Password Attacks & Physical Attacks | CompTIA Security+ SY0-601 | 1.2b

In this video you will learn about password attacks & physical attacks such as: spraying attacks, dictionary attacks, brute force attacks, rainbow tables, plaintext/unencrypted attacks, malicious USB cables, malicious flash drives, card cloning, and skimming.

Password Attacks

Spraying

Password spraying is an attack that attempts to access a large number of accounts (usernames) with a few commonly used passwords.  Traditional brute force attacks attempt to gain unauthorized access to a single account by guessing the password.  This can quickly result in the targeted account getting locked out, as commonly used account lockout policies allow for a limited number of failed attempts (typically 3 to 5) during a set period of time.  During a password-spray attack (also known as the “low-and-slow” method), the malicious actor attempts a single commonly used password (such as Password1) against many accounts before moving on to attempt a second password, and so on.  This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.  Password spray campaigns typically target single sign-on (SSO) & cloud-based applications utilizing federated authentication protocols.  Targeted federated authentication can help mask malicious traffic.  Additionally, targeting SSO applications helps maximize access to intellectual property if the attack succeeds.[1]

Dictionary

A dictionary attack is a form of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying thousands or millions of likely possibilities, such as words in a dictionary or previously used passwords, often from lists obtained from past security breaches. Dictionary attacks can be prevented by locking systems after a specified number of incorrect passwords are offered and by requiring sophisticated passwords that do not include identifiable information such as birthdays, family names, etc.

Brute Force

A brute force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing a combination correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. System and network administrators setting up password rules that require a system to lock after a specified number of incorrect passwords are input is one way to prevent a brute force attack. Longer passwords also aid in the fight against brute force attacks.

  • Offline:  the attacker has access to the encrypted material or a password hash & tries different keys without the risk of discovery or interference.
  • Online:  the attacker needs to interact with a target system by trying to guess the username & password at the login interface.[2]

Rainbow Table

A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database. A rainbow table attack (similar to a brute force attack, except more mathematically sophisticated & takes less time) is a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in the database.

Plaintext/Unencrypted

A plaintext/unencrypted attack is where the attacker has knowledge of the plaintext and the corresponding ciphertext.  This information is used to decrypt the rest of the ciphertext.  With a chosen plaintext attack, the attacker can get a plaintext message of their choice encrypted, with the target’s key, and has access to the resulting ciphertext.  This information is used to derive the encryption key.  This type of attack is against public key cryptosystems where the attacker has access to the public key.  With an adaptive chosen plaintext attack, which is similar to a chosen plaintext attack, the attacker can get several plaintext messages of choice encrypted with the target’s key.[3]

Physical Attacks

Malicious Universal Serial Bus (USB) Cable

Malicious USB cables can be used to compromise systems.  Different USB cables are designed to infect connected devices with malware.  These malicious USB cables work by injecting keystrokes onto the victim’s system when plugged into a USB-capable device.[4]  Malicious USB cables can take control of a user’s cell phone, laptop, or desktop.  Usernames and passwords are the first bits to go.  Next, the connected device’s storage is emptied.  Next, preloaded penetration tools spring into action.  The connection is used as a pivot point to attack other machines & databases on the network.  All of this is controlled remotely by an outside attack, via WiFi to the Internet, or nearby smartphone.[5]

Malicious Flash Drive

Malware can be transferred to a computer by way of removable media, especially USB malicious flash drives.  For example, an attacker could install a Trojan or ransomware by using a malicious flash drive, if he/she has physical access to the targeted system.  Alternatively, the attacker could place the USB flash drive somewhere & use some aspects of social engineering to fool the user into inserting it in his/her system and getting infected.[4]

Card Cloning & Skimming

Card cloning attacks can be used to clone credit cards, smartphone SIM cards, and even badges/cards used to access a building.[4]  From the perspective of the attackers, skimming can be a very effective way to obtain credit card information because it does not require the physical credit card to be stolen.  Instead, they simply use an electronic device to covertly scan the card’s information & copy it into the device’s memory.  The thieves can then access that information digitally, or else download the information onto a separate credit card that is already in their possession.[6]  Thieves can execute skimming attacks whenever a cardholder opts for electronic payment methods in a physical location.

References

  1. Password Spraying. Secret Double Octopus.
  2. Brute-Force Attack. Secret Double Octopus.
  3. Plaintext Attack. ScienceDirect.
  4. CompTIA Security+ Cert Guide. Pearson IT Certification.
  5. Malicious USB Cables. Murray Associates.
  6. Credit Card Cloning. Investopedia.