Attacker gmail will receive the keylogging information ...11 Figure 4.. File python running latently ...11 Figure 5.. Malicious software malware: Malware short for “malicious software” i
INTRODUCTION
Network breaching
A network security breach refers to when an outsider finds a way to by- pass your cyber security to get inside your network Once inside your system, they can gain unauthorized access to data, applications, and devices Think of a cyber security breach like a burglar eluding security systems to break into a bank.
Although they are often used interchangeably, a security breach and a data breach are different things
A security breach means someone was able to exploit a vulnerability and break into your network
A data breach involves the bypassing of security and suggests that the in- truder got away with information.
Type of breach
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users.DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash In both instances, the DoS attack deprives legitimate users (i.e employees, members, or account holders) of the service or resource they expected.
A distributed denial-of-service (DDoS) attack is a malicious at- tempt to disrupt the normal traffic of a targeted server, service or net- work by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
Malware (short for “malicious software”) is a file or code, typi- cally delivered over a network, that infects, explores, steals or conducts virtually any behavior an attacker wants And because malware comes in so many variants, there are numerous methods to infect computer sys- tems.
Unauthorized access is when a person gains entry to a computer network, system, application software, data, or other resources without permission Any access to an information system or network that violates the owner or operator’s stated security policy is considered unauthorized access Unauthorized access is also when legitimate users access a re- source that they do not have permission to use.
Detecting method
1 Certain IP addresses send too many connection requests over a short time Typically, these connections don’t get completed since the true sources of IP packets remain hidden.
2 Your server responds with a 503 unavailable error due to service outages This error is usually gone when the traffic volume de- creases If it doesn’t disappear after a while, something is wrong.
3 Certain traffic source addresses keep querying for the same set of data long after the TTL for the site has passed Authentic traffic isn’t supposed to behave so
4 When your employees start reporting slow site performance due to using the same connection for internal software.
5 You can see unusual spikes in traffic in your GA reports and can’t come up with any viable reasons to explain them.
Unusually slow network performance (opening files or accessing websites).
An inability to access any website.
The best way to detect and identify a DoS attack would be via net- work traffic monitoring and analysis Network traffic can be monitored via a firewall or intrusion detection system An administrator may even set up rules that create an alert upon the detection of an anomalous traf- fic load and identify the source of the traffic or drops network packets that meet a certain criteria.
Using the browser when click the link and the browser warning about the security and some harmful technique which can affect the safety of user experience.
Using the application that can detect the virus or potential harmful appli- cation (e.g: kasperky, Norton, McAfee, chongluadao, …)
Detecting the unusual stage of the database or account by checking the system location login or if the account has 2 level login and it can an- nounce to the registered gmail.
DEMO
Demo spyware (keylogger)
Idea: create a spyware by python and link it with the application that we want to exploit the information and every enter with 15 words the app will send the data to attacker gmail.
Main library feature for attacking: pynput which can spy the key press on keyboard
Specify description: create file “.bat” link from application A with file python which both of them can start at the same time File python needs to change from file py to “.pyw” which can help file python run behind the background without behave on screen.
3 components file we need for this demo:
In file a.bat we locate the file pyw and garena location aims to start both of the at the same time so the user will not recognize the unusual process.Then at the propertie of Garena file, we need to change the target location from Garena original location to file a.bat
Figure 2 Target account for this demo
After we click “Enter” the information will send to the hacker gmail im- mediately.
Figure 3 Attacker gmail will receive the keylogging information
When we check in task manager the file python is running behind
Figure 4 File python running latently
Phishing website
This demo, we will introduce about the tool to create the phishing website which is called zphisher
In this tool, hacker can make a camouflage website like facebook, google etc
2 main demo for this tool: localhost and make a link for outsider localhost:
And then it will give two options about make a fake IP or keep it so just keep it for now then.
When we access the link here is what we got And then try to login the ac- count so the information will be sent to the attacker’s terminal
Demo with create and send malicious link to other computers:
In this case, we will try to use the gmail account for demonstrate the prob- lem.
Figure 9 Choose type of gmail UI
Then when attacker choose how to attack then choose Cloudflared or other kind of attack.
Figure 10 Choose Cloudflared or other method except the localhost
The attacker chooses mask the IP address and URL which can make the link more trustable Then it creates the link for attacking.
Then the process will be the same with other method is to record the ac- count in file txt and attacker terminal.
After user enter their accounts, the web will delivery user to real website with user’s information.
