Find a Holistic Point of View on Business, Enterprise Architecture and Cybersecurity 

Cybersecurity Articles

Security Strategy and Intelligence - Practices and more

thumbnail_FNC_Articles.png

FNC_Articles.png

Web of Trust

thumbnail_Group 493.png

Group 493.png

thumbnail_Group 623.png

Group 623.png

thumbnail_Group 323.png

Group 323.png

Improve overall Security Posture of Mission Critical Infrastructure - Healthcare Cybersecurity, Industrial and Transportation, etc.

Cybersecurity in Critical Infrastructure | Healthcare Cybersecurity, Industrial, Transportation

thumbnail_Group 530.png

Group 530.png

thumbnail_Group 473.png

Group 473.png

thumbnail_Group 1065.png

Group 1065.png

Cyber Awareness - Customize organizational learning to suit distinct environments and diversified employees as technology cannot replace Awareness.

Cyber Awareness for Your Organisations

thumbnail_Group 574.png

Group 574.png

thumbnail_Group 1037.png

Group 1037.png

thumbnail_Group 1231.png

Group 1231.png

Build Cyber Resilience and assure Business Continuity with fnCyber™ Integrated IT Risk Management Solutions.

Cybersecurity | Integrated Risk Management Solutions

Embed Technology inside a Framework and achieve Cybersecurity for Real World Business Challenges.

Cybersecurity Case Studies

Realworld Business Challenges - Keep it Targeted and Simple

thumbnail_FNC_review.png

FNC_review.png

thumbnail_Group 506.png

Group 506.png

thumbnail_Group 573.png

Group 573.png

thumbnail_Group 1201.png

Group 1201.png

FnCyber Threat Response and Modelling Consultant Engineering Program is planned to give support to the threats establishments can face.

Threat Response and Modelling Consultant 

thumbnail_Group 531.png

Group 531.png

thumbnail_Group 572.png

Group 572.png

thumbnail_Group 1183.png

Group 1183.png

Vulnerability Management Solutions - Enterprise Risk Exposure Evaluation and Mitigation via Know your Infra Simulation, CVE and Service Asset Configuration Assessment Framework.

Vulnerability Management Solutions

Cybersecurity Insights from across the Industry in Threat Intelligence and Analytics, Awareness, Vulnerability Management and Critical Infrastructure Sectors

Cybersecurity Archives

Infrastructure Security - What makes it so critical

thumbnail_FNC_webinar.png

FNC_webinar.png

Cybersecurity and Attack Patterns in Network Communications

Secure Network Communication

Network Controls can save your day Any Time

# **Common Attack Patterns in Network Communications**

Imagine it's a beautiful Monday morning, and you just logged in your first client meeting on Microsoft Teams or Zoom or, for that matter, any collaboration tool of your organization. Fifteen minutes into the meeting, suddenly, you see a random individual waving at all the participants. Isn't that weird? Well, how about some foul language from her, or let's make it worst, how about some pornography pictures popping up during the meeting? How would you explain this phenomenon to all your stakeholders? In the world of cyber security, this notorious act of occurrence is called "Zoom Bombing." Although the attack first targeted the Zoom application, it was evident that the intrusion attack on a communications channel can be problematic to every other communications application in the market.

It was only a few months in 2020 when "Zoom Bombing" took pace across multiple organizations and when COVID-19 kicked in deep down various nations, forcing them to lock down completely. Hijacking famous communication applications like Zoom was mysteriously targeted when their video conferencing feature that hosted many audiences shared over a public channel, i.e., internet URLs that could be accessible to anyone easily did not cater to basic security mechanisms on its platform. The meeting IDs and URLs of a public meeting were easily guessed by internet predators from the dark web who made an easy entry, hijacking such conference meetings to create end-user confusion and chaos. The "One-click join" meeting feature made them pay with enough embarrassment and brand image damage.

With all that said, this was only one type of cyber-attack on a communications channel that our society saw recently. However, there are multiple other attack patterns already in practice prevalent in many industrial markets. Let's look at some of the common ones to learn more about them.

