DOCSLIB.ORG

Types of Cyberattack

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Types of Cyberattack 1: Cybersecurity Context & Background Types of Cyberattack On average, advanced Data Integrity cyberattacks go Malicious data manipulation can be detrimental to a business. This is a highly sophisticated, and 5 197 days undetected . easily undetectable cyberattack that causes users to SQL Injection doubt the accuracy of their information. Manipulating Deploying malicious code into an SQL-based Being aware of how public opinion through smear campaigns or changing server can force the server into revealing information in a medical system are two examples of information it wouldn’t normally reveal. cyberattackers infect systems how this type of attack poses a huge threat to society. This type of attack can allow attackers Malware can help your business detect to tamper with services enabling them to Malware refers to the practice of pose as other individuals, void transactions, abnormal activity and potentially deploying malicious software, including change data, destroy data and approve ransomware, spyware, viruses and administrative access to users. help detect an attack early on. worms to infect and breach a network. This can result in blocked access to Here are some of the common files and systems, criminals covertly types of cyberattack: obtaining sensitive information, and disruption to service, amongst others. Cyber-Collection Distributed Denial of Service Used by nation states to conduct espionage and even corporate spies to gather intelligence This type of attack uses multiple compromised on rivals, cyber collection is similar to snooping systems to attack servers, networks, and but is with the intention to scan, collect and systems to flood and exhaust resources Snooping exfiltrate sensitive information. An example forcing the network to fail and deny service Similar to the act of eavesdropping, snooping is the of this is the famous Stuxnet computer to legitimate users. practice of unauthorised access to systems and data. worm first uncovered in 2010. This can include monitoring of keystrokes, passwords, login information, communications, webcams etc. Cybersecurity | 2019 | 8.
Load more

Recommended publications
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress
    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
    [Show full text]
  • Attribution and Response to Cybercrime/Terrorism/Warfare Susan W
    Journal of Criminal Law and Criminology Volume 97 Article 2 Issue 2 Winter Winter 2007 At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare Susan W. Brenner Follow this and additional works at: https://scholarlycommons.law.northwestern.edu/jclc Part of the Criminal Law Commons, Criminology Commons, and the Criminology and Criminal Justice Commons Recommended Citation Susan W. Brenner, At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare, 97 J. Crim. L. & Criminology 379 (2006-2007) This Symposium is brought to you for free and open access by Northwestern University School of Law Scholarly Commons. It has been accepted for inclusion in Journal of Criminal Law and Criminology by an authorized editor of Northwestern University School of Law Scholarly Commons. 0091-4169/07/9702-0379 THE JOURNALOF CRIMINAL LAW & CRIMINOLOGY Vol. 97. No. 2 Copyright 0 2007 by NorthwesternUniversity. Schoolof Low Printedin U.S.A. "AT LIGHT SPEED": ATTRIBUTION AND RESPONSE TO CYBERCRIME/TERRORISM/WARFARE SUSAN W. BRENNER* This Article explains why and how computer technology complicates the related processes of identifying internal (crime and terrorism) and external (war) threats to social order of respondingto those threats. First, it divides the process-attribution-intotwo categories: what-attribution (what kind of attack is this?) and who-attribution (who is responsiblefor this attack?). Then, it analyzes, in detail, how and why our adversaries' use of computer technology blurs the distinctions between what is now cybercrime, cyberterrorism, and cyberwarfare. The Article goes on to analyze how and why computer technology and the blurring of these distinctions erode our ability to mount an effective response to threats of either type.
