and designed for managing data held in a relational database management system.
This kind of attacked results due to web developers' inattention and do not make aware of the input about this kind of vulnerabilities. One of the most important properties of the SQL injection attack is that it is easy to start and hard to avoid. These inappropriate programming practices allow attackers to trick the system by performing malicious SQL commands to exploit the database backend. Furthermore, the available scanning tools have limited features in shaping efficient attacking patterns which are required to detect hidden SQL injection vulnerability.SQL injection attacks allow attackers to spoof identities, exploit existing data, trigger repudiation problems such as voiding transactions or changing balances, allow full disclosure of all data on the network, kill or otherwise make it inaccessible, and become database server administrators.
SQL injection attacks, like much of computer technology, rarely stay constant. Halfond, Viegas, and Orso had identified seven forms of SQL injection attacks, differentiating between injection mechanisms and the attacker's purpose (Halfond, Viegas, & Orso, 2006, cited in Horner and Hyslip, 2017).

  • The injection methods, while not targeting themselves, concentrated more on how the attacker could insert SQL commands; for example, an attacker could exploit user fields, cookies, server variables such as HTTP headers, or use second-order injection to deliver commands (Halfond, Viegas, & Orso, 2006, cited in Horner and Hyslip, 2017). 
  • Tautology-based 
  •  require the entry of code statements conditionally, such that conditional statements often return a true value.
  • Piggybacking is the same attack discussed in Phrack magazine in 1998where SQL commands are placed in user input fields.
  • A union-query attack can trigger a database to return an unintended table to an attacker with a command.
  • Stored procedures, while being marketed as a conclusive defense against injection attacks, can become a tool for injection attacks if the stored procedures themselves involve vulnerabilities.
  • Inference attack, inference assaults are identical to unauthorized or logically flawed requests in that the intruder does not explicitly access data except SQL databases. The inference is further divided into blind injection and timing attacks (Halfond, Viegas, & Orso, 2006, cited in  Horner and Hyslip, 2017  ).
  • Lastly,  alternate encoding involves masking commands by using hexadecimal, ASCII, or Unicode encoding. By itself, this will not return valuable information, therefore, it is combined with other types of attacks to assist in avoiding detection (Halfond, Viegas, &Orso, 2006 cited in  Horner and Hyslip, 2017, )

How it work






There is an example of coding to launch an SQL attack (Konnyu, 2020).

"The code is simple. If there is a row in the users' table where the username and the password match, then the user will be logged in and the parameters come from the URL. But what will happen if I put this value for the password parameter: ' OR 1=1 –- ?" (Konnyu, 2020).

SQL reported attacks.



    Image result for phishing foto
  • In February 2002, Jeremiah Jacks discovered that Guess.com was vulnerable to an SQL injection attack, permitting anyone able to construct a properly-crafted URL to pull down 200,000+ names, credit card numbers and expiration dates in the site's customer database.
  • On November 1, 2005, a teenaged hacker used SQL injection to break into the site of a Taiwanese information security magazine from the Tech Target group and steal customers' information.
  • On January 13, 2006, Russian computer criminals broke into a Rhode Island government website and allegedly stole credit card data from individuals who have done business online with state agencies.
  • On June 29, 2007, a computer criminal defaced the Microsoft UK website using SQL injection.


  • In July 2008, Kaspersky's Malaysian site was hacked by the "m0sted" hacker group using SQL injection.
  • On August 17, 2009, the United States Department of Justice charged an American citizen, Albert Gonzalez, and two unnamed Russians with the theft of 130 million credit card numbers using an SQL injection attack. 
  • In October 2015, an SQL injection attack was used to steal the personal details of 156,959 customers from British telecommunications company TalkTalk's servers, exploiting a vulnerability in a legacy web portal


Conclusion: SQL injection is one of the most common and effective forms of attack on the system. Controlling the malicious SQL code / script on the web application and maintaining final privacy is still a key challenge for the web developer.

Badshah Mat Ali, A., Yaseen Ibrahim Shakhatreh, A., Syazwan Abdullah, M. and Alostad, J. (2011). SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks. Procedia Computer Science, 3, pp.453-458.

Horner, M. and Hyslip, T (2017) SQL Injection: The Longest Running Sequel in Programming
History. Journal of Digital Forensics, Security and Law.Vol. 12,  No. 2, Article 10.

Konnyu, J. (2020). SQL injection. [online] Bitninja.io. Available at: https://bitninja.io/blog/2018/08/31/most-famous-vulnerabilities-sql-injection [Accessed 2 Feb. 2020].

 Konnyu, J. (2020). [image]


Malware

Malware


It is a kind of malicious program, file or anything which produces damage on a computer or any other device.
Malware includes many other categories such as Trojan horses, viruses or worms and spyware.
Not all malware is a virus, but all viruses are malware.

What job  Malware has done?

Malware authors have using technologies to spread their malicious code. An example of this device could be a printer or USB. Hackers could send a malicious code into document format which is download via printer and can be easily spread to other devices such as computers or phones which are a link to these infected devices. An example could be rent printers, which is a high risk as that printers could be infected.
 Some malware is more aggressive, which allows authors to communicate with the sources that were infected, which is called command and control.

The common types of malware are presented in the picture, expose below.


Types of malware
Rouse, M (2020).What is Malware? 

