Scribd Logo
Upload

Welcome to Scribd!

  • 61 views

    Cyber Security Threat Landscape: Ashutosh Bahuguna - Scientist-C - CERT-In

    Uploaded by

    Sruthi Srinivasan
    The document discusses various cyber security threats including drive-by downloads, targeted attacks, mobile malware, and web application vulnerabilities. It provides examples of disaster-induced cyber attacks and uses a case study of malicious software spread during a natural disaster in India. The document also covers client-side attacks, command and control operations of botnets, and concludes with a case study of a malicious webshell upload exploiting an unvalidated file upload vulnerability.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Cyber Security Threat Landscape: Ashutosh Bahuguna - Scientist-C - CERT-In

    Uploaded by

    Sruthi Srinivasan
    61 views23 pages
    The document discusses various cyber security threats including drive-by downloads, targeted attacks, mobile malware, and web application vulnerabilities. It provides examples of disaster-induced cyber attacks and uses a case study of malicious software spread during a natural disaster in India. The document also covers client-side attacks, command and control operations of botnets, and concludes with a case study of a malicious webshell upload exploiting an unvalidated file upload vulnerability.

    Original Title

    CIPS-2018-0112

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses various cyber security threats including drive-by downloads, targeted attacks, mobile malware, and web application vulnerabilities. It provides examples of disaster-induced cyber attacks and uses a case study of malicious software spread during a natural disaster in India. The document also covers client-side attacks, command and control operations of botnets, and concludes with a case study of a malicious webshell upload exploiting an unvalidated file upload vulnerability.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    61 views23 pages

    Cyber Security Threat Landscape: Ashutosh Bahuguna - Scientist-C - CERT-In

    Uploaded by

    Sruthi Srinivasan
    The document discusses various cyber security threats including drive-by downloads, targeted attacks, mobile malware, and web application vulnerabilities. It provides examples of disaster-induced cyber attacks and uses a case study of malicious software spread during a natural disaster in India. The document also covers client-side attacks, command and control operations of botnets, and concludes with a case study of a malicious webshell upload exploiting an unvalidated file upload vulnerability.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 23

    Cyber Security Threat Landscape

    Ashutosh Bahuguna | Scientist-C | CERT-In


    [email protected]
    Topics of Discussion
    • Disaster/Event and Cyber Attacks

    • The Drive-by-download

    • Client Side Attacks

    • Targeted Attacks /RATS


    • Mobile Malware Threats

    • Case Study : DNS Changer Malware

    • Low-Hanging Fruit : Web-application #

    # Demo.
    Disaster Induced by Cyber Attacks
    Estonia Cyber Attack

    Attacks on Critical Sector Infrastructure- Nuclear, Power, Defense…

    What will happen, if motor shaft will spin with 100 X of its normal
    speed?

    What will happen, if control rod of nuclear reactor is controlled by


    attacker?
    Cyber Attacks induced by Disaster/Event;

    Case Study- Himalayan Tsunami in State of Uttarakhand


    Fake donations websites during Disaster/Crisis
    Malware spread through malicious mails and links
    Attacks on Government websites

     Malware propagation through various Crucial/legitimate govt. websites

     Defacement of crucial/Govt. websites

     DDoS attacks on various crucial/Govt. websites


    Client Side - Threats
    C2 Operations and Threats
    Bot Herder
    C&C

    C&C C&C
    Drive-by-download
    Unintended download of computer software from the Internet:

    • Downloads which a person authorized but without understanding the


    consequences

    • Any download that happens without a person's knowledge

    11
    2 User request legitimate website

    Resp.
    3 Website response
    including malicious
    code
    Req. Connect
    Legitimate website Attacker

    1.2 Infect a legitimate website


    Legitimate user’s
    system
    1.1 Create a Malicious website
    4 User’s browser
    Attacker request for content
    from malicious website

    5 Malicious website successfully


    delivers malware/virus

    Malicious website
    Attack on client side software

    • PDF Reader/ Flash


    • Microsoft office Docs
    • JAVA
    • Client side web browsers and extensions
    /plugins
    Targeted Attacks

    14
    Targeted attack /Advanced Persistent threat

    • Probably the most damaging type of internet threat.

    • Designed to target a specific individual or organisation.

    • How did they get in?


    – Takes place via interesting and relevant email I local language with Microsoft Office/ PDF
    attachments
    – Likely to have themes around political or newsworthy events
    – Suspicious features of the mail header
    – Likely to be from a webmail account (adds legitimacy) Often attackers try to convey a sense of
    importance or urgency to open the attachment
    Targeted Attack Vectors

    • Spear phishing – emails

    • Malicious office/pdf documents

    • Pre-malware loaded USB (pen) drives

    • Malicious websites hosting by exploit kits


    Mobile Threats

    • The mobile counterparts.


    • Zitmo(Zeus In The Mobile), Spitmo(SpyeyeIn The Mobile),
    carberp
    • Multitude among almost the major platforms.(Android,
    Symbian, Blackberry)
    Quick Response Code (QR Code)
    Use your tablet or phone camera to scan this image to visit our
    website!

    • Visit our Website @

    !! What if Setup by Attacker- SET toolkit for Launching Attack!!


    Server Side - Threats
    Web-Application Attacks

    • Low-hanging Fruit – In-house developed- **Develop your website just Rs. 500/-**.

    • My Valid Email-id
    echo 6173686f6f2e6f6e6c696e6540676d61696c2e636f6d | perl -pe
    's/(..)/chr(hex($1))/ge'

    • “75% of all attacks occurring at application layer”—Gartner

    • “8 out of 10 websites are vulnerable to attack”—WhiteHat Security Team

    • Web apps account for 80 percent of internet vulnerabilities


    Attacks are moving Up

    Application Layer

    Transport Layer

    Network Layer

    Physical Layer
    Case Study: Malicious Webshell Upload
    • Abusing the upload feature!!!!!
    • Vulnerability utilized:
    --Un-validated malicious file upload in upload module of
    website.
    • Uploaded backdoor shell “web32.php”.
    • Maintained backdoor access.
    • Malicious Action: modified the content of home page of the
    website.
    Thank You!

    Stay Safe! !

    You might also like