Figure 14 Account’s information in terminal
DDoS using Slowloris tool
In this demo, we will know about how DDoS attack the computer. Slowloris is a free and Open-source tool available on Github We can perform a denial of service attack using this tool It’s a framework written in python. This tool allows a single machine to take down another machine’s web server it uses perfectly legitimate HTTP traffic It makes a full TCP connection and then requires only a few hundred requests at long-term and regular intervals.
As a result, the tool doesn’t need to spend a lot of traffic to exhaust the avail- able connections on a server.
Here we will illustrate the demo website and make it can not load when real user try to access the website
We need Apache is the most commonly used Web server on Linux sys- tems Web servers are used to serve Web pages requested by client computers. Clients typically request and view Web pages using Web browser applications such as Firefox, Opera, Chromium, or Internet Explorer.
By the apache we can use the IP/or URL to access the website server.
Usually, the apache2 will start behind but to be sure we need to check the status of the apache2.
If there is no active, we can use this code for active the apache2
After active the webserver and find the ifconfig which will determine the
IP address of computer’s LAN which contain the webserver with active apache.
Then clone the slowloris from github and execute file python of the slowloris folder.
User enter this code in terminal to run file python
“python3 slowloris.py -s 500”
Figure 20 Run slowloris.py with 500 fake request
Figure 21 Check how many clients send requirement to server
Figure 22 Use wireshark to detect more about the problem
SOLUTION
Keyloggers
To help protect yourself from keylogger malware, follow general online safety best practices and maintain a healthy sense of skepticism when en- gaging in any online activity.
Malicious keylogger protection is similar to most forms of virus protec- tion, but no solution is foolproof New malware is being written all the time, but here’s how to prevent keylogging attacks as much as possible by reducing your risk of encountering malware.
Two-factor authentication is one of the most effective forms of virus, malware, and keylogger prevention Also known as 2FA, this solution adds an extra log-in step such as a fingerprint or tem- porary PIN sent to your phone, helping verify that the person log- ging into your account is really you
Enable 2FA whenever you can to help ensure that if your informa- tion is stolen, cybercriminals can’t sign into your accounts re- motely.
The next best way to protect yourself from malware is to refrain from downloading any unknown files and avoid strange links alto- gether
Phishing attacks are getting more sophisticated, but be skeptical of anyone – even contacts you know – telling you to download at- tachments or click links out of the blue.
This solution displays an interactive keyboard on your screen so you don’t have to physically type on an analog one While it isn’t an airtight prevention tactic, it does circumvent keylogging hardware and any keylogging software specifically designed to record interactions with your physical keyboard
Some software can still monitor your on-screen interactions,however, so this should be seen as a supplemental tool and not a complete solution.
Password managers are not only convenient ways to ensure you don’t forget the seemingly endless number of logins we all have to juggle these days – they’re also great keylogger protection
By logging in with a password manager, you don’t display your passwords or physically type them, so keystroke monitors can’t capture them.
Look for antivirus software that includes anti-spyware and anti- keylogger protection
As with all forms of viruses, new, more sophisticated keystroke malware is being written all the time, so be sure to keep your software up to date to stay secure.
3.1.6 Consider voice-to-text conversion software
Similar to a virtual keyboard, voice – to - text conversion software can circumvent forms of keylogging that specifically target your physical keyboard.
Phishing
Phishing scams are one of the most common methods of attack you’re likely to come across They are a hugely profitable attack method for cybercriminals, as thousands fall victim to them every year. Fortunately, due to their commonplace nature, phishing scams are avoidable if you know how to correctly identify and prevent them.
3.2.1 Keep Informed About Phishing Techniques
New phishing attack methods are being developed all the time, but they share commonalities that can be identified if you know what to look for There are many sites online that will keep you informed of the latest phishing attacks and their key identifiers
The earlier you find out about the latest attack methods and share them with your users through regular security awareness training, the more likely you are to avoid a potential attack.
It’s generally not advisable to click on a link in an email or instant message, even if you know the sender The bare minimum you should be doing is hovering over the link to see if the destination is the correct one
Some phishing attacks are fairly sophisticated, and the destination URL can look like a carbon copy of the genuine site, set up to record keystrokes or steal login/credit card information.
If it’s possible for you to go straight to the site through your search engine, rather than click on the link, then you should do so.
3.2.3 Install an Anti-Phishing Toolbar
Most popular Internet browsers can be customized with anti- phishing toolbars Such toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites.
