IT ARCHITECTS

What is a Cyber Attack?

Common Attack Techniques and Targets

A cyber attack is an unauthorized attempt to access a computer system to either size, modify, or steal data.

Cybercriminals can use a variety of attack vectors to launch a cyberattack including malware, phishing, ransomware, and man-in-the-middle attacks. Each of these attacks are made possible by inherent risks and residual risks.

A cybercriminal may steal, alter, or destroy a specified target by hacking into a susceptible system. Cyber threats can range in sophistication from installing malicious software like malware or a ransomware attack (such as WannaCry) on a small business to attempting to take down critical infrastructure like a local government or government agency like the FBI or Department of Homeland Security.

One common byproduct of a cyber attack is a data breach, where personal data or other sensitive information is exposed.

As more organizations bring their most important data online, there is a growing need for information security professionals who understand how to use information risk management to reduce their cybersecurity risks.

This paired with the increasing use and regulatory focus on outsourcing means that vendor risk management and third-party risk management frameworks are more important than ever.

Why Do Cyber Attacks Happen?

The motivations behind cyberattacks vary. The most common category of cyberattacks is nation-state attacks This type of attack is launched by cybercriminals representing a nation (usually Russia). Nation-state attackers usually target critical infrastructures because they have the greatest negative impact on a nation when compromised.

An example of such an incident is the Colonial Pipeline attack. Russian cybercriminal group, DarkSide infected Colonial Pipelines’s IT systems with ransomware, disrupting all of its operations.

To resume its critical supply of gasoline to the state, Colonial Pipeline paid Darkside’s ransom in exchange for a decryption key to reinstate its encrypted systems.

Because of the growing threat of nation-state attacks, the implementation of organizational-wide cybersecurity and network security controls are now more important than ever before.

Inside vs Outside Cyber Threats

Cyber attacks can come from inside or outside of your organization:

Inside cyber attack: Initiated from inside an organization’s security perimeter, such as a person who has authorized access to sensitive data that steals data

Outside cyber attack: Initiated from outside the security perimeter, such as a distributed-denial-of-service attack (DDoS attack) powered by a botnet.

What Do Cyber Attacks Target?

Cyber attacks target a resource (physical or logical) that has one or more vulnerabilities that can be exploited. As a result of the attack, the confidentiality, integrity, or availability of the resource may be compromised.

In some cyber-attacks, the damage, data exposure, or control of resources may extend beyond the one initially identified as vulnerable, including gaining access to an organization’s Wi-Fi network, social media, operating systems, or sensitive information like credit card or bank account numbers.

One of the most famous examples of a cyberattack that was deployed for surveillance was the Solarwinds supply chain attack. Russian cyber criminals gained access to various US Government entities by piggy-backing malware off an update for the Solarwinds product Orion.

Because this product was being used by the US Government, the cybercriminals were able to gain access to its networks and intercept private internal correspondences.

Such highly-complex cyberattacks are able to bypass firewalls and VPNs because they hide behind legitimate computer processes. This also makes it very difficult for law enforcement to track the responsible cybercriminals down.

Confidentiality, integrity, and availability are known as the CIA triad and are the basis of information security.

Passive vs. Active Cyber Attacks

Cyber attacks can either be passive or active.

Passive cyber attacks include attempts to gain access or make use of information from a target system without affecting system resources – for example, typosquatting.

Active cyber attacks include intentional attempts to alter a system or affect operation – for example, data breaches and ransomware attacks.

Most Common Type of Cyber Attacks

Examples of Active Cyber Attacks Include:

Brute force attacks: A popular cracking method that involves guessing usernames and passwords to gain unauthorized access to a system or sensitive data.

Cross-site scripting (XSS): A type of security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users and may be used to bypass access control, such as the same-origin policy.

Denial-of-service attacks (DoS): Occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.

Exploit: A piece of software, data or sequence of commands that takes advantage of avulnerabilityto cause unintended behavior or to gain unauthorized access to sensitive data.

Email spoofing: The creation of emails with a forged sender address. Because core email protocols lack authentication, phishing attacks and spam emails can spoof the email header to mislead the recipient about the sender of the email.

Phishing: Gathers sensitive information like login credentials, credit card numbers, bank account numbers or other financial information by masquerading as a legitimate site.

Man-in-the-middle: An attacker relays and possibly alters communication between two parties who believe they are communicating directly. This allows the attacker to relay communication, listen in, and even modify what each party is saying.

Man-in-the-browser: A proxy for a trojan horse that infects a web browser by taking advantage of vulnerabilities in the browser to modify web pages and transaction content, or insert new content in a covert fashion.

Ping flooding: A simple denial-of-service attack where the attacker overwhelms the victim with ICMP “echo request” (ping) packets.

Ping of death: An attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer

Smurf attack: A distributed denial-of-service attack where a large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address.

Buffer overflows: Attackers exploit buffer overflow issues by overwriting the memory of an application. This changes the execution path of the program, triggering a response that damages files or exposes private information

Heap overflows: A form of buffer overflow that happens when a chunk of memory is allocated to the heap and data is written to this memory without any bound checking being done on the data.

Stack overflows: A type of buffer overflow that causes a program to write more data to a buffer located on the stack than what is allocated for the buffer, resulting in corruption of adjacent data on the stack that causes the program to crash or operate incorrectly.

