FTC Safeguards Rule Compliance Guide: CH12 Cybersecurity Vulnerabilities

Chapter 12: Cybersecurity Vulnerabilities 

1. Internet Connection Vulnerabilities

• • Phishing Attacks: This is a method in which attackers masquerade as legitimate entities to trick users into revealing their personal information or login credentials.
  • Ransomware Attacks: Ransomware is malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data.
  • Malware Attacks: These include various harmful software such as viruses, worms, trojans, and spyware, which can damage systems, steal data or perform malicious operations.
  • DDoS Attacks: In a Distributed Denial of Service attack, multiple compromised computers are used to flood a system, causing it to become unavailable.
  • Man-in-the-Middle Attacks (MitM): Attackers intercept and potentially alter the communication between two parties without their knowledge.
  • SQL Injection: Attackers use malicious SQL code for backend database manipulation to access information not intended to be displayed.
  • Cross-Site Scripting (XSS): Attackers inject malicious scripts into websites viewed by users to bypass access controls.
  • Cross-Site Request Forgery (CSRF): An attack that forces an end user to execute unwanted actions on a web application where they’re authenticated.
  • Zero-Day Exploits: These attacks occur on the same day software discovers a weakness. At that point, it’s exploited before its creator makes a fix available.
  • DNS Tunneling: This is used to send non-DNS traffic over DNS protocols, which can be a method for data exfiltration or command and control in a network compromise.
  • Brute Force Attacks: These are trial-and-error methods for obtaining information such as a user password or personal identification number (PIN).
  • AI-Powered Attacks: Attackers can now use AI to automate and increase the scale of their attacks.
  • IoT-Based Attacks: With the growing number of internet-connected devices, this attack vector is becoming more common.
  • Cloud Security Breaches: Inadequate measures can lead to unauthorized data exposure, account hijacking, or compromised services.
  • Software Vulnerabilities: Outdated software or systems that have not been patched can have vulnerabilities that cybercriminals can exploit.
  • Social Engineering: This involves manipulating people into giving up confidential information.

2. Email Vulnerabilities

• • Email Spoofing: This tactic is used in phishing and spam campaigns where the sender’s address and other parts of the email header are altered to appear as though the email originated from a different source.
  • Email Attachments: Malware can be delivered via email attachments. If an employee opens a malicious extension, the malware can infect the employee’s computer or the entire network.
  • Email Links: Phishing attacks often use email links, leading users to malicious websites where their information can be stolen.
  • Data Leakage via Email: Sensitive information might accidentally be sent to unauthorized recipients via email.
  • Drive-by Downloads: These happen when visiting a website, viewing an email message, or clicking a deceptive pop-up window. Malware is downloaded and installed from an infected site to the user’s system without their knowledge.
  • Malvertising: This is the use of online advertising to spread malware. Malvertising attacks involve injecting malicious or malware-laden advertisements into legitimate online advertising networks and web pages.
  • Insecure or Compromised Websites: Visiting insecure (non-https) websites or websites that have been compromised can expose the user to various risks, including malware and data theft.
  • Cookies and Trackers: Many websites use cookies and other tracking technologies to profile users, which can infringe on privacy and potentially be misused.
  • Download of Unauthorized Software: Downloading software from non-work-related websites increases the risk of installing malicious software or violating copyright laws.
  • Social Media Threats: Scams, malware, and phishing attacks are shared on social media platforms. Employees accessing these sites from work computers may inadvertently expose their systems to these risks.
  • Internet of Things (IoT) Devices: Many websites interact with IoT devices. If these websites are not secure, they can become a point of vulnerability.
  • Exploit Kits: These are software packages designed to identify and exploit software vulnerabilities, often used in conjunction with malicious websites.
  • Content Spoofing: This technique involves creating a fake or shadow copy of an actual website or information. Users believe they’re on a legitimate site but are actually on a malicious one designed to steal their data or cause harm.
  • Credential Stuffing: Many people reuse their passwords. If employees use their work password on a non-work-related website that gets breached, their work systems could also be at risk.
    
    

3. Human Vulnerabilities

• • Unapproved Software/Devices: Employees could copy or transmit data from a secure environment using unapproved software or devices.
  • Cloud Storage: The employee might upload sensitive data to personal cloud storage accounts, bypassing local security measures.
  • Emails: Sensitive information might be sent to personal email accounts.
  • Physical Theft: This could involve simply printing out sensitive documents or copying data onto a physical device, such as a USB stick or external hard drive.
  • Screenshots and Screen Recording: Employees could use built-in or third-party tools to take screenshots or record sensitive information on their screen.
  • Smartphones/Cameras: Employees could use their smartphones or other cameras to take pictures of the computer screen or sensitive physical documents.
  • Social Engineering: By manipulating other employees, a malicious employee could gain access to data they otherwise would not have permission to access.
  • Remote Access Tools (RATs): Employees can access the organization’s network remotely and download data.
  • Data Misuse: Rather than outright theft, an employee could misuse data while it remains within the organization’s systems, such as using customer data for personal gain.
  • Recorded Conversations: An employee could record confidential conversations without the other party’s consent.
  • Access After Termination: If an employee’s access to company systems needs to be adequately revoked after they leave the company, they may still be able to access sensitive data.
  • Resume and Job Applications: Employees could include sensitive information in their resume or job applications when applying for a new job.
  • Shadow IT: Employees using unsanctioned IT hardware, software, or systems for work could exfiltrate data.
  • VPN and TOR: Employees could use VPNs or TOR to hide data exfiltration activities.
  • Malware: More technically savvy employees might deploy custom malware to extract data without detection.

Direct Database Access:

• • An employee can extract data directly from a database with the correct privileges.