Information Security Threats and

Vulnerabilities
INF 203
Content

• Threats
• Vulnarabilities
• Attacks
• Phishing, Malware, Worms,
Ransomware, Spyware, Trojan
• Passwords attacks
• Examples weak passwords
• Password Managers
• Password attack tools
Threats
• Threat is a potential negative action or event facilitated by a vulnerability that
results in an unwanted impact on a router system or an application

Vulnerabilities
• Vulnerability is a weakness that can be exploited by an attacker

Attacks
• Attack is any attempt to expose, alter, disable, destroy, steal, or gain information
through unauthorized access to or make unauthorized use of an asset.
Type of threats

Natural threats (Human) Intentional (Human) Hardware threats

threats Unintentional threats
 Network-based

• DDOS, DOS, Sniffing, Eavesdropping,

Spoofing

Type of Social engineering

• Phishing, Smishing, Vishing, Pretexting,

attacks Whaling, Watering hole

Bypass of security measures

• Backdoor, Brute-Force Attack, Man in the

middle attack, Replay Attack
Primary vulnerabilities or weaknesses:

Technology Configuration Security policy

weaknesses: weaknesses: weaknesses:

Unsecured user accounts, System

accounts with easily guessed
These include TCP/IP protocol
passwords, Misconfigured Lack of written security policy,
weaknesses, operating system
Internet services, Unsecured Politics, Lack of continuity, Logical
weaknesses, network equipment
default settings within products, access controls not applied
weaknesses
Misconfigured network
equipment
Viruses

• virus generally refers to a malicious

program that self-replicates but requires
some user interaction to be initiated.
Spyware

• The term 'spyware' is a sub-division of viruses

and refers to those programs dedicated to stealing
your personal details (logins, passwords, personal
info, etc) once they've found a way onto your
computer or phone.
 • Malware is a more generic term

Malware that can be used to refer to

nefarious software, which has
been specifically designed to
and disrupt or damage a computer
system, while trojans are programs
trojans that pretend to be something
they're not, and include malicious
additions.
Ransomware
• Ransomware, for example, will
hold your most sensitive (or
indeed, all) your files hostage
until you pay a ransom, but it
could get onto your computer via
a trojan, virus or worm.
Worms

• Much like viruses, worms differ in one key way:

viruses require an action on the part of the user for
them to spread, or for the initial infection to take
place. For example, receiving a malicious file
attached to an email would require you to open the
file for a virus to execute.
• Worms, on the other hand, need no such
interaction and can happily replicate and spread to
different computers (on a network or via a USB
key, for example) with no warning whatsoever.
• This makes worms potentially more dangerous
than viruses, trojans or other malware, as they're
harder to contain.
Phishing scams
Password
Cracking
Brute-Force Attack
• Trying all possible passphrase combinations by
enumeration until you get the right one (e.g., you get a
meaningful plaintext, you access the system).
Analogous to the locker example

• Mitigations: Increase attempt-time, symbols,

possibilities for each symbol
Dictionary Attack
• Dictionary attack: A variant of brute-force
attack for password cracking or
cryptanalysis in which, instead of trying all
the possible password alternatives, you try
only a set of passwords from a dictionary

• Examples of dictionaries
- List of real words in any language
- Combinations of words
- Common passwords from public lists
Rainbow Table Attack

Pre-Computed Dictionary Attacks: You could precompute a

list of hashes of dictionary words, and storing these in a
table, so that you always know the conversion.

- If “hash-chain” functions are used to store the pre-

computed hashes, then the table is called rainbow table.

• Space-time Trade-off: Rainbow tables reduce storage

requirements at the cost of slightly longer lookup-times.

• Example: LM (LanMan) hash is an example of an

authentication system compromised by such an attack.
Rainbow Table
 • Default passwords: • Dictionary words:
Examples of • - password
- chameleon
Weak • - default
• - admin - RedSox

Passwords • - guest
• - etc.
- sandbags
- bunnyhop
- IntenseCrabtree
• Default passwords are supplied by the
system vendor (e.g., firewall, - etc.
modem) and meant to be changed at
installation time.
• Including words in non-
• Lists of default passwords are widely English dictionaries.
available on the internet.
 • Words with numbers • Identifiers:
Examples of appended: - jsmith123
Weak - password1 - 1/1/1970
- deer2000
Passwords - john1234
- 555–1234
- one's username
- etc. - etc.

• It can be easily tested

automatically with little lost
time.
 • Words with simple obfuscation: • Doubled words:
Examples of - p@ssw0rd - crabcrab
Weak - l33th4x0r
- g0ldf1sh
- stopstop

Passwords - etc.
- treetree

• Simple obfuscations can be tested - passpass

automatically with little additional
effort. - etc.
• For example, a domain administrator
password compromised in the
DigiNotar attack was reportedly
Pr0d@dm1n.
 • Numeric sequences based on Common sequences from a
Examples of well known numbers such as: keyboard row:
Weak - 911 (9-1-1, 9/11) - qwerty
- 314159... (pi) - 123456
Passwords - 27182... (e) - asdfgh
- 112 (1-1-2) - fred
- etc. - etc.
 • • Dates:
Examples of
• Anything personally related to an individual:
• - license plate number
• - dates follow a pattern
Weak
• - Social Security number
• - current or past telephone numbers and make your password
weak.
Passwords
• - student ID
• - current address
• - previous addresses
• - birthday
• - sports team
• - relative's or pet's
names/nicknames/birthdays/initials
• - etc.

