DevSecOps Essentials: Identifying Cyber Attacks and Strengthening Your Security Posture

A cyber attack is a deliberate attempt by an individual, group, or organization to breach the information systems or networks of another entity with malicious intent. Cyber attacks are carried out to steal, alter, or destroy sensitive data, disrupt operations, or gain unauthorized access to systems.

Types of Attacks

1. Phishing Attack also known as social Hacking

   A technique where attackers impersonate a legitimate organization, often through emails or websites, to steal sensitive information such as usernames, passwords, or credit card numbers. One notable LinkedIn phishing attack targeted employees in the aerospace and defense sectors between September and December 2019. This campaign, suspected to be orchestrated by the North Korean hacking group Lazarus, aimed to extract sensitive information and compromise corporate networks.​ The attackers created fake LinkedIn profiles impersonating HR managers from reputable U.S. companies like Collins Aerospace and General Dynamics. They sent connection requests and messages offering enticing job opportunities to employees in specific organizations. Once a connection was established, the attackers engaged in conversations to build trust. Subsequently, they sent malicious RAR archive files disguised as documents related to the job offer, such as salary information PDFs. Upon opening these files, the malware executed Windows' Command Prompt utility to perform a series of actions, injecting malware into the system and compromising the network . You can read more about the LinkedIn phishing attack in the full report here: How LinkedIn Phishing Campaign Caused a Cyber Disaster

2. Cross-Site Scripting (XSS) is a type of security vulnerability in web applications where an attacker injects malicious scripts into webpages viewed by other users. These scripts are typically written in JavaScript but can also include other types of code, such as HTML or Flash. The primary goal of XSS attacks is to execute malicious code in the user's browser, which can lead to stealing sensitive information, hijacking user sessions, defacing web pages, or performing other malicious actions. In 2014, eBay experienced a significant Cross-Site Scripting (XSS) vulnerability that compromised user credentials through malicious JavaScript embedded in product listings. Attackers exploited this flaw by injecting scripts into eBay's UK site, particularly targeting listings for discounted Apple products. When users clicked on these listings, they were redirected to a counterfeit eBay login page designed to harvest usernames and passwords. You can read more about the eBay XSS vulnerability in the full report here: eBay Falls Victim to Cross-Site Scripting Attack

3. Client-Side Request Forgery (CSRF) is a type of security vulnerability that occurs when an attacker tricks a user's browser into making an unwanted request to a different site or application where the user is authenticated. Unlike traditional Cross-Site Request Forgery (CSRF), which targets server-side applications, Client-Side Request Forgery focuses on malicious actions on the client side (i.e., the user's browser). in 2020 a CSRF vulnerability in Tesla's vehicle management platform allowed attackers to unlock doors, honk horns, or even control charging features.

4. Server-Side Request Forgery (SSRF) is a type of vulnerability where an attacker is able to make the server send unauthorized requests to other internal or external systems on behalf of the attacker. In other words, the attacker manipulates the server to make requests that it would not normally be allowed to, potentially exposing sensitive data or internal services. In 2019 Paige Thompson, a former Amazon Web Services (AWS) employee exploited a misconfigured ModSecurity Web Application Firewall (WAF) deployed on AWS EC2 instances. This misconfiguration allowed the attacker to perform SSRF attacks by tricking the WAF into making unauthorized requests to the AWS Instance Metadata Service (IMDS). Through this, the attacker retrieved temporary AWS Identity and Access Management (IAM) credentials associated with the WAF. These credentials had excessive permissions, enabling access to sensitive data stored in AWS S3 buckets. The attacker then exfiltrated approximately 30GB of data, including personal information such as names, addresses, and credit scores. You can read more here Capital One's Breach May Be Server-Side Request Forgery.

5. SQL Injection (SQLi) is a type of security vulnerability that allows an attacker to manipulate SQL queries by injecting malicious SQL code into the query input. This can lead to unauthorized access, modification, or deletion of data in a database. SQL injection is one of the most well-known and dangerous vulnerabilities in web applications. in 2015 VTech, a Hong Kong-based children's toy manufacturer, experienced a significant cyberattack where around five million customer accounts were compromised. The breach affected customers in various countries, including the United States, France, the United Kingdom, and more. Sensitive data, including parents' names, email addresses, encrypted passwords, secret questions, IP addresses, mailing addresses, and download history, were accessed. You can read more here: VTech Hack: Millions of Children’s Data Exposed in Security Breach.

6. A Denial-of-Service (DoS) Attack is a type of cyber attack where the attacker aims to make a system, network, or service unavailable to its intended users by overwhelming it with excessive requests, traffic, or other malicious activities. The goal of a DoS attack is not to steal data or cause direct damage but to disrupt the normal functioning of a service or network, making it unavailable or inaccessible to legitimate users. In 2011, the Sony PlayStation Network (PSN) was targeted by a DDoS attack, which brought down the gaming network for over a month. The attack was part of a larger campaign by a hacker group that also stole personal data, including usernames, passwords, and credit card information, from over 77 million accounts. The downtime resulted in massive losses for Sony, both financially and reputationally.. You can read more here: The 2011 PlayStation Network Hack – What Actually Happened?