3.1 Description of ThreatCauses of ThreatThird-Party Software Vulnerabilitieso The more third-party software the company uses, the greater the attack surface, it increases the risks of being attacked because third party software are maintained and developed by external companies, so when a vulnerability is discovered, patching of the vulnerability may take a long time, so an attacker can exploit this vulnerability as this vulnerability is not fixed fast enough and the website will be attacked through exploitation. Employee Erroro “People are the weakest link in the security chain”. This refers to the fact that employees can cause harm to the company systems and web applications.
Despite have robust and strong security features, attackers can use social engineering to trick the employees by sending a phishing email and spoof the sender information, tricking the employee. The unsuspecting employee clicks on the email and a malware is downloaded into the employee computer, malware can now gain access into the computer and steal credentials.Why is it a threat?Exploit Kits are used in identifying vulnerabilities and exploiting the vulnerabilities in the system. This is a threat to the company as the exploit kit can be executed just by simply visiting a website.Web Attacks are a big threat to a company as the attacks could steal confidential information such as credit card information, personal, etc and now web attacks are getting more advanced. Within a short time, thousands of websites can be attacked, and traditional security features cannot stop web attacks as the web server is designed to process HTTP and therefore need to allow HTTP traffic to pass through to service web browser access. Attackers can exploit this vulnerability and launch their attacks.3.
2 Nature of ThreatHow does the threat work?· Exploit Kit (Angler Exploit Kit)The above image shows an example of a exploit kit execution process. As what the picture has shown, exploit kit can be executed by simply viewing a normal website, which has been compromised, and it redirects the user to a malicious website that hosts the exploit kit, the exploit kit now scans the browser for security vulnerabilities to attack. The exploit kit now exploits the vulnerability which it had found by scanning earlier, and install “payload” on the system. All of this can happen in less than a second.
2. The web server saves the malicious script into the database.3. The user requests to view a web page on the compromised web application.4. The website loads the data with the attacker’s malicious script on the user browser.5. The user views the web page on the web application.
6. The malicious script that is loaded into the user browser is executed and it sends the browser cookie (personal info like name, address, sensitive information like credit card number, bank account credentials, etc) of the user to the attacker.Who is affected? GovernmentEducational InstitutionsBanksHigh Values Targets(Military,etc)Small and Medium Enterprises As Singapore strives to become a Smart Nation, with advanced IT infrastructure and smart technologies, the attack surface of Singapore will be greater for the attackers to launch attacks from. As Singapore is one of the world’s top financial hub, it will undoubtedly attract attackers to target Singapore.3.
3 Mitigation of Threat To assign minimum privileges to use the databaseO This will limit what an attacker can do as they will have minimum privileges of the database.To validate all user inputsO Validation will ensure that special characters are filtered out and the attacker will not inject malicious script or code through the input fields. The usage of SQL parameterized queriesO SQL parameterized queries will ensure that the attacker will not be able to manipulate or modify the SQL query. To update the application regularlyO To patch vulnerabilities of the application before any attacker can exploit them. Encode all user input dataO The user input data will be encoded at the server, and any malicious script will not be executed at the user browser, preventing Cross Site Scripting attack from happening.· Use a strong web application firewallO The web application firewall is able to detect and prevent incoming web attacks (XSS, SQL Injection, etc) as it looks at incoming HTTP requests and filter out malicious traffic before they reach the Web Server.
It serves as a good deterrent to any potential attacker.