Automated threat

Last updated

An automated threat is a type of computer security threat to a computer network or web application, characterised by the malicious use of automated tools such as Internet bots. [1] Automated threats are popular on the internet as they can complete large amounts of repetitive tasks with almost no cost to execute. [2]

Threat ontology

The OWASP Automated Threat Handbook provides a threat ontology list for classifying automated threats, which are enumerated below.

Identity CodeNameDefining characteristics
OAT-020Account AggregationUse by an intermediary application that collects together multiple accounts

and interacts on their behalf

OAT-019Account CreationCreate multiple accounts for subsequent misuse
OAT-003Ad FraudFalse clicks and fraudulent display of web-placed advertisements
OAT-009CAPTCHA BypassSolve anti-automation tests
OAT-001CardingMultiple payment authorisation attempts used to verify the validity of bulk

stolen payment card data

OAT-010Card CrackingIdentify missing start/expiry dates and security codes for stolen payment card

data by trying different values

OAT-012Cashing OutBuy goods or obtain cash utilising validated stolen payment card or other user

account data

OAT-007Credential CrackingIdentify valid login credentials by trying different values for usernames and/or

passwords

OAT-015Denial of ServiceTarget resources of the application and database servers, or individual user

accounts, to achieve denial of service (DoS)

OAT-006ExpeditingPerform actions to hasten progress of usually slow, tedious or time-consuming

actions

OAT-004FingerprintingElicit information about the supporting software and framework types and

versions

OAT-018FootprintingProbe and explore application to identify its constituents and properties
OAT-005ScalpingObtain limited-availability and/or preferred goods/services by unfair methods
OAT-011ScrapingCollect application content and/or other data for use elsewhere
OAT-016SkewingRepeated link clicks, page requests or form submissions intended to alter some

metric

OAT-013SnipingLast minute bid or offer for goods or services
OAT-017SpammingMalicious or questionable information addition that appears in public or

private content, databases or user messages

OAT-002Token CrackingMass enumeration of coupon numbers, voucher codes, discount tokens, etc.
OAT-014Vulnerability ScanningCrawl and fuzz application to identify weaknesses and possible vulnerabilities

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. During the second half of 2007, 11,253 site-specific cross-site vulnerabilities were documented by XSSed, compared to 2,134 "traditional" vulnerabilities documented by Symantec. XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface. Constructs in programming languages that are difficult to use properly can also manifest large numbers of vulnerabilities.

A penetration test, colloquially known as a pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network is often referred to as remote code execution (RCE).

The Open Worldwide Application Security Project (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.

Application security includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security issues within applications. It encompasses the whole application life cycle from requirements analysis, design, implementation, verification as well as maintenance.

Security testing is a process intended to detect flaws in the security mechanisms of an information system and as such help enable it to protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing the security testing process is not an indication that no flaws exist or that the system adequately satisfies the security requirements.

Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified and enumerated, and countermeasures prioritized. The purpose of threat modeling is to provide defenders with a systematic analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker. Threat modeling answers questions like "Where am I most vulnerable to attack?", "What are the most relevant threats?", and "What do I need to do to safeguard against these threats?".

<span class="mw-page-title-main">Samy (computer worm)</span>

Samy is a cross-site scripting worm that was designed to propagate across the social networking site MySpace by Samy Kamkar. Within just 20 hours of its October 4, 2005 release, over one million users had run the payload making Samy the fastest-spreading virus of all time.

DREAD is part of a system for risk-assessing computer security threats that was formerly used at Microsoft. It provides a mnemonic for risk rating security threats using five categories.

<span class="mw-page-title-main">Malvertising</span> Use of online advertisement or advertising to spread malware

Malvertising is the use of online advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. Because advertising content can be inserted into high-profile and reputable websites, malvertising provides malefactors an opportunity to push their attacks to web users who might not otherwise see the ads, due to firewalls, more safety precautions, or the like. Malvertising is "attractive to attackers because they 'can be easily spread across a large number of legitimate websites without directly compromising those websites'."

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

<span class="mw-page-title-main">Opa (programming language)</span>

Opa is an open-source programming language for developing scalable web applications.

A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration. They also introduce a performance degradation and are easily bypassed by attackers so their deployment is not recommended.

ZAP, formerly known as OWASP ZAP, is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.

A threat actor, bad actor or malicious actor is either a person or a group of people that take part in an action that is intended to cause harm to the cyber realm including: computers, devices, systems, or networks. The term is typically used to describe individuals or groups that perform malicious acts against a person or an organization of any type or size. Threat actors engage in cyber related offenses to exploit open vulnerabilities and disrupt operations. Threat actors have different educational backgrounds, skills, and resources. The frequency and classification of cyber attacks changes rapidly. The background of threat actors helps dictate who they target, how they attack, and what information they seek. There are a number of threat actors including: cyber criminals, nation-state actors, ideologues, thrill seekers/trolls, insiders, and competitors. These threat actors all have distinct motivations, techniques, targets, and uses of stolen data. See Advanced persistent threats for a list of identified threat actors.

References

  1. Watson, Colin (2015-10-26). "OWASP Automated Threat Handbook" (PDF). OWASP. OWASP. Retrieved 2016-09-10.
  2. "Security Insights: Defending Against Automated Threats | SecurityWeek.Com". www.securityweek.com. Retrieved 2016-09-18.