What is Ping
Ping is a command
that uses ICMP (Internet Control Message Protocol) to communicate with other devices
on a network that has an IP address and can communicate. The primary purpose is
to be used as a troubleshooting tool; however, a malicious actor can abuse the
capabilities of this tool to disrupt systems.
Ping Flood
The most common
and least sophisticated attack is known as a “ping flood,” a type of Denial-of-Service
attack. The objective is to send recurring ping or echo requests to a device
from multiple sources, thus making the target device too busy to respond to
legitimate traffic, similar to a Denial-of-service attack that requests
legitimate responses from a device but overwhelms this device with the sheer number
of simultaneous requests. Cloudflare.com, a content delivery network, and a
DDoS mitigation company have an exciting and detailed description of this
attack.
Ping of Death
Another attack is
known as “Ping of Death,” which is also a Denial of Service attack that works a
little differently than a ping flood; rather than sending an overwhelming
number of legitimate commands, the Ping of death consists in creating an IP
version 4 packet larger than its normal size of 65,535 bytes. When a system
receives this packet, it attempts to process it and can freeze or crash. Legacy
systems that have not been patched due to being out of support are most
vulnerable to these attacks. Fortinet has a detailed article describing this
type of attack; they are a cybersecurity solutions provider.
Both attacks are
easily mitigated if the destination device disables ICMP echo replies, which
can be done programmatically as a function that can be disabled or by blocking
those replies with a firewall.
Security holes/vulnerabilities
CrowdStrike is a
popular cybersecurity provider emphasizing endpoint security, threat
intelligence, and cyberattack response. They define security holes or
vulnerabilities as “a weakness in a host or system.” A vulnerability is a weakness
an adversary or hacker can exploit to achieve their purposes. The most common
type of vulnerabilities are errors or omissions in security configurations of
systems. Security configurations require manual intervention from a
knowledgeable staff; many do not know or understand how to configure security
settings in hosts and cloud services. The second and third most prevalent types
of vulnerabilities are derived from Unsecured Application Programming
Interfaces (APIs) and systems with outdated and unpatched software.
Vulnerabilities
can be significantly minimized by adhering to a regular patching schedule of
systems. Microsoft has had a monthly cadence of vulnerability patches and
software enhancements for many years, and other vendors provide the same. Implementing
a good vulnerability scanning system that can reference published resources on
remediation and information about the potential danger is necessary to improve
organizations' security stance.
Social Engineering
Social Engineering
is a fancy term for manipulating a trusting individual into divulging
information that can be used against an organization in a Cyberattack or a physical
breach. This type of attack is very low-tech because it fails to attempt to
defeat security systems and other electronic defenses but rather exploits human
interaction to bypass the roadblocks presented by technological
countermeasures. Posing as a legitimate person seeking to do business with an
organization or simply shoulder-surfing when someone has confidential
information available on their laptop while at the coffee shop are some
examples of social engineering.
To avoid the
shoulder surfing case, privacy screen covers can be purchased and installed on
laptops that prevent viewing the screen from any angle other than being
directly in front of the screen. The human interaction factor can be mitigated
by conducting regular education campaigns to help employees identify these potentially
suspicious activities and only to volunteer information after verifying whether
it is a legitimate request.
Cloudflare, Inc. (2023). Ping (ICMP) flood DDoS attack.
Cloudflare.com
Retrieved from: https://www.cloudflare.com/learning/ddos/ping-icmp-flood-ddos-attack/
CroudStrike, Inc. (2023). Most Common Types of Cyber
Vulnerabilities. Croudstrike.com
Retrieved from: https://www.crowdstrike.com/cybersecurity-101/types-of-cyber-vulnerabilities/
Fortinet, Inc. (2023). Ping of Death. Fortinet.com
Retrieved from: https://www.fortinet.com/resources/cyberglossary/ping-of-death
Norton, Inc. Emerging Threats. (2023). What is Social
Engineering? A definition + techniques to watch for. Norton.com
Retrieved from: https://us.norton.com/blog/emerging-threats/what-is-social-engineering
Comments
Post a Comment