**Interception**
The interception type of an attack pattern is the most recurrent one that almost every security team across the globe must have come across at least once every month. Interception is an attack when an intruder tries to gain unauthorized access to confidential information. Interception can be further classified into Sniffing Network Traffic, Sniffing Application Codes, Intercepting Cellular Traffic, or Modifying HTTP Cookies. Let's look at these classifications one by one.
 - **Sniffing Network Traffic:** In this type of attack, the attackers first monitor the network multicast traffic exposed to the internet. Then, when an adversary notices vulnerabilities at the network protocol level, they initiate the packet sniffers to hijack standard TCP protocols in an attempt to capture sensitive or confidential information.
 - **Application Code Sniffing:** This type of attack is usually targeted when adversaries explore the target's patching cycle. The attackers closely monitor the target application's patching cycle, carefully sniff network communications and capture application codes that are not accessible to the general public for obvious reasons. An attacker can then use these sniffed codes to gain unauthorized access to a server by building a trust relationship to get hold of sensitive information, especially when such application codes are also a part of dynamic code upgrades where client-server communications take place.
 - **Cellular Traffic Interception:** In this type of attack, adversaries are well equipped with telecommunication towers that can sniff cellular traffic of voice and data from any mobile device. Additionally, the intruders use sophisticated tools to manipulate the retransmission devices via numerous methods.
 - **Modifying HTTP Cookies** The adversaries explore the target's critical client systems and try to obtain HTTP cookies that could be further used to access confidential and sensitive client information. Such attacks can be easily triggered via packet sniffers such as Wireshark. However, the most common motivation to obtain HTTP Cookies is to get the cookie and then modify it to an extent where it is capable enough to bypass the security controls of the targeted client systems.

**Traffic Injection**

In this type of attack, the adversary closely monitors the targeted network systems. As soon as they see an opportunity, a malicious code is injected at the network protocol level, forcing it to perform in the desired way. For instance, the attackers may change a BGP setting on one of the internet-facing routers that enable rouge connections to flood the router resulting in a high CPU usage error. However, the attackers tend to refrain from flooding the network systems, which may result in the systems going down just because they intend to make use of the injected network system resources and perform the desired changes to the environment and not just bring it down without taking any advantage out of the infected resources.

Unexpectedly, in a recent survey conducted by a security analyst from one of the Big 4 financial institutions in the world, it was reported that with the surge in web applications, traffic injection is one of the top 10 OWASP lists of vulnerabilities to be considered for next five years when it comes to web security. Well, even though he's just a security analyst, I concur with him.

**Communication Channel Manipulation**

How often have you or your security teams come across SSL exploitation attacks? I'm sure your response would be "umpteenth" times! I cannot deny that at least 34% of security attacks on communications channels are targeted on an incorrect SSL configuration or an attack on the SSL certificate itself. More surprising is that this number is only between May 2021 and July 2021. One can imagine how many sleepless nights it can cost our security engineers throughout the year. I pity them!
In this type of attack, the adversary focuses on manipulating the entry points of every communication channel by trying to obtain critical vulnerabilities from public-facing interfaces and security certificates and manipulating them to bypass security. For instance, such breach methods are very active in the financial and banking sectors, where digital transactions are crucial in their revenue models.

**Detection and Mitigation**

It is evident that organizations work relentlessly to stop such attacks, and there is no one size fits all type of detection and mitigation strategy. Every organization must plan, detect and execute all actions considering the nature of business and user behavior: their current security policies and their current state of security architecture. Things can be changed right away but with incredible time and planning.
To start with, enterprises must adopt a security maintenance strategy that can benefit them to implement security measures for Top 10 OWASP vulnerabilities and maintain and modify the security measures as and when the nature of the attack changes that can be detected well in advance.
Organizations must plan a sane encryption strategy from the application development stage until its go-live stage and continue maintaining them post-production. 
There can be multiple complications in choosing suitable encryption methods. For example, you wouldn't want to encrypt your applications when you cannot decrypt them when needed.

**Conclusion**

Communication channels are critical assets to every organization for their businesses to grow. It can be fatal and frustrating enough to run a business without the proper functioning of all your communication tools, right? In addition, it can be daunting to plan and execute the right strategy for your organization when you may not even have the right set of resources in place who can lead the show.


Networks - They Carry The Good and The Bad

large_11_fnC_Blog_AP_NetworkComm_01.png

medium_11_fnC_Blog_AP_NetworkComm_01.png

small_11_fnC_Blog_AP_NetworkComm_01.png

thumbnail_11_fnC_Blog_AP_NetworkComm_01.png

11_fnC_Blog_AP_NetworkComm_01.png

Attack Pattern Enumeration - Network Communications

At fnCyber™, we believe in building a web of trust and satisfied customers by providing top notch cyber security consultancy which will protect your data from cyber attacks.

Resources

Articles

Case Studies

Archives

Contact Us

Get in Touch

Follow us on Social Media