The Riskopedia

A glossary of Risks, Threats and other Cyber stuff in between

banner_full.png

Common Cyber Security Terms

 

Open Source Intelligence

Open source intelligence or more commonly known as OSINT, is the act of gathering intelligence from publicly available sources such as newspapers or simply googling things.

Indicator of compromise

When investigating a security incident, an "indicator of compromise" or IoC in short, is a clue such as an IP or file hash that points to a tool or an attacker. For example, a known bad files hash, or name

Third Party Risk Management

Third Party Risk Management is the practice of managing cyber security risks which come from a company's supply chain, customers, or any other related company. The process is usually comprised of a few stages - Discovery, Classification, Assessment, Remediation and Monitoring.

Misconfiguration

The term "Misconfiguration" in the context of Cyber Security refers to a default or inadequate configuration of a system that could lead to a security breach. For example, leaving read permissions to anyone on a publicly exposed folder or cloud bucket

Security Awareness Program

To reduce different risks that are mainly associated with social engineering attacks, companies preform various activities such as training, drills and others to ensure employees are security minded and vigilant

Vulnerability

In the context of cyber security, a Vulnerability refers to any type of weakness that could be exploited by a malicious person to compromise the confidentiality, integrity or availability of a system

Patch Management

In order to mitigate various vulnerabilities, companies perform regular software upgrades to their systems, this process is usually very time consuming and problematic due to the lack of high availability in most systems and continuity requirements.

Exploit

An Exploit is software written which abuses a systems vulnerability to compromise it. Exploits may give their executor complete control of a system, or have other dangerous effects

banner_full.png

Standards and Regulations

 

CoBit

first released in 1996, COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA. The framework defines a set of generic processes for the management of IT. Each process is defined together with process inputs/outputs, key process and activities,  objectives, performance measures as well as a simple maturity model.

GDPR

Entered into force on the 24th of May 2016, The GDPR's primary aim is to give control to individuals over their personal data. It is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). 

NIST Cybersecurity Framework

First released on April 16, 2018, The NIST Cybersecurity Framework provides a policy framework of computer security guidance for organizations to assess and improve their ability to prevent, detect, and respond to cyber attacks.

ISO 27001

Originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission(IEC) in 2005. It details requirements for establishing, implementing, maintaining and continually improving an information security management systems. 

HIPPA

Enacted on August 21, 1996, The Health Insurance Portability and Accountability Act of 1996 is a United States federal statute created to modernize the flow of healthcare information, stipulate how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft.

CCPA

Signed into law on June 28, 2018, The California Consumer Privacy Act (CCPA) is a state statute to enhance privacy rights and consumer protection for residents of California, United States. Similarly to GDPR, it gives individual greater control over their personal data, as well as addressing discrimination against for exercising their privacy rights.

Mitre Att&ck

Officially released in May 2015 by The Mitre Corporation (an American not-for-profit organization which manages federally funded research and development centers (FFRDCs) supporting several U.S. government agencies). The framework is a comprehensive matrix of tactics and techniques used to classify attacks and assess an organization's risk.

CSA CCM

Initially released on Decemeber 2009 by the Cloud Security Alliance (a nonprofit organisation formed to promote the use of best practices for security assurance in cloud computing). The Matrix is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.

banner_full.png

Osint Tools and Data Providers

 

Passive DNS

Passive DNS is the method of collecting information about Domain Name connections from the DNS requests (as opposed to collection information by making requests) 

WHOIS

WHOIS are public databases containing contact and registration information about Domain Names.

Search Engines

By using specially crafted search queries, it is possible to find many Cyber Security related artefacts such as exposed credentials and documents

Internet Scanners

There are many entities which are constantly running port scans on the entire internet and publishing this information. some examples are Shodan, Censys and BinaryEdge

P2P Networks

Networks such as Bitcoin, Torrent and others expose a lot of information about the ip addresses that use them. For example, it's possible to find out what files were downloaded by a certain ip, and if they had any known malware.

Client Side Analytics Codes

Many websites uses client side scripts that have a unique key that can be used to identify their accounts and thereby the ownership of a domain.

Blacklists

By reviewing commonly used blacklists it is possible to know if an ip address is being used for spamming by bots running covertly on the network.

