Photo by fabio on Unsplash
Hey folks,
How was the day? Boring?! The usual?
No worries. Let’s learn a few things.
1.Security Data Lake
Security data lake is the place containing various security information on particular threats. malware and latest news on what’s happening in the industry(It’s not a real lake, don’t assume it as one). Now, by using this application, a company can benefit by using search queries, better employee education and training, Rather than looking for a particular security information individually one by one, It’s a lot better by having them in one single place. So, That’s the basic information on security lake.
Photo by Emma Harper on Unsplash
This is a sword that cuts both sides, now let’s imagine a scenario where the company’s systems gets compromised and the attackers has the access to see what kind of attacks and threats that this company has been trying to mitigate. They can see on which specific threats the company was trying to harden their security infrastructure from(obviously by seeing log files, there isn’t any need for special application features),Now, the attackers can pin-point and deploy attacks focusing on their vulnerable side of company’s assets. It’s amazing how many ways there are to do some certain things when it comes to security issues.
2.Lateral movement techniques
Like we discussed on yesterday’s topics, after compromising a system the attacker needs to gain more access into the network he is in(to compromise more systems), that is what we call as a lateral movement in security. The whole infrastructure is designed in a hierarchical way, it needs a lot of access and privileges to get into another level. I must say that doing this requires a lot of expertise in windows/Linux exploit development. Without any knowledge of exploit creation, the attacker cannot move further. After compromising one system, the best he/she can do is dump the data that is available on it.
Photo by Joshua Reddekopp on Unsplash
Coming to exploit creation, with available existing exploits we can only have some chance on the devices that aren’t updated to the latest security patches. We can only do so much with disclosed vulnerabilities, once the vulnerabilities gets reported, the microsoft/linux distro team would treat it as an immediate fix and patch that vulnerability by rolling out a security update which removes the probability of them getting compromised. To pwn a system, one needs to know how to create complex/sophisticated exploits on their own. It is hard, because i know how deep the understanding should be in such cases. The prerequisites are another thing that we need to focus on. If there’s a legit fire inside you, the fire will burn even if you drown yourself in freezing water.
3.Spear-Phishing Attacks
Spear-phishing attacks are a variant of normal phishing attacks but with a change in how data gets received by the attackers. In traditional phishing, an unknown person can be seen sending the malicious links/media then the victim falls for it and gives the attacker what he/she had requested over the URL mostly by using some social engineering tactics. Now, coming to the spear-phishing, In here the malicious URL sender is a trusted person to the victim, the victim trusts this person.
Photo by Brady Rogers on Unsplash
Let’s say your best friend’s phone has been compromised and is remotely controlled by an attacker, you will get a message saying “Hey man, My phone has been drenched in rain and my calls aren’t going through i think my microphone is damaged, My cards are declining and my bank stopped working. I’m stuck in <faraway place> can you send some money to this <attacker’s throwaway bank details> ? i really need your help man.” If the attacker is smart/rich enough he can even train an AI voice model according to this. Since your bestie is in trouble like everyone you would obviously send some cash, the attacker will probably send the same text to many others after carefully filtering out the contacts and going through previous messages. So, that’s how it is done. So much hassle for a few bucks don’t you think so? Even a single cent is a win for them.
4.Zero-Trust Security
Zero-Trust is a security practice where a certain company will take into consideration that one of their employees’ account will be compromised or even the board of directors’. By implementing this practice, an employee has the access only to his work and what resources he needs, in this way the attacking vectors are minimized, even if someone gets compromised the attacker cannot escalate the compromise upto higher levels.
Photo by Scott Rodgerson on Unsplash
Zero-Trust is a very good way in companies that requires data integrity and confidentiality. The set-up might be a hassle and the maintenance can be another hassle often needing additional support whenever some employee faces privilege issues, but the gains outweigh the loss in my opinion. So, It’s best to follow “Better safe than sorry”.
5.Extended detection and response
Extended detection is a way to split and manage more security-needing assets and resources. Intrusion detection systems often Focus on only certain few endpoints where there are constant threat alerts, a broader approach makes it more secure for the company’s assets and data so that the umbrella stays above all of the critical assets’ securing them and sending alerts to the team whenever there are logged mishaps.
Photo by Clay Banks on Unsplash
A company should focus on the entirety of its infrastructure, a small vulnerability is enough to cause huge outages and downfalls. That’s why it’s important to keep auditing and constantly checking for any intrusions.
Looks like i had discussed very little today, I’ll try to go into a bit depth tomorrow, That’s a wrap for today. See ya later.