lightework design

Category: cybersecurity

  • The Trojan Horse Virus Type in 5 Examples

    The Trojan Horse Virus in computing is named after the story of the Trojan horse in the works of Virgil and Homer in which soldiers hid themselves inside the body of a large wooden horse to stealthily ambush the city of Troy (Fortinet, 2023). Similarly, a Trojan horse virus is composed of malware that is disguised as a genuine software application or file. Once the Trojan horse virus as successfully breached a system’s defenses by being accepted by a user, the malware is free to run its course within the host network.

    The Inosoft VisiWin 7 2022-2.1 Trojan exploit that was documented in August of 2023 allows the creation of an insecure folder which enables the manipulation of files and can result in escalation of user privileges (Shinnai, 2023). This exploit is capable of compromising the entire system and has a CVSS severity rating of 7.8 which is high. The Inosoft VisiWin 7 2022-2.1 Trojan exploit was reported by Carlo Di Dato for Deloitte Risk Advisory Italia.

    In April of 2023 a Trojan horse-powered attack in Diasoft File Replication Pro 7.5.0 was published that replaces an executable file that already has “LocalSystem” rights with a Trojan executable that is then executed allowing escalated privileges. This vulnerability has critically high severity at a 9.8/10. The exploit was documented by Andrea Intilangelo.

    There is a vulnerability that is exploitable by a trojan horse virus, documented in February of 2023, which involves the installer applications of ELECOM Camera Assistant and QuickFileDealer (JVN, 2023). Similar to some other recent Trojan horse attacks, this attack includes an issue that can insecurely load Dynamic Link Libraries (DDL). The running application provides privileges to which arbitrary code may be executed. There is a solution available from the developer in the form of an updated installer application.

    Yet another example of a trojan horse attack that utilizes insecurely loaded Dynamic Link Libraries involves Sony Content Transfer for Windows from the Sony Corporation (JVN, 2023). Privileges needed for arbitrary code executed are provided through the installer’s privileges. The effect and solution of this vulnerability are some what limited because the software is no longer in distribution, however potential for malicious distribution is possible.

    A fifth example of a trojan horse attack that was recently documented uses a similar privilege escalation strategy with the trojan horse executable of Panini Everest Engine 2.0.4 (NIST, 2023). This vulnerability comes from the use of an unquoted path that runs the service as “SYSTEM”. The impact of this vulnerability is escalation to system privileges and is scored at 7.8/10 in severity.

    References

    (2023). CVE-2022-39959 Detail. National Vulnerability Database.https://nvd.nist.gov/vuln/detail/CVE-2022-39959

    (2023). JVN#60263237 The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries. JVN.https://jvn.jp/en/jp/JVN60263237/

    (2023). JVN#40620121 The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries. JVN. https://jvn.jp/en/jp/JVN40620121/

    (2023). Trojan Horse Virus. Fortinet.https://www.fortinet.com/resources/cyberglossary/trojan-horse-virus

    Intilangelo, Andrea. (2023). File Replication Pro 7.5.0 Insecure Permissions / Privilege Escalation. Packet Storm Security. https://packetstormsecurity.com/files/171879/File-Replication-Pro-7.5.0-Insecure-Permissions-Privilege-Escalation.html

    Shinnai. (2023). Inosoft VisiWin 7 2022-2.1 – Insecure Folders Permissions. Exploit Database. https://www.exploit-db.com/exploits/51682

  • The Importance of Ethics in Penetration Testing

    The Importance of Ethics in Penetration Testing

    Ethics are paramount to conducting penetration tests. Technologists conducting penetration tests must always closely obey laws and behave in a strictly ethical fashion to maintain a high level of trust because penetration tests aim to determine the exploitability of a system’s weaknesses without damaging or negatively affecting any systems in the process (Faily et al., 2016). Penetration testers are consistently faced with situations that can increase the chance for unethical behavior or implicit bias to take place, which Faily et al. refers to as “ethical hazards.” These ethical hazards include situations with legal ambiguity, tests that involve a human target, tensions between offensive security team and defensive security team activities, and a client’s possible indifference to security recommendations. Each situation that purposes an ethical hazard requires a high ethical standard and attention to ethical responsibility in the performant so that the integrity, confidentiality, and availability of the systems can be secure.

