Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Incident Response with Threat Intelligence

You're reading from   Incident Response with Threat Intelligence Practical insights into developing an incident response capability through intelligence-based threat hunting

Arrow left icon
Product type Paperback
Published in Jun 2022
Publisher Packt
ISBN-13 9781801072953
Length 468 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Roberto Martinez Roberto Martinez
Author Profile Icon Roberto Martinez
Roberto Martinez
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Section 1: The Fundamentals of Incident Response
2. Chapter 1: Threat Landscape and Cybersecurity Incidents FREE CHAPTER 3. Chapter 2: Concepts of Digital Forensics and Incident Response 4. Chapter 3: Basics of the Incident Response and Triage Procedures 5. Chapter 4: Applying First Response Procedures 6. Section 2: Getting to Know the Adversaries
7. Chapter 5: Identifying and Profiling Threat Actors 8. Chapter 6: Understanding the Cyber Kill Chain and the MITRE ATT&CK Framework 9. Chapter 7: Using Cyber Threat Intelligence in Incident Response 10. Section 3: Designing and Implementing Incident Response in Organizations
11. Chapter 8: Building an Incident Response Capability 12. Chapter 9: Creating Incident Response Plans and Playbooks 13. Chapter 10: Implementing an Incident Management System 14. Chapter 11: Integrating SOAR Capabilities into Incident Response 15. Section 4: Improving Threat Detection in Incident Response
16. Chapter 12: Working with Analytics and Detection Engineering in Incident Response 17. Chapter 13: Creating and Deploying Detection Rules 18. Chapter 14: 
Hunting and Investigating Security Incidents 19. Other Books You May Enjoy

Emerging and future cyber threats

Technology is changing every day, so technological advances allow us to experience new ways of doing things, the way we work, the way we learn, and even the way we relate to other people. These modern technologies are developed to make them more usable and functional so that anyone without having too much technical knowledge can take advantage of them.

However, the architecture, design, and production of these technologies often does not consider the security part and many of the new devices you use daily are unsafe by design and exposed to potential cyber attacks.

Cyber attacks targeting IOT devices

Years ago, few people would have imagined that a simple light bulb, our smart TV, or our toilet could become an attack vector from malicious actors. According to Gartner, there will be 25 billion global Internet of Things (IoT) connections by 2025. The problem is that many devices are manufactured at a low cost to achieve greater market penetration, regardless of the threats to which these devices will be exposed.

Moreover, the risks are not just for home users; in enterprise environments, these devices could be connected within the same network infrastructure of computers and servers, raising the risk of compromising the organization's critical assets and information.

On October 21, 2016, DynDNS (Dynamic Network Services, Inc., a domain name system) was the target of an attack against the infrastructure of its systems. As a result, many Netflix, PayPal, and Twitter users, to name a few, could not access these services for hours.

The attackers provoked a Denial of Service (DoS) using a botnet known as Mirai, which turned millions of IoT devices into zombies that sent traffic in a coordinated manner against specific targets, which primarily affected the operational infrastructure in the United States. The estimated economic impact was $10 million:

Figure 1.5 – Live map of the massive DDoS attacks on Dyn's servers (https://twitter.com/flyingwithfish/status/789524594017308672?s=20)

Figure 1.5 – Live map of the massive DDoS attacks on Dyn's servers (https://twitter.com/flyingwithfish/status/789524594017308672?s=20)

In November of the same year, several DSL service users in Germany reported problems with their internet connection devices due to traffic saturation on TCP port 7547 by Mirai that affected their access to the network. In January 2018, a variant of the same botnet appeared, targeting the financial sector and affecting the availability of its services.

In that year alone, the percentage of botnet-related traffic for deletions on IoT devices was 78%, according to a NOKIA study. In 2019, Kaspersky detected around 100 million attacks targeting IoT devices using honeypots.

In July 2020, Trend Micro found that Mirai's botnet exploits the CVE-2020-5902 vulnerability on IoT devices, allowing it to search for Big-IP boxes for intrusion and deliver the malicious payload.

The digital evidence generated by these devices is essential to identifying promptly the origin of an attack and to be able to visualize its scope and impact.

Autonomous vehicles

More applications are being integrated with vehicles and can connect with users' mobile devices. These apps often supply access to social networks or payment apps, such as Apple Pay, Samsung Pay, or Google Pay users.

On the other hand, autonomous vehicle manufacturers integrate capabilities that reduce the number of accidents and improve transport infrastructure efficiency. Using the OBD II and CAN bus access points, someone can perform a remote diagnosis of a vehicle's operation or its location, carry out remote assistance, or obtain telemetry information collected from the vehicle.