In 2014 Lenovo ha preinstalled software called Super fish visual search, which was designed to prevent users from a potential attack, when the user opens and login at any browser or web page, the software engaged to. Thus, it software hijacks the user's computers, recording users'  data. Such us of this consumer must be informed by the companies if they have pre-installed any kind of software which could violate users' privacy.

According to Anglim. et. al. (2016), most computer users are not protected by law.

Governments should be aware of the damage malware can do and implement rules in those ways, that authors of attacks will be discouraged to commit any further cybercrime.

In 2019 has been reported by IBM X-Force Incident Response and Intelligence Services (IRIS) a total cost of 200 $ million dollars and lose 12000 devices in malware attacks.
The manufacturing industry was targeted by half of the destructive malware cases; other common targets were in the education or oil and gas sectors. Most of the X-Force IRIS team attacks identified targeted victim organizations in the USA, Europe, and the Middle East (Sheridan, 2019).
 A malware attack can start via a phishing email, credential stuffing or watering hole attack.
Once inside, attackers can lift passwords and poke around until they have access to the administration. Researchers who have found attackers are often present for weeks or months on a computer, asset, or network before beginning a destructive malware attack.  Dark reading has posted on their web, that X-Force IRIS to remediate an incident, takes around from some hundreds to thousands of hours.

One of the most notorious malware is ''WannaCry''.
WannaCry is an example of crypto-ransomware, a form of malware that cybercriminals use to extortion money. Ransomware as WannaCry comes under encrypting files or can lock the computer becoming inaccessible.WannaCry attacks computers as an operating system, using Microsoft Windows. It encrypts data and requests a ransom payment for its return in the Bitcoin crypto-currency.

The WannaCry ransomware attack launched in May 2017 was a global epidemic. This ransomware attack spread through Microsoft Windows operating computers. User files were held hostage, and they demanded a Bitcoin ransom for their return. The damage caused by this attack could have been prevented if not for the continued use of obsolete computer systems and poor education about the need to upgrade software.

The authors of the attack have used a weakness that has been found in the Windows operating system which was developed by the United States National Security Agency.
This breach in the operating system takes place due to the irresponsibility of many users that not update their system, although Microsoft deploys updates for windows security.
Kaspersky has stated for each infected computer, the user had to pay a claim of approximately $ 300 which increased considerably up to $ 600. Also, hackers allot just three days for payment after that the computer system is cracked forever without any change to recover any documents.
Researchers have found if users pay this amount, they will get control over their computers, but rather they will run out of money. Kaspersky said, when victims paid their ransom, there was no way the perpetrators could connect the payment with the machine of a specific victim. Also, Kaspersky recommended not pay a Ransome if the user experiments a Ransome attack.
Statistic WannaCry damaged around 230000 computers. Furthermore, this attack affected company such as Spanish mobile company, Telefonica, and also NHS hospital and surgery from the UK. NHS estimated a cost of 92 million pounds. The financial impact worldwide estimated is around 4 billion dollars.
Kaspersky recommends some actions doing to prevent computer infection.

  • Update your software and operating system regularly
  • Do not click on suspicious links
  • Never open untrusted email attachments
  • Do not download from untrusted websites
  • Avoid unknown USBs

A USB stick lying on a desk: a reminder to avoid using unknown removable storage to prevent ransomware


  • Use a VPN when using public Wi-Fi
  • Install inter antivirus software and update regularly
  • Back up files
In conclusion, Malware attacks cause damages that reflect huge financial losses can also have a long-term impact. Thus, open the eyes when using a computer and fallow the tips expose by experts.



Anglim, C, Nobahar, G, & Kirtley, JE 2016, Privacy Rights in the Digital Age, Grey House Publishing, Amenia. Available from: ProQuest Ebook Central. [19 Feb 2020].

 Kaspersky.co.uk. (2020).What is WannaCry ransomware?  [online] Available at: https://www.kaspersky.co.uk/resource-center/threats/ransomware-wannacry [Accessed 9 Feb. 2020].

Rouse, M. (2020). What is Malware?  [online] SearchSecurity. Available at: https://searchsecurity.techtarget.com/definition/malware [Accessed 12 Feb. 2020].

Sheridan, K. (2019). Destructive Malware Attacks Up 200% in 2019. [online] Dark Reading. Available at: https://www.darkreading.com/endpoint/destructive-malware-attacks-up-200--in-2019/d/d-id/1335444 [Accessed 5 Feb. 2020].

Sunday, 16 February 2020

Case Study - Apple

Case study, Apple company


I have chosen for my case study Apple company, more precisely security on Apple devices.
 According to Apple, the company is using hardware security, antivirus software is building into hardware. It has security competences designed into silicon. This kind of security is found in any Apple products which running iOS, iPadOS, macOS, watchOS, and tvOS (Apple Support, 2020).

The most critical component is the Secure Enclave, which is built into modern devices. Secure Enclave is a type of cryptography. The enclave provides a foundation for encrypting data, secure boot in macOS and biometrics.

About Secure Enclave:


Secure Enclave is a hardware-based key manager isolated from the main processor that provides an extra layer of security.
If the devices have been compromised, the Secure Enclave maintains the integrity of its cryptographic operations.

Secure Enclave



   Fig1.  The Secure Enclave processor

how Apple security is broken by devices like smart devices.



References list:

Apple Support. (2020). Hardware security overview. [online] Available at: https://support.apple.com/en-gb/guide/security/secf020d1074/1/web/1 [Accessed 18 Feb. 2020].