• - All these can be easily tested automatically after a

simple investigation of a
• person's details (e.g., through social engineering)
CNN: Top 10 Most
Common
Passwords
• The top 10 most common passwords were:
- 123456
- 123456789
- qwerty
- password
- 111111
- 12345678
- abc123
- 1234567
- password1
- 12345
Password Managers

•• LastPass
•• BitWarden
•• iCloud KeyChain
Password Managers: How
Do They Work
• You keep in mind only one master password
- Then the system generates one different password for each
service
• Best if integrated with a Two-Factor Authentication (2FA),
such as:
- SMS text
- Google Authenticator
- YubiKey
Password attack tool
1. Hashcat
Hashcat is one of the most popular and widely
used password crackers in existence. It is
available on every operating system and
supports over 300 different types of hashes.
Hashcat enables highly-parallelized password
cracking with the ability to crack multiple
different passwords on multiple different
devices at the same time and the ability to
support a distributed hash-cracking system via
overlays. Cracking is optimized with integrated
performance tuning and temperature
monitoring.
2. John the Ripper
John the Ripper is a well-known free open-source
password cracking tool for Linux, Unix and Mac OS
X. A Windows version is also available.
John the Ripper offers password cracking for a
variety of different password types. It goes beyond
OS passwords to include common web apps (like
WordPress), compressed archives, document files
(Microsoft Office files, PDFs and so on), and more.
A pro version of the tool is also available, which
offers better features and native packages for
target operating systems. You can also download
Openwall GNU/*/Linux that comes with John the
Ripper.
Password attack tool
3. Brutus
Brutus is one of the most popular remote online
password-cracking tools. It claims to be the
fastest and most flexible password cracking tool.
This tool is free and is only available for Windows
systems. It was released back in October 2000.
Brutus supports a number of different
authentication types.
It is also capable of supporting multi-stage
authentication protocols and can attack up to
sixty different targets in parallel. It also offers the
ability to pause, resume and import an attack.
4. Wfuzz
Wfuzz is a web application password-cracking tool like Brutus
that tries to crack passwords via a brute-force guessing attack. It
can also be used to find hidden resources like directories,
servlets and scripts. Wfuzz can also identify injection
vulnerabilities within an application such as SQL injection, XSS
injection and LDAP injection.
Key features of the Wfuzz password-cracking tool include:
Injection at multiple points in multiple directories
Output in colored HTML
Post, headers and authentication data brute-forcing
Proxy and SOCK support, multiple proxy support
Multi-threading
HTTP password brute-force via GET or POST requests
Time delay between requests
Cookie fuzzing
Password attack tool
5. THC Hydra
THC Hydra is an online password-cracking tool that
attempts to determine user credentials via brute-force
password guessing attack. It is available for Windows, Linux,
Free BSD, Solaris and OS X.
THC Hydra is extensible with the ability to easily install new
modules. It also supports a number of network protocols,
including Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable,
CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST,
HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET,
HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy,
ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle
Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3,
POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP,
SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion,
Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
6. Medusa
Medusa is an online password-cracking tool similar to
THC Hydra. It claims to be a speedy parallel, modular
and login brute-forcing tool. It supports HTTP, FTP, CVS,
AFP, IMAP, MS SQL, MYSQL, NCP, NNTP, POP3,
PostgreSQL, pcAnywhere, rlogin, SMB, rsh, SMTP, SNMP,
SSH, SVN, VNC, VmAuthd and Telnet.
Medusa is a command-line tool, so some level of
command-line knowledge is necessary to use it.
Password-cracking speed depends on network
connectivity. On a local system, it can test 2,000
passwords per minute.
Medusa also supports parallelized attacks. In addition
to a wordlist of passwords to try, it is also possible to
define a list of usernames or email addresses to test
during an attack.
How to create a password that’s hard to crack
•The longer the password, the harder it is to
crack
•Always use a combination of characters,
numbers and special characters
•Variety in passwords
What to avoid while selecting your password
Using a dictionary word
Using personal information
Using patterns
Using character substitutions
Using numbers and special characters only at
the end
Using common passwords
Using anything but a random password
Question 1: Which one of the following
password is the most secure, in your opinion?
a) horserunningfree
b) St4ple
c) sunshine
d) Happ1ness
Question 2: Which one of the following
password is the most secure, in your opinion?
a) SuNsHiNe
b) sunsh!ne
c) suNshINe
d) s4nsh1n3
Question 3: Which one of the following
password is the most secure, in your opinion?
a) qqww1122
b) Million2
c) iloveyou
d) byebyebye