7/30/2019 Deadly Sins of Disaster Recovery & Business
Continuity
4/6
The insiders app fordining in the CaribbeaniPhone | Blackberry |
Android
Download the free app today!
Visit cMobileApps.com abusTechnology 2012
menu
Attackers can use Trojan horses to transfer user
names,passwords, and even credit card information stored on
thesystem. They can maintain control over their system for a
longtime by hardening the system against other attackers,
andsometimes, in the process, do render some degree of
protection
to the system from other attacks. They can then use theiraccess
to steal data, consume CPU cycles, and trade sensitiveinformation
or even resort to extortion.
Organizations can use intrusion detection systems or deploy
honey pots and honey nets to detect intruders. The latter
though
is not recommend unless the organization has the required
security professional to leverage the concept for
protection.
Phase 5 - Covering TracksAn attacker would like to destroy
evidence of his/her
presence and activities for various reasons such as
maintainingaccess and evading punitive action. Erasing evidence of
acompromise is a requirement for any attacker who would like
toremain obscure. This is one of the best methods to evade
trace
back. This usually starts with erasing the contaminated
loginsand any possible error messages that may have been
generatedfrom the attack process, e.g., a buffer overflow attack
willusually leave a message in the system logs. Next, the
attentionis turned to effecting changes so that future logins are
notlogged. By manipulating and tweaking the event logs, the
systemadministrator can be convinced that the output of his/her
systemis correct, and that no intrusion or compromise has
actuallytaken place.
Since, the first thing a system administrator does to
monitorunusual activity, is to check the system log files, it is
commonfor intruders to use a utility to modify the system logs. In
someextreme cases, root kits can disable logging altogether
anddiscard all existing logs. This happens if the intruders intend
touse the system for a longer period of time as a launch base
for
future intrusions. They will then remove only those portions
oflogs that can reveal their presence.
It is imperative for attackers to make the system look like
itdid before they gained access and established backdoors for
theiruse. Any files, which have been modified, need to be
changedback to their original attributes. Information listed, such
as filesize and date, is just attribute information contained
within thefile.
Trojans such as ps or netcat come in handy for any attackerwho
wants to destroy the evidence from the log files or replacethe
system binaries with the same. Once the Trojans are inplace, the
attacker can be assumed to have gained total controlof the system.
Root kits are automated tools that are designedto hide the presence
of the attacker. By executing the script, avariety of critical
files are replaced with trojanned
versions, hiding the attacker with ease.Other techniques
include: Steganography and tunnelling.Steganography is the process
of hiding the data for instancein images and sound files.
Tunnelling takes advantage of thetransmission protocol by carrying
one protocol over another.Even the extra space (e.g. unused bits)
in the TCP and IP headerscan be used for hiding information. An
attacker can use thesystem as a cover to launch fresh attacks
against other systemsor use it as a means of reaching another
system on the networkwithout being detected.
Thus, this phase of attack can turn into a new cycle of attackby
using reconnaissance techniques all over again.
from previous page
7Habits Of HighlyMaliciousHackers
1. Footprints (Information
Gathering) your (organizations)
network2. Scans the network for
vulnerabilities
3. Exploits the known vulnerabilities
to breach defence mechanisms
4. Breaks the network defence
using exploits for the known
vulnerability
5. Exploits system resources6. Plants malicious programs for
backdoor access
7. Clears evidence by erasing tracks
