Imagine it's a beautiful Monday morning, and you just logged in your first client meeting on Microsoft Teams or Zoom or, for that matter, any collaboration tool of your organization. Fifteen minutes into the meeting, suddenly, you see a random individual waving at all the participants. Isn't that weird? Well, how about some foul language from her, or let's make it worst, how about some pornography pictures popping up during the meeting? How would you explain this phenomenon to all your stakeholders? In the world of cyber security, this notorious act of occurrence is called "Zoom Bombing." Although the attack first targeted the Zoom application, it was evident that the intrusion attack on a communications channel can be problematic to every other communications application in the market.
It was only a few months in 2020 when "Zoom Bombing" took pace across multiple organizations and when COVID-19 kicked in deep down various nations, forcing them to lock down completely. Hijacking famous communication applications like Zoom was mysteriously targeted when their video conferencing feature that hosted many audiences shared over a public channel, i.e., internet URLs that could be accessible to anyone easily did not cater to basic security mechanisms on its platform. The meeting IDs and URLs of a public meeting were easily guessed by internet predators from the dark web who made an easy entry, hijacking such conference meetings to create end-user confusion and chaos. The "One-click join" meeting feature made them pay with enough embarrassment and brand image damage.
With all that said, this was only one type of cyber-attack on a communications channel that our society saw recently. However, there are multiple other attack patterns already in practice prevalent in many industrial markets. Let's look at some of the common ones to learn more about them.
Interception The interception type of an attack pattern is the most recurrent one that almost every security team across the globe must have come across at least once every month. Interception is an attack when an intruder tries to gain unauthorized access to confidential information. Interception can be further classified into Sniffing Network Traffic, Sniffing Application Codes, Intercepting Cellular Traffic, or Modifying HTTP Cookies. Let's look at these classifications one by one.
In this type of attack, the adversary closely monitors the targeted network systems. As soon as they see an opportunity, a malicious code is injected at the network protocol level, forcing it to perform in the desired way. For instance, the attackers may change a BGP setting on one of the internet-facing routers that enable rouge connections to flood the router resulting in a high CPU usage error. However, the attackers tend to refrain from flooding the network systems, which may result in the systems going down just because they intend to make use of the injected network system resources and perform the desired changes to the environment and not just bring it down without taking any advantage out of the infected resources.
Unexpectedly, in a recent survey conducted by a security analyst from one of the Big 4 financial institutions in the world, it was reported that with the surge in web applications, traffic injection is one of the top 10 OWASP lists of vulnerabilities to be considered for next five years when it comes to web security. Well, even though he's just a security analyst, I concur with him.
Communication Channel Manipulation
How often have you or your security teams come across SSL exploitation attacks? I'm sure your response would be "umpteenth" times! I cannot deny that at least 34% of security attacks on communications channels are targeted on an incorrect SSL configuration or an attack on the SSL certificate itself. More surprising is that this number is only between May 2021 and July 2021. One can imagine how many sleepless nights it can cost our security engineers throughout the year. I pity them! In this type of attack, the adversary focuses on manipulating the entry points of every communication channel by trying to obtain critical vulnerabilities from public-facing interfaces and security certificates and manipulating them to bypass security. For instance, such breach methods are very active in the financial and banking sectors, where digital transactions are crucial in their revenue models.
Detection and Mitigation
It is evident that organizations work relentlessly to stop such attacks, and there is no one size fits all type of detection and mitigation strategy. Every organization must plan, detect and execute all actions considering the nature of business and user behavior: their current security policies and their current state of security architecture. Things can be changed right away but with incredible time and planning. To start with, enterprises must adopt a security maintenance strategy that can benefit them to implement security measures for Top 10 OWASP vulnerabilities and maintain and modify the security measures as and when the nature of the attack changes that can be detected well in advance. Organizations must plan a sane encryption strategy from the application development stage until its go-live stage and continue maintaining them post-production. There can be multiple complications in choosing suitable encryption methods. For example, you wouldn't want to encrypt your applications when you cannot decrypt them when needed.
Communication channels are critical assets to every organization for their businesses to grow. It can be fatal and frustrating enough to run a business without the proper functioning of all your communication tools, right? In addition, it can be daunting to plan and execute the right strategy for your organization when you may not even have the right set of resources in place who can lead the show.