hp-security-research-cyber-risk-report-pdf-2-w-1408

Recommendations

Info

HP Security Research | Cyber Risk Report 2015FuzzingThis is an automated vulnerability research technique that involves using a fuzzer (a fuzzingtool) to inject malformed data to an application in order to attempt to cause it to crash. Thistechnique is used to uncover possible areas of weakness or vulnerability within the applicationfor further research and testing.Gameover ZeusA notorious botnet consisting of peer-to-peer variants of the Zeus malware family (also knownas Win32.Zbot). By using peer-to-peer, this botnet used a decentralized command-and-controlinfrastructure, thus avoiding the single point of failure of more centralized command andcontrol structures and making the botnet more resilient to takedown. The Zeus malware familyis associated with the sophisticated theft of online banking credentials; however, the botnetmay have been used to carry out other malicious activities such as propagating additionalmalware, sending spam, and carrying out distributed denial of service (DDOS) attacks. In mid-2014, U.S. authorities brought down a large botnet of Gameover Zeus variants and causedsignificant disruption to the botnet’s malicious activities.GepawMalware written for the Android platform that targets online banking users. One of the firstAndroid malware samples to be purposefully installed by a Windows component if an Androiddevice was connected to the desktop.Heap sprayHeap spraying is a technique used by attackers to assist in use-after-free exploitation bydecreasing entropy in the address space. It is not itself an exploit method; instead, it aidsattackers by making freed memory space more orderly and predictable. Heap spraying consistsof forcing repeated allocations in an attempt to reclaim the freed buffer and to introduce someusable order to the freed space.HeartbleedA flaw, discovered in 2014, that allowed for unauthenticated remote attackers to disclose thememory of applications that use a vulnerable version of OpenSSL. Successful attacks couldresult in the disclosure of SSL private keys, usernames/passwords, and session tokens.Information disclosure vulnerabilityA vulnerability that results in the unauthorized disclosure of information from a system. Theeffect of this type of vulnerability varies according to the nature of the information that may bedisclosed. Such information could be used in order to conduct reconnaissance before a targetedattack, or could be the end game of the attack. The Heartbleed vulnerability was an informationdisclosure vulnerability that allowed for unauthenticated remote attackers to disclose thememory of applications that use a vulnerable version of OpenSSL.JucheA North Korean political ideology that proposes that the future independence of the NorthKorean state is determined by the agency of its people. This principle (simplified here) is used todrive and promote policy in North Korea.KeyloggingThe act of capturing keyboard events, such as keystrokes, in a log file that can later beexfiltrated by an attacker. This type of function may be used to capture sensitive informationsuch as login details for various systems.Legacy codeCode within a software program inherited from a previous version of the program.MiddlewareThe software that sits between layers of other software to make the layers below and on theside work with each other. It is software invisible to the user that takes two or more differentapplications and makes them work seamlessly together.MoneyPakAn online payment system, often used by the perpetrators of ransomware and rogue antivirussoftware, to gather ransom and extortion payments from victims.72
HP Security Research | Cyber Risk Report 2015MozartRAM-scraping POS malware that was used in the Home Depot breach in order to steal thedetails of over 56 million debit and credit cards.mTANsA one-time password used by some online banking providers in order to authorize transactions.Private keysWithin a public key cryptographic system, a private key is one only known by its owner. Also, aterm used to represent symmetric key encryption, which is encryption based on a shared secretbetween two or more entities communicating.RAM scrapingRAM scraping occurs when the malware enumerates the processes and virtual memory spaceof the target machine looking for track 1 and track 2 data.RansomwareRansomware is malicious software that locks a user’s computer in some way and then demandsa ransom in order for service to be restored. This locking may include encrypting the user’s filesin some way and then demanding payment for the decryption key, or it could be more simplisticand only rely on giving the user the impression that their computer is locked (even though itmay be easily recoverable).Remote code execution (RCE) vulnerabilityA vulnerability that allows attackers to execute their own code on a target system. Dependingon the vulnerability used, the RCE may be executed with either user- or system-levelpermissions.ROP (return oriented programming)An exploit technique that allows an attacker to execute code while bypassing certain types ofdefense-in-depth measures, such as ASLR.SegfaultA segmentation fault (segfault) occurs when a program attempts to access a memory locationthat the program is not allowed to access. Segfaults may also occur when a program attemptsto access a memory location through a method that is not allowed. An example of this would bea program attempting to write to memory marked as read-only.ShellcodeA small piece of code used as the payload during the exploitation of a vulnerability. While thesetypes of payloads typically start from a command shell, any code that performs a similarfunction is generically referred to as shellcode.ShellshockA family of security vulnerabilities in the UNIX® Bash shell, first disclosed in September 2014.SongunA North Korean social ideology that prioritizes the needs and preferences of the KoreanPeople’s Army in affairs of state and in allocation of resources.Spaghetti codeA pejorative term for software that has an overly complex and tangled control structure. Codeof this type is named because the program flow is conceptually like a bowl of spaghetti (e.g.,twisted and tangled).TORFree software designed to allow users to enable online anonymity and resist censorship. Bydirecting traffic through thousands of relays, TOR (The Onion Router) conceals a user’s locationand network usage from those attempting to conduct network monitoring or traffic analysis.73
Page 1 and 2:
BrochureHP SecurityResearchCyber Ri
Page 3 and 4:
HP Security Research | Cyber Risk R
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22: HP Security Research | Cyber Risk R
Page 74: HP Security Research | Cyber Risk R
show all

hp-security-research-cyber-risk-report-pdf-2-w-1408

Create successful ePaper yourself

Delete template?

Save as template?