These capabilities, however, open new attack surfaces, including the following:

  • System update firmware manipulation
  • Installing malware on the vehicle system
  • Interception of network communications
  • Exploiting software vulnerabilities

In 2013, security researchers Charlie Miller and Chris Valasek, along with journalist Andy Greenberg, showed how it was possible to hack a vehicle by taking control of the brakes or vehicle speed. In 2015, they met again, and on this occasion, they took control of a Jeep at 70 miles per hour using a zero-day exploit that allowed them to take control of the vehicle remotely over the internet.

These discovered vulnerabilities opened the door to new attack scenarios where sensitive user information can be compromised and even put human lives at risk.

In a short period following a traffic incident, and especially with the increase in the number of autonomous vehicles, it will be necessary to collect evidence from the vehicle's digital devices to investigate the details that will help to identify what caused the accident.

Drones

The global drone market will grow from $14 billion in 2018 to over $43 billion in 2024, with a compound annual growth rate (CAGR) of 20.5%. Their non-military use has shown potential for multiple fields, including engineering, architecture, and law enforcement.

Unfortunately, in many cases, their use is not regulated. In several situations, they have been involved in incidents that have jeopardized the operation of airports or the same plane, as was the case at Heathrow Airport in London, where flights were suspended, causing significant financial losses and inconvenience to passengers.

Other risks relate to organized crime in carrying out drug transfers across the border undetected or even attacking rival groups. Drones can also pose a risk to people's privacy, as a drone could record video, take pictures, or sniff conversations in the distance.

If a drone is used illegally, it is essential to collect the evidence necessary to carry out the investigation, using the appropriate procedures and tools.

Electronic voting machines

The use of digital devices in several countries' electoral processes around the world aims to ensure that the voter registration processes, as well as vote capture and counting, are efficient and reliable.

However, like all digital systems, there are attack surfaces on these systems that an attacker could use to compromise the results of an election and the reliability of the systems themselves. Security researchers have revealed that some voting systems could be vulnerable to distinct types of attacks.

In 2019, in the DefCon Voting Village, several security researchers analyzed more than 100 voting devices, some of them currently in use, and found that they were vulnerable to at least 1 type of attack.

Electoral processes are vital in ensuring not only democracy, but also political and social stability, so it is incredibly important to ensure its reliability and security.

In the event of a security incident occurring on a digital voting device in an election, the Digital Forensics and Incident Response (DFIR) professional's role would be key to quickly and effectively discovering what happened and avoiding further damage to the electoral process.

Cyber attacks on robots

Beyond science fiction, where movies or streaming series show an apocalyptic scenario with robots taking control of humanity, the reality is that robots are already everywhere, whether they are assembling components in a factory or performing high-precision surgeries.

However, the evolution of AI poses new security challenges. What if an attacker compromised a robot and could manipulate it?

There is a category of robots known as social robots; these robots' role is to interact with humans in different ways, such as assisting them or serving as a companion. According to a study by IDLab – imec, University of Ghent, Belgium, regarding the abuse of social robots for use as a means of persuasion or manipulation, they identified the following risks when they performed several proofs of concept:

  • Gaining access to protected areas
  • Extracting sensitive information
  • Influencing people to take actions that put them at risk

In 2018, researchers from the security company IOActive presented the first ransomware attack on robots at the Kaspersky Security Analyst Summit event. In the presentation, they talked about how it was possible to hack social robots known as Pepper and Nao, showing a proof-of-concept video where they modified the source code and made the robot ask for bitcoins (https://youtu.be/4djvZjme_-M).

Considering a robotic-oriented threat landscape, the same scenario could occur with other types of robots and affect a production line in a factory or even a medical surgery, putting people's lives at risk.

For this reason, it is important to identify attack surfaces that could pose a security risk through threat modeling. Currently, there are several related documents with threat modeling for specific models of robots or even for the most well-known robotic operating systems, such as ROS 2: https://design.ros2.org/articles/ros2_threat_model.html.

A specialized device called Black Box was created by the Alias Robotics company to capture information relevant to robots' activity (https://aliasrobotics.com/blackbox.php). In the event of a security incident, this information could be handy in responding and conducting forensic investigations.

The challenge of new technologies for DFIR professionals

Without a doubt, the future looks fascinating for professionals in the incident response field. However, there are many challenges along the way.

The dizzying and constant evolution of technology means that there are more and more digital devices. Although many of them use open and standard technologies, others integrate proprietary components that could make it more challenging to obtain evidence or conduct an investigation.

On the other hand, it is necessary to expand our knowledge into new specialized fields of DFIR and learn about the latest technologies.

You have been reading a chapter from
Incident Response with Threat Intelligence
Published in: Jun 2022
Publisher: Packt
ISBN-13: 9781801072953
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image