SSL Certificate infrastructure

SSL certificates rely on a public infrastructure that exposes many details about the certificate owners and assets. For example one can find cloud assets that have just been issued a certificate by monitoring the "cert stream"

banner_full.png

Risk Types

 

CloudJacking

CloudJacking is the practice of gaining control of the victim's cloud assets, usually by exploiting exposed credentials and then asking for ransom.

Ransomware

Ransomware is a common risk in which the attacker encrypts files on the victims computers, and then demands ransom in order to decrypt them and re-allow access.

Insider data leaks

The practice of leaking confidential information for the purpose of personal gain via any digital channel such as the web or email etc.

Web application attacks

Certain web application (or APIs) bugs might allow an attacked to gain control and leak data or cause other damages.

Cyber Industrial Espionage

In some cases companies might employ professional hacker to steal intellectual property, cause damage to a competitor etc.

Crypto Mining

The practice of running a cryptocurrency miner on the victim's computer - this could be via a javascript on a malicous web page, inside a corporate network by an employee or on a cloud server after attacked

Fraud

When an attacker abuses the system in order to manipulate a business process for the purpose of financial gain. For example changing ones bank account balance, getting a free coupon in an online shopping cart, etc. 

Denial Of Service

Any attack the causes a degradation of services in a certain system. include using a botnet to create a flood of false traffic, or by exploiting a vulnerability the services of a large platform in order to bring down a smaller one (commonly called a reflection attack)

banner_full.png

Threat Actors Types

 

Cyber Terrorists

Government-Sponsored Actors

These actors prime focus is on creating damage to a political adversary, and are many times sponsored by or affiliated with real terrorist groups.

These groups are funded, managed by a nation. they could be part of a larger military or intelligence organisation, or a separate group. Their goals range from financial gains to espionage and terrorism.

Organized Crime/Cybercriminals

These actors are either criminal organisations that are purely cyber based, or sometimes managed and financed by real felons or organised crime organisations.

Hacktivists

Hacktivists preform cyber attacks in order to promote political agendas such as whistle blowing, ecological betterment, etc. 

Insiders

When an employee of an organisation abuses the company's systems in order to achieve financial gains, or any other goal.

Script Kiddies

These are individuals with a low level of skill which use ready made downloadable or purchased tool in order to launch attacks.

banner_full.png

Well Known Vulnerabilities/Incidents

 

ZeroLogon (CVE-2020-1472)

CloudBleed

Disclosed on the 11th of Aug, 2020, this cryptographic vulnerability in Microsoft's Active Directory allows an attacker to gain complete control of the entire environment.

On February 17, 2017 a security bug was discovered on the very popular cloudflare content delivery service. The security bug caused the contents of customer's web pages to mix with each other. Among other issues, sensitive information from internal user and admin pages were exposed to users and search engines.

Eternal Blue ( CVE-2017-0144)

Eternal Blue is an exploit that was developed by the NSA, and leaked on April 14, 2017 by the hacker group "Shadow Brokers". The exploit targets microsoft systems, and was later used in the large WannaCry and NotPetaya campaigns.

HeartBleed ( CVE-2014-0160)

HeartBleed is a security bug discovered in the OpenSSL cryptography library on the 1st of April 2014, but existed in the software two years before. Among other Impacts, it allowed attacker to access sensitive information on websites protected by SSL/TLS.

SQL Injection

In order to mitigate various vulnerabilities, companies preform regular software upgrades to their systems, this process is usually very time consuming and problematic due to the lack of high availability in most systems and continuity requirements.

BlueKeep (CVE-2019-0708)

A security vulnerability discovered in Microsoft's Remote Desktop protocol. First reported in May 2019, the vulnerability allows attacker to take complete control of unpatched systems.

Spectre/Meltdown (CVE-2017-5753/5715/5754)

These two are essentially variants of the same security bug that effect essentially all computer central processing chips that were manufactured in the past 20 years. These vulnerabilities allow access to sensitive information in the computers memory, previously considered protected.

ShellShock (CVE-2014-6271)

Disclosed on 12 September 2014, shellshock is a privilage escelation vulnerability in the widely popular Bash Shell application (which also runs components of many internet facing applications). It allows an attacker to run commands and gain access.