Intro to the attacking landscape in real world

The Cybersecurity Tale of the Magical Castle

Once upon a time, there was this magical castle that held the secret recipes of the tastiest ancient food. This castle was also home to an underground bunker full of the city's wealth, protected by armed guards (Firewalls) who only allowed known and trusted visitors (data packets and connections) to enter. To further safeguard the castle, there were secret code words (passwords) known only to a few trusted individuals.

Despite these protections, the castle was still vulnerable to danger. There existed unknown weaknesses in its defenses that no one had discovered yet, these were known as 0day vulnerabilities in the realm of digital security. These vulnerabilities could be exploited by attackers to carry out their malicious schemes.

The castle was being watched by a group of malicious pirates (APT: Advanced Persistent Threats). These pirates were not just any ordinary ones but they were highly skilled and patient, planning to gain unauthorized access to the castle's secrets and riches over an extended period.

One bright and sunny morning, a well-dressed postman appeared at the castle’s gate. "I am the messenger sent by the king's friend," he proclaimed. "I am here to verify the security of your castle’s treasure. Let me in." The guards, though suspicious at first, were tired and lazy, and decided to let the postman in without further verification. This kind of deceptive situation in the digital world is known as a Phishing attack, where attackers disguise themselves as trustworthy entities to gain access.

Inside the castle, the postman began to roam freely, gathering intelligence and identifying weak spots in the castle’s defenses. He even placed tiny magical devices (malware) in strategic locations to monitor and control various parts of the castle remotely. This is similar to installing spyware or a Trojan horse in the cybersecurity world, where malicious software is secretly installed to gather information and exploit systems.

As days passed, the postman’s devices sent information back to the pirates, who then launched a personalized attack on the castle. This attack involved several methods:

1. Dictionary Attack: The pirates tried different combinations of code words (passwords) to break into the castle's vaults. They used a personalized dictionary based on the information they gathered while they were inside the castle to gain unauthorized access to a system.

2. DDoS Attack: They sent a large group of noisy creatures to overwhelm the guards and the castle’s gates, making it difficult for anyone to enter or leave. In the digital realm, this is known as a Distributed Denial of Service (DDoS) attack, which floods a network with traffic to disrupt its normal functioning.

3. Ransomware Attack: Once inside, they planted their own locks on the vaults, demanding a insane ransom in gold to unlock them. In cybersecurity terms, ransomware encrypts a user’s data and demands payment to restore access.

4. Man-in-the-Middle Attack: The pirates intercepted communications between the castle’s people and their allies, altering messages to cause confusion and mistrust. This is similar to intercepting and manipulating data exchanged between two parties in the digital world.

5. SQL Injection Attack: The pirates discovered a hidden tunnel (vulnerable input field) leading to the castle’s treasure room (database). By sending specially crafted fellow pirates (malicious SQL queries), they tricked the tunnel into revealing secrets and granting access to the room. This is similar to SQL Injection, where attackers manipulate a database query to gain unauthorized access or retrieve sensitive information.

6. Cross-Site Scripting (XSS): They also managed to slip a magical scroll (malicious script) into the castle’s library (website). When scholars (users) read the scroll, it cast spells (executed scripts) that revealed their personal thoughts and secrets (cookies and session data). This is similar to XSS attacks, where attackers inject malicious scripts into web pages viewed by other users.

7. Social Engineering: The pirates sent not so dumb pirates that disguised and pretended to be friendly traders (social engineers). They befriended some of the castle’s people, gaining their trust and convincing them to reveal secret code words (passwords) and security routines. Social engineering in cybersecurity involves manipulating people into divulging confidential information.

Despite the chaos, the castle's wise management quickly identified the attack patterns and initiated a defense strategy. They used magical mirrors (Intrusion Detection Systems) to detect the presence of intruders and alerted the guards. They also employed powerful spells (Antivirus software) to remove the magical devices (malware) planted by the postman.

Realizing the severity of the situation, the people of the castle decided to strengthen their defenses. They started using multi-layered security mechanisms (Multi-Factor Authentication) for their code words, requiring not just a password, but also a magical token or a unique piece of information known only to them. They also trained their guards to recognize and respond to various attack patterns, enhancing their ability to prevent future attempts. (security awareness)

In the end, the castle not only kicked out the pirates but also became stronger and more secure. The people learned valuable lessons about vigilance and the importance of continuously updating their defenses to protect against ever-evolving threats.

And so, the magical castle continued to thrive, its secrets safe and its wealth secure, thanks to the efforts of its defenders and the lessons learned from their close encounter with the pirates.

Refer to these for better understanding:

• Firewalls

• 0day vulnerability

• APT (Advanced Persistent Threat)

• Phishing

• Malware

Adding more reference.............