Malicious cyber activities represent one of the foremost challenges that business organizations today face. The National Institute of Standards and Technology (NIST) (2012) defines malicious cyber activity as any unauthorized access to computer systems that compromises the integrity, availability, and confidentiality of networks, data, information, or computer systems therein.in 2016, malicious cyber-attacks cost the US economy between $45-109 billion. In 2018, $45 billion in losses was reported lost from just 2 million cyber-attacks. The cost of cybercrime in 2019 was $1.3- $13 million per organization (Anderson et al., 2019). Malicious attacks can be of many forms including, DDoS, Botnet attacks, insider threats, malware, phishing attacks, hacks, espionage, man-in-the-middle attacks, among others. For this discussion, an emerging and formidable cyber-attack threat knew as Server-Side Request Forgery (SSRF) will be discussed. Additionally, the papers will discuss the equipment, software, and information needed to study this threat and how to handle incident data from an SFRF attack.
Server-Side Request Forgery (SSRF) is a web-based security vulnerability that allows an attacker to induce crafted request from back-end servers to vulnerable HTTP web applications. Cybercriminals use SSRF to internal targe systems protected by a firewall and not accessible from an external network. This goes to show that having a firewall and protecting your network infrastructure is not enough. Attackers leverage SSRF to launch attacks against organization services, using the loopback interface (127.0.0.1) of the server being exploited. This attack is also common in public clouds such as the AWS. The servers are tricked into running commands that are not permitted to run. One recent example of this vulnerability in effect was against Capitol One, which led to the loss of 100 million customer data, one of the largest ever hacks ever seen.
Delegate your assignment to our experts and they will do the rest.
Information, Equipment, And Software Needed to Study SSFR Attacks
Despite rigorous efforts to mitigate vulnerabilities and threats, they still occur. For SSRF, it is necessary to have extensive knowledge of how the AWS public cloud works, extensive studies in the server operations, as well as, knowledge on loopback interfaces and web applications running on your server. There are many software applications as well as hardware equipment that can help responders' study SSRF threats. The most common one is using an interactive Application Security Testing toolkit, which helps detect untrusted input from both internal and external sources. This toolkit is reliable and works better than DAST web scanners or Static analysis tools (SAST).
Acquiring, Handling, And Analyzing Data from An SSRF
Data from an SSRF attack can be collected using [1] human intelligence, I.e., interviewing, interrogation, and social engineering, particularly on suspected malicious insiders; [2] from internal and external indicators of compromise;[3] malware analysis tests; [4] pen testing report; [5] and Cyber Counterintelligence, including passive DNS, honeypots, and malware sinkholes. All data from the forensic investigations must be handled in a manner consistent with the legal standards associated with digital evidence handling. Log and malware analysis is the most pertinent form of analysis for SSRF attacks.
Incident Response Protocol
Organizations facing an SSRF attack should be well prepared in averting in response to this threat; the key steps involve assembling an Incidence response team made up of experts in computer science, software engineering, as well as cybersecurity experts. Next, the team should detect and ascertain the source using the Application Security Testing toolkit. Next, the team should try to contain and recover from the attack. If the company is on the AWS cloud, they can use tools such as the Access Advisor, the Guard Duty, the AWS WAF, the Amazon Macie, which are effective in containing SSRF attacks. Next, assessing the damage and severity of the attack, notify relevant stakeholders, and institute measures to prevent future incidents of the same nature.
References
Anderson, R., Barton, C., Bölme, R., Clayton, R., Ganán, C., Grasso, T., ... & Vasek, M. (2019). Measuring the changing cost of cybercrime.
National Institute of Standards and Technology (NIST). (2012). Guide to Malware Incident Prevention and Handling for Desktops and Laptops. NIST Special Publication 800-83 Revision 1 . Retrieved 5th November 2020 from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-83r1.pdf