    [Show full text]
  • Deterrence Theory in the Cyber-Century Lessons from a State-Of-The-Art Literature Review
    Working Paper Research Division EU/Europe Stiftung Wissenschaft und Politik German Institute for International and Security Affairs Annegret Bendiek, Tobias Metzger Deterrence theory in the cyber-century Lessons from a state-of-the-art literature review SWP Working Papers are online publications of SWP’s research divisions which have not been formally reviewed by the Institute. Ludwigkirchplatz 3−4 10719 Berlin Phone +49 30 880 07-0 Fax +49 30 880 07-100 www.swp-berlin.org Working Paper RD EU/Europe, 2015/ 02, May 2015 [email protected] SWP Berlin Table of Contents List of Figures 1 List of Abbreviations 2 Introduction 3 In theory – Deterrence theory and cyberspace 4 Deterrence-by-retaliation and deterrence-by-denial 6 In practice – Suitability of cyber: lessons and implications 7 Key challenges: Credibility and capability to display and use force 7 How to deter? Deterrence-by-denial and deterrence-by- retaliation 9 Determining the type of defence 9 Adding offence to the equation 10 When and whom to deter? Immediate vs. general deterrence and the challenge of attribution 10 What to deter? Narrow vs. broad deterrence 12 For whom? Central vs. extended deterrence 13 Conclusion and outlook 14 Annex 16 Glossary 16 List of References 17 List of Figures Figure 1: Limits to retaliation in cyberspace .................. 9 Figure 2: A possible model of escalation ....................... 11 Figure 3: EEAS figure on a possible inter-ministry division of labour ................................................................. 15 Figure 4: Risk assessment
    [Show full text]
  • Cyber Threats to Mobile Phones Paul Ruggiero and Jon Foote
    Cyber Threats to Mobile Phones Paul Ruggiero and Jon Foote Mobile Threats Are Increasing Smartphones, or mobile phones with advanced capabilities like those of personal computers (PCs), are appearing in more people’s pockets, purses, and briefcases. Smartphones’ popularity and relatively lax security have made them attractive targets for attackers. According to a report published earlier this year, smartphones recently outsold PCs for the first time, and attackers have been exploiting this expanding market by using old techniques along with new ones.1 One example is this year’s Valentine’s Day attack, in which attackers distributed a mobile picture- sharing application that secretly sent premium-rate text messages from the user’s mobile phone. One study found that, from 2009 to 2010, the number of new vulnerabilities in mobile operating systems jumped 42 percent.2 The number and sophistication of attacks on mobile phones is increasing, and countermeasures are slow to catch up. Smartphones and personal digital assistants (PDAs) give users mobile access to email, the internet, GPS navigation, and many other applications. However, smartphone security has not kept pace with traditional computer security. Technical security measures, such as firewalls, antivirus, and encryption, are uncommon on mobile phones, and mobile phone operating systems are not updated as frequently as those on personal computers.3 Mobile social networking applications sometimes lack the detailed privacy controls of their PC counterparts. Unfortunately, many smartphone users do not recognize these security shortcomings. Many users fail to enable the security software that comes with their phones, and they believe that surfing the internet on their phones is as safe as or safer than surfing on their computers.4 Meanwhile, mobile phones are becoming more and more valuable as targets for attack.
    [Show full text]
  • Cyberattack Attribution
    CYBERATTACK ATTRIBUTION A BLUEPRINT FOR PRIVATE SECTOR LEADERSHIP RESEARCH FELLOWS SENIOR RESEARCH FELLOWS Justin Collins Allison Anderson Cameron Evans Stacia Lee Chris Kim Kayley Knopf FACULTY LEAD Selma Sadzak Jessica Beyer Nicholas Steele Julia Summers Alison Wendler This report is a product of the Applied Research Program in the Henry M. Jackson School of International Studies at the University of Washington. The Applied Research Program matches teams of top-achieving Jackson School students with private and public sector organizations seeking dynamic, impactful, and internationally-minded analyses to support their strategic and operational objectives. For more information about the Applied Research Program please contact us at [email protected]. Executive Summary After three decades of development, adoption, and innovation, the Internet stands at the core of modern society. The same network that connects family and friends across the world similarly ties together all aspects of daily life, from the functioning of the global economy to the operation of governments. The digitization of daily life is the defining feature of the 21st century. While the pervasiveness of Internet-enabled technology brings significant benefits, it also brings serious threats—not only to our economy and safety, but also to our trust in computer systems.1 The Internet is central to modern life, yet major state-sponsored cyberattacks persist in disrupting Internet access and function. These attacks undermine faith in government and public trust in democratic institutions. Attribution attempts to date have been unable to deter states from building malicious code for even greater destructive capabilities. In response, we propose the formation of an attribution organization based on international private sector coordination.
    [Show full text]
  • The Resiliency Compass: Navigating Global Value Chain Disruption in an Age of Uncertainty
    In Collaboration with Kearney The Resiliency Compass: Navigating Global Value Chain Disruption in an Age of Uncertainty WHITE PAPER JULY 2021 Images: Getty Images, Unsplash Contents Foreword 3 Executive summary 4 1 Disruption drives a rethink 5 2 Resilience in action 8 2.1 Getting to grips with disruption 8 2.2 Introducing the resiliency compass 8 2.3 Who are the resilience leaders? 10 3 Setting the right course with the resiliency compass 11 4 Call for action: global coordination for the long term 14 Methodology 15 Contributors 16 Acknowledgements 17 Endnotes 19 © 2021 World Economic Forum. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including photocopying and recording, or by any information storage and retrieval system. The Resiliency Compass: Navigating Global Value Chain Disruption in an Age of Uncertainty 2 July 2021 The Resiliency Compass: Navigating Global Value Chain Disruption in an Age of Uncertainty Foreword Unlocking the future of cooperation, resilience and prosperity for global value chains. Francisco Betti Per Kristian Hong Head of Shaping the Future of Managing Director and Advanced Manufacturing and Partner, Strategic Operations Production, Member of the and World Economic Forum Executive Committee, World Relationship Lead, Kearney Economic Forum COVID-19 has kept manufacturing companies systems if both the global economy and companies beyond busy for many months and the challenges are to successfully navigate future disruptions that are far from over, from ensuring safety and may affect global value chains. security on the shop floor and facing supply and demand disruptions to accelerating digital In 2020, the World Economic Forum, in transformation and reskilling to build resilience.