Format string attacks: Occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application, causing new behaviors that could compromise the security or the stability of the system.

Direct access attacks: An attack where a hacker is able to gain access to a computer and be able to directly download data from it.
Social engineering: Social engineering is an attack vector that exploits human psychology and susceptibility to manipulate victims into divulging confidential information and sensitive data or performing an action that breaks usual security standards.

Spyware: Unwanted software, a type of malicious software or malware, designed to expose sensitive information, steal internet usage data, gain access to or damage your computing device.

Tampering: Modification of a product or service intended to cause harm to the end user.

Privilege escalation: The exploitation of a programming error, vulnerability, design flaw, configuration oversight or access control in an operating system or application to gain unauthorized access to resources that are usually restricted from the application or user.

Viruses: A computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code.

Whaling attack: A type of phishing attack that targets high-level executives, such as the CEO or CFO, to steal sensitive information from a company. This could include financial information or employees’ personal information.

Worms: A type of malicious software that self-replicates, infecting other computers while remaining active on infected systems.

Ransomware: A type of malicious software, or malware, designed to deny access to a computer system or data until ransom is paid. Ransomware spreads through phishing emails, malvertising, visiting infected websites or by exploiting vulnerabilities.

Trojan horses: Any malware which misleads users of its true intent.

Malicious code: Any program or file that is harmful to a computer user. Types of malware include computer viruses, worms, Trojan horses, spyware, adware and ransomware.

SQL injection: A code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

Zero-day exploit: An unpatched security vulnerability that is unknown to the software, hardware or firmware developer, and the exploit attackers use to take advantage of the security hole.

Common Examples of Passive Cyber Threats:

Computer surveillance: The monitoring of computer activity and data stored on a hard drive.

Network surveillance: The monitoring of activity and data being transferred over computer networks.

Wiretapping: The monitoring of telephone and Internet-based conversations by a third party, often by covert means.

Fiber tapping: Uses a network tap method that extracts signal from an optical fiber without breaking the connection.

Port scanning: A technique used to identify open ports and services available on a network host.

Idle scanning: A TCP port scan method that consists of sending spoofed packets to a computer to find out what services are available

Keystroke logging (keylogging): The action of recording the keys struck on a keyboard so the victim is unaware their actions are being monitored.

Data scraping: A technique in which a computer program extracts data from human-readable output coming from another program

Backdoor: A covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment.

Typosquatting: Typosquatting is a form of cybersquatting where someone sits on similar domain names to those owned by another brand or copyright, targeting Internet users who incorrectly type in a website address into their web browser, rather than using a search engine.

Eavesdropping: The act of secretly or stealthily listening to the private conversation or communications of others without their consent

Vulnerabilities: A weakness that can be exploited by a cyber attack to gain unauthorized access to or perform unauthorized actions on a computer system.

Common Infrastructure Cyber Attack Targets

There are six common infrastructure cyberattack targets:

1. Control systems: Control systems that activate and monitor industrial or mechanical controls such as controlling valves and gates on physical infrastructure.
2. Energy: Cybercriminals may target electric grids or natural gas lines that power cities, regions, or households.
3. Finance: Financial infrastructure is often the target of cybercrime due to the increasing interconnectivity of computer systems and financial systems.
4. Telecommunications: Denial-of-service (DoS) attacks often target telecommunications that run through the Internet reducing the ability to communicate.
5. Transportation: Successful cyber attacks on transportation infrastructure has a similar effect to telecommunications attacks, impacting the schedule and accessibility of transport.
6. Water: Water infrastructure is often controlled by computers making it a big target for cybercriminals and one of the most hazardous if compromised. Sewer systems can also be compromised.

What is a Cyber Threat?

A cyber threat is a potential for violation of cybersecurity that exists when there is a circumstance, capability, action, or event that could cause a data breach or any other type of unauthorized access.

Any vulnerability that can be exploited is a cyber threat. Cyber threats can come in both intentional and accidental ways:

Intentional cyber threat: An example is a cybercriminal installing the WannaCry ransomware attack, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

Accidental cyber threats: Poorly configured S3 bucket security leading to a big data breach. Check your Amazon S3 security or someone else will.

This is why understanding the difference between cybersecurity and information security, as well as how to perform a cybersecurity risk assessment is more important than ever. Your organization needs to have a set of policies and procedures to manage your information security in accordance with risk management principles and have countermeasures to protect financial, legal, regulatory, and reputational concerns.

Should a cyber attack lead to a security incident, your organization should have steps to detect, classify, manage, and communicate it to customers where applicable. The first logical step is to develop an incident response plan and eventually a cybersecurity team.

How to Detect Cyber Attacks

Cyber threats arise from either residual or inherent risks. To detect cyber attacks, a number of countermeasures can be set up at organizational, procedural, and technical levels.

Examples of organizational, procedural, and technical countermeasures are as follows:

Organizational countermeasure: providing cybersecurity training to all levels of your organization.

Procedural countermeasure: sending out vendor assessment questionnaires to all third-party vendors.

Technical countermeasure: installing antivirus, antimalware, anti-spyware software, and network intrusion detection systems (NIDS) on all computers and continuously monitoring your vendors and your organization for data leaks.

Read More About MITRE

Buy From Amazon