If you stumble upon a malicious site, the toolbar will alert you about it This is just one more layer of protection against phishing scams, and it is completely free.
3.2.4 Keep Your Browser Up to Date
Security patches are released for popular browsers all the time. They are released in response to the security loopholes that phishers and other hackers inevitably discover and exploit
If you typically ignore messages about updating your browsers, stop The minute an update is available, download and install it.
3.2.5 Never Give Out Personal Information
If the URL of the website doesn’t start with “https”, or you cannot see a closed padlock icon next to the URL, do not enter any sensitive information or download files from that site
Sites without security certificates may not be intended for phishing scams, but it’s better to be safe than sorry.
3.2.6 Check Your Online Accounts Regularly
If you don’t visit an online account for a while, someone could be having a field day with it Even if you don’t technically need to, check in with each of your online accounts on a regular basis Get into the habit of changing your passwords regularly too
To prevent bank phishing and credit card phishing scams, you should personally check your statements regularly
Get monthly statements for your financial accounts and check each and every entry carefully to ensure no fraudulent transactions have been made without your knowledge.
Firewalls are an effective way to prevent external attacks, acting as a shield between your computer and an attacker.
Both desktop firewalls and network firewalls, when used together, can bolster your security and reduce the chances of a hacker infiltrating your environment.
3.2.8 Be Wary of Pop-Ups
Pop-ups are often linked to malware as part of attempted phishing attacks Most browsers now allow you to download and install free ad-blocker software that will automatically block most of the malicious pop-ups
If one does manage to evade the ad-blocker though, don’t be tempted to click! Occasionally pop-ups will try and deceive you with where the “Close” button is, so always try and look for an
“x” in one of the corners.
Anti – spyware and firewall settings should be used to prevent phishing attacks and users should update the programs regularly
Firewall protection prevents access to malicious files by blocking the attacks
Antivirus software scans every file which comes through theInternet to your computer It helps to prevent damage to your system.
DdoS
One of the first techniques to mitigate DDoS attacks is to minimize the surface area that can be attacked thereby limiting the options for attackers and allowing you to build protections in a
To ensure that we do not expose our application or resources to ports, protocols or applications from where they do not expect any communication Thus, minimizing the possible points of attack and letting us concentrate our mitigation efforts
In some cases, you can do this by placing your computation resources behind Content Distribution Networks (CDNs) or Load Balancers and restricting direct Internet traffic to certain parts of your infrastructure like your database servers
In other cases, you can use firewalls or Access Control Lists (ACLs) to control what traffic reaches your applications.
The two key considerations for mitigating large scale volumetric DDoS attacks are bandwidth (or transit) capacity and server capacity to absorb and mitigate attacks.
Transit capacity : When architecting your applications, make sure your hosting provider provides ample redundant Internet connectivity that allows you to handle large volumes of traffic. Since the ultimate objective of DDoS attacks is to affect the availability of your resources/applications, you should locate them, not only close to your end users but also to large Internet exchanges which will give your users easy access to your application even during high volumes of traffic Additionally, web applications can go a step further by employing Content Distribution Networks(CDNs) and smart DNS resolution services which provide an additional layer of network infrastructure for serving content and resolving DNS queries from locations that are often closer to your end users.
Server capacity : Most DDoS attacks are volumetric attacks that use up a lot of resources; it is, therefore, important that you can quickly scale up or down on your computation resources You can either do this by running on larger computation resources or those with features like more extensive network interfaces or enhanced networking that support larger volumes
Additionally, it is also common to use load balancers to continually monitor and shift loads between resources to prevent overloading any one resource.
3.3.3 Know what is normal and abnormal traffic
Whenever we detect elevated levels of traffic hitting a host, the very baseline is to be able only to accept as much traffic as our host can handle without affecting availability This concept is called rate limiting
More advanced protection techniques can go one step further and intelligently only accept traffic that is legitimate by analyzing the individual packets themselves To do this, you need to understand the characteristics of good traffic that the target usually receives and be able to compare each packet against this baseline.
3.3.4 Deploy Firewalls for Sophisticated Application attacks
Using a Web Application Firewall (WAF) against attacks, such as SQL injection or cross-site request forgery, that attempt to exploit a vulnerability in your application itself
Additionally, due to the unique nature of these attacks, you should be able to easily create customized mitigations against illegitimate requests which could have characteristics like disguising as good traffic or coming from bad IPs, unexpected geographies, etc
At times it might also be helpful in mitigating attacks as they happen to get experienced support to study traffic patterns and create customized protections.