    In the world of penetration testing, legal written authorization is what is referred to as a “get out of jail free card” and obtaining it is a key process to a legal ability to conduct pen testing. Penetration testers should be scrupulous, transparent, and thorough in their documentation because proper documentation is fundamentally the only reason that penetration testing can be performed legally. Documentation also provides clients an understanding of the complete scope of work and builds trust with the penetration testers (Gillam, 2023). Faily et al. (2015) explains that hacking a system requires a set of technical and creative skills to succeed, but penetration testing has an added constraint of protecting both the dignity of users affected by the test and protecting the systems involved from danger created by the test. When a penetration tester makes an incorrect choice in an ethical decision, they can easily face criminal charges.

    References

    Faily, Shamal; McAlaney, John; Jacob, Claudia. (2015). Ethical Dilemmas and Dimensions in Penetration Testing. Bournemouth University.https://cybersecurity.bournemouth.ac.uk/wp-content/papercite-data/pdf/fami15.pdf

    Faily, Shamal; Jacob, Claudia; Field, Sarah. (2016). Ethical Hazards and Safeguards in Penetration Testing. https://dl.acm.org/doi/pdf/10.5555/3114770.3114793

    Gillam, Jason. (2023, March 9). SecureIdeashttps://www.secureideas.com/knowledge/what-are-the-ethical-and-legal-considerations-for-penetration-testing

  • What is a SIEM tool?

    What is a SIEM tool?

    A Security Information and Event Management System (SIEM) combines the security management of information and events into dashboard graphical user interfaces which display an aggregation of data, including anomalies and alerts within the system (Gillis & Rosencrance, 2022). Beyond a SIEM tool’s detection capability, it can also take reasonable action based on events or notify other controls to change status after a suspicious event. SIEM tools collect data from logs of many different host systems which can then be viewed in a navigable graphical user interface, processes and events can be correlated with timestamps and alerts, suspicious activity can be quickly detected based on preset parameters. SIEM tools streamline the data analysis process that large companies face by drawing attention to only the most important alerts, events, and problems; and automating some of the resolution processes so that a security solution can be expedited.

    SIEM are helpful tools for organizing security defense and cyber responses for corporations because they provide a centralized perspective that is built by continuously analyzing the data associated with all users, business assets, events, and interactions (“What Is Security Information…,” 2022). Security teams in corporations can have the most relevant and conclusive information about their network operations in a convenient, “single pane of glass” display. SIEM alerts allow corporate management to become aware of time-sensitive anomalies within the network that could be potentially dangerous and costly if not immediately handled appropriately with the aid of an aggregation of relevant information involved in the decision-making processes. SIEM tools’ interfaces allow a flexible range of customization that can suit many purposes of managing assets within a corporation. User behavior patterns can be analyzed in forensic investigations or audits, which is equally useful to corporate management as real-time monitoring and legal or regulatory compliance.

    An example of a SIEM is SolarWinds SIEM made by SolarWinds (“SIEM Tools,” n.d.). The application’s primary purpose is to provide a centralized point of access for logging, threat analysis, response, and reporting. The price of a SolarWinds SIEM subscription starts at $2,877; the company also offers a fully functional 30-day trial of the software. The capabilities of this SIEM software are log collection, the ability to quickly find and focus on relevant information, and to assist in creating an improvement to reaction time to identifying suspicious behavior. SIEM software such as SolarWinds SIEM allows a broad scope of an organization’s security posture to be visualized and studied in a real-time graphical user interface environment so that an organization can mitigate security threats, improve compliance, and optimize their defense strategy. SIEM tools can help distinguish between data and and external threats, make updated decisions based on past data, and automate many processes that save valuable time in each stage of an effective cyber security strategy.

    References

    SIEM Tools. SolarWinds. https://www.solarwinds.com/security-event-manager/siem-tools

    Gillis, Alexander S.; Rosencrance, Linda. (2022, December). Security Information and Event Management (SIEM). TechTarget.https://www.techtarget.com/searchsecurity/definition/security-information-and-event-management-SIEM

    (2022, August 1). What Is Security Information and Event Management (SIEM)? Splunk.https://www.splunk.com/en_us/data-insider/what-is-siem.html