INVITATION TO CYBERSECURITY 74 persist for a long time. For example, the Mirai botnet is made up of mostly IP cameras and home routers. Botnets are sometimes used to send spam email, and they can also be used to overwhelm a website with a deluge of network traffic. This makes the website unreachable because the web server is so occupied with bogus network traffic that it is unable to respond to legitimate requests. This is known as a distributed denial of service (DDoS) attack. The Mirai botnet was responsible for some large-scale and high-profile DDoS attacks in 2016, including one against the cyber investigative journalist Brian Krebs’ website KrebsOnSecurity in retaliation for an exposé he published the week before. The Conficker worm is an example of how publicizing vulnerabilities for defensive purposes can lead to attackers learning about them and creating n-day exploits. The timeto-exploit is the time between vulnerability disclosure to exploitation. Attackers have been getting faster at creating n-day exploits. This puts pressure on cyber defenders to patch vulnerabilities quickly, but patching carries a risk of downtime and care must be taken to do it correctly. Plus, many organizations are under-resourced when it comes to cybersecurity, and they are not always able to patch systems quickly enough to avoid being victims of n-day exploits. This is a major cybersecurity challenge. Some technical vulnerabilities are not due to bugs in software, but to software misconfigurations. For example, some products are shipped with default administrative usernames and passwords, and there are hacking websites devoted to compiling lists of these defaults. When these products are purchased and installed, if the default password is not changed, then hackers can gain admin access by guessing the password. Misconfigurations also happen when users install products but do not understand the security ramifications of the installation parameters. Software with lots of features can be complex, and it takes knowledge to know how to make the software as secure as possible for the needs of the organization. Some systems administrators are so focused on just getting the software to work that they neglect to investigate all the options to the extent necessary to make it secure. Hackers who know the software better than the people who installed it can take advantage of this ignorance and exploit the misconfiguration vulnerabilities to hack the organization. 4.1.2.3 Credential Stealing Credential stealing is a common way that hackers obtain unauthorized access to computer systems and data. When hackers obtain valid credentials for users, they can login as those users and are able to use the victims’ authorizations to access data, run programs, and initiate transactions. This leads to many different types of damaging attacks. Passwords are the most common authentication mechanism (more on this in Chapter 8), therefore, credential stealing typically involves attacks on passwords. Passwords are a serious vulnerability and are frequently exploited. When passwords are used as the sole form of authentication, password compromises are devastating. Many variations of password attacks are described in this section.
RkJQdWJsaXNoZXIy MTM4ODY=