Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Bypass Methods. Show all posts

Five Different Passive Attacks that are Simple to Miss

 

The most lethal strikes can occasionally be subtle attempts to subdue you all at once. Ironically, the most damaging assaults are those that wait patiently in the shadows until it is too late for you to take any action. The aim of passive attacks is to observe your behavior, and occasionally take your personal information, but never change your data. 

Define passive attack 

A network assault known as a passive attack involves monitoring and occasionally scanning a system for open ports and vulnerabilities. A passive attack doesn't directly harm the target; instead, its goal is to learn more about the system that is the target. 

Both active and passive reconnaissance are considered passive attacks. The term "reconnaissance" is derived from the military and describes the process of entering enemy territory to gather intelligence. Reconnaissance is the process of examining a system or network to acquire information before to launching a complete attack in the context of computer security. 

The following characteristics distinguish these two types of attacks: 

Active reconnaissance - The hacker interacts with the target system to learn about its weaknesses. To find out which ports are open and what services are operating on them, attackers frequently utilize techniques like port scanning. 

Passive reconnaissance - Without interacting, the intrusive party scans the system for vulnerabilities with the sole intent of learning more. The attacker frequently keeps tabs on a user's web session before using the data they gather to launch a subsequent attack. 

Passive assault forms

There are several types of passive attacks, including the following: 

Traffic analysis - In order to do this, network traffic going to and coming from the target systems must be examined. The patterns of communication transferred over the network are analyzed and deciphered by these assaults using statistical techniques. These attacks can be carried out on network traffic that is encrypted, but unencrypted traffic is more frequently the target of them. 

Eavesdropping - When an attacker listens in on phone conversations or reads unencrypted messages sent via a communication means, it is called eavesdropping. Snooping is comparable to eavesdropping, however, it can only access data while it is being transmitted. 

Wardriving - Wardriving is the practice of cruising around looking for unsecured wireless local area networks (WLANs) to access WiFi or personal data. Another name for it is access point mapping. WLAN-using businesses can avoid intrusions by implementing wired equivalent privacy (WEP) protocols or purchasing a reliable firewall. 

Dumpster diving - Dumpster diving is the practice of searching through trashed documents or deleted files on a person's or an organization's system in the hopes of discovering private data, such as passwords or log-in credentials. 

Packet sniffing - Here, the attacker sets up hardware or software to keep an eye on all data packets traveling over a network. Without interfering with the exchange process, the attacker keeps an eye on data traffic. 

How to defend yourself from passive assaults 

We now have a number of choices thanks to advancements in cybersecurity that will help prevent passive attacks. Here are a few tried-and-true defenses against passive assaults: 

Utilize an intrusion prevention system (IPS): IPS works by spotting and preventing unwanted port scans before they are fully completed and can inform intruders of all of your ports' vulnerabilities. 

Use encryption to protect sensitive data: Symmetric or asymmetric encryption can make it much more difficult for anyone attempting to access your data from the outside. To keep outsiders and intruders out of your data, encryption functions as a locked gate. 

Invest in a strong firewall: Firewalls monitor and regulate network traffic, preventing unauthorized users from using the network's resources. 

Keep private any critical information as much as you can: Do not enter your log-in information over a public network or share sensitive information online.

Researchers Find an Akamai WAF Access Point

The bypassing of Spring Boot-based Akamai web app firewalls (WAF) by a hacker could result in remote code execution (RCE).

The WAF from Akamai uses adaptive technologies to prevent known online security risks and was modified a few months ago in order to reduce the danger of Distributed Denial-of-Service (DDoS) attacks.

According to security researcher Peter M, the exploit employed Spring Expression Language (SpEL) injection, better known by the alias 'pmnh'. Usman Mansha and the analyst Peter H. claimed that Akamai has subsequently corrected the vulnerability, which was not given a CVE number.  

"This was the second RCE via SSTI we identified on this program, after the first one, the program added a WAF which we were able to overcome in a different portion of the application," GitHub explanation of the Akamai WAF RCE read. 

Access Point for WAF

The most straightforward approach to access the java.lang. Runtime class was through the SpEL reference $T(java.lang.Runtime), however, Akamai's software prevented this. 

Discovering a connection to a random class was the next step. Peter M., a technical writer, said that this would enable reflection-based or direct method invocation to access the desired method. 

Peter M. and Mansha constructed an arbitrary String using the java.lang and used a reflection mechanism to gain access to Class.forName.Accessible runtime value through Java.lang.

A second string was made to access the Runtime.getRuntime function and java.lang.Runtime, allowing for the creation of an effective RCE payload. The server recognized the final payload as a GET request because it was less than 3kb in size. 

The WAF was a difficult obstacle to get over, though. Finding an access point required more than 14 hours and 500 roughly designed tries, according to Peter M. In order to stop blatant copycats, the researcher chose not to provide the final payload in text format. 


Threat Actors are Employing Blended Attack Technique to Target Organizations

 

Threat actors are constantly evolving and are industrializing their toolboxes to remain one step ahead of defenses and stay off the radar. To counter those threats, companies need to have a better understanding of the new attacker toolbox and employ solutions that take a more holistic view of defense. 

In recent assaults, it is evident that threat actors are employing a blended attack approach where tools and methodologies aren’t easily detected by traditional and point perimeter defenses. Some examples of these blended attacks could look like:

Uniformed attack patterns

In this method, threat actors will choose one credit union and use that knowledge to target other credit unions with a similar tech stack. This is possible because so many organizations use the same software and are thus vulnerable to the same flaws. 

Waiting game 

Attackers play a waiting game because they only need to win once in order to have a successful attack. Cybercriminals can progressively develop an attack over days and weeks by poking around the edges of an organization to see what the thresholds are. In a second phase, they will meter their attack to come in under that threshold and go after high-profile assets. 

Bluffing technique 

Attackers employ a bluffing method by gaining the attention of the firm’s security team with a DDoS assault and then perform the actual assault against other assets. Most firms find it difficult to cope with these mixed-mode attacks because they are left vulnerable on every front of their defense system. The situation becomes more difficult when organizations rely on outdated defense strategies and point products that focus on blocking a single variant of an automated attack. These tools were developed to do one thing and aren’t cutting it anymore. It is time for organizations to take a new approach or suffer the consequences of outdated defense strategies. 

Modern threats need modern solutions 

To protect themselves, organizations need to adopt a multi-defense approach because if any firm is relying on one defense mechanism, then it will be exposed. Organizations can employ a defense in depth (DiD) strategy which helps in shielding systems and data from cyber assault. In this approach, there are multilayers, and if one defense fails, another is there to block an assault. This intentional redundancy creates greater security and can protect against a variety of attacks.

Additionally, it is important to think like an attacker because it is imperative to remain proactive than reactive and ensure attackers are both identified and tracked, even if their IP or identifying traits morph. This approach enables adaptive coercion and action by which attackers systematically confront both human and non-human attackers and understand their intent. These actions include blocking entities, querying, or tarpitting suspicious traffic. 

The nature of cyber threats has evolved over the years but so has cyber security defenses. It is essential that organizations rely on defenses that offer solutions to the modern problems they face. The best way to become an easy target is to remain static by using outdated defense techniques.