    [Show full text]
  • Image Steganography Applications for Secure Communication
    IMAGE STEGANOGRAPHY APPLICATIONS FOR SECURE COMMUNICATION by Tayana Morkel Submitted in partial fulfillment of the requirements for the degree Master of Science (Computer Science) in the Faculty of Engineering, Built Environment and Information Technology University of Pretoria, Pretoria May 2012 © University of Pretoria Image Steganography Applications for Secure Communication by Tayana Morkel E-mail: [email protected] Abstract To securely communicate information between parties or locations is not an easy task considering the possible attacks or unintentional changes that can occur during communication. Encryption is often used to protect secret information from unauthorised access. Encryption, however, is not inconspicuous and the observable exchange of encrypted information between two parties can provide a potential attacker with information on the sender and receiver(s). The presence of encrypted information can also entice a potential attacker to launch an attack on the secure communication. This dissertation investigates and discusses the use of image steganography, a technology for hiding information in other information, to facilitate secure communication. Secure communication is divided into three categories: self-communication, one-to-one communication and one-to-many communication, depending on the number of receivers. In this dissertation, applications that make use of image steganography are implemented for each of the secure communication categories. For self-communication, image steganography is used to hide one-time passwords (OTPs) in images that are stored on a mobile device. For one-to-one communication, a decryptor program that forms part of an encryption protocol is embedded in an image using image steganography and for one-to-many communication, a secret message is divided into pieces and different pieces are embedded in different images.
    [Show full text]
  • International Security in Cyberspace: New Models for Reducing Risk Write a Description
    Arms Control and International Security Papers Volume I I Number 20 October 20, 2020 International Security in Cyberspace: New Models for Reducing Risk by Christopher A. Ford The Arms Control and International Security Papers are produced by the Office of the Under Secretary of State for Arms Control and International Security in order to make U.S. State Department policy analysis available in an electronically-accessible format compatible with "social distancing" during the COVID-19 crisis. Arms Control and International Security Papers Volume I, Number 20 I October 20, 2020 International Security in Cyberspace: New Models for Reducing Risk International Security in Cyberspace: New Models for Reducing Risk by Christopher A. Ford1 In this ACIS Paper, Assistant Secretary Ford recounts the evolution of U.S. cyberspace security diplomacy over the last several years, describing the difficulty of making traditional "arms control" concepts work in this novel domain, but emphasizing the valuable contributions nonetheless already being made through the articulation of voluntary, nonbinding norms of responsible state behavior and a shift to a more explicitly deterrence-focused cyberspace security policy. In this ever more Internet-connected age, it is no challenge of enormous magnitude, and one to which surprise that cyber threats continue to increase. The the non-authoritarian world is still only in the early more indispensable such connectivity is for commerce, stages of mounting effective responses. communications, and innumerable aspects of daily life, the more that malicious actors see opportunities to Success in meeting these challenges requires a steal (or hold hostage) the information lifeblood of our whole-of-government response, and such a broad contemporary economy, or otherwise to profit response is indeed underway pursuant to the broad malevolently from modern dependencies.
    [Show full text]
  • Espionage Against the United States by American Citizens 1947-2001
    Technical Report 02-5 July 2002 Espionage Against the United States by American Citizens 1947-2001 Katherine L. Herbig Martin F. Wiskoff TRW Systems Released by James A. Riedel Director Defense Personnel Security Research Center 99 Pacific Street, Building 455-E Monterey, CA 93940-2497 REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing the burden, to Department of Defense, Washington Headquarters Services, Directorate for Information Operations and Reports (0704- 0188), 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. 1. REPORT DATE (DDMMYYYY) 2. REPORT TYPE 3. DATES COVERED (From – To) July 2002 Technical 1947 - 2001 4. TITLE AND SUBTITLE 5a. CONTRACT NUMBER 5b. GRANT NUMBER Espionage Against the United States by American Citizens 1947-2001 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER Katherine L. Herbig, Ph.D. Martin F. Wiskoff, Ph.D. 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8.
    [Show full text]
  • The Ethics of Cyberwarfare Randall R
    This article was downloaded by: [University of Pennsylvania] On: 28 February 2013, At: 08:22 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Journal of Military Ethics Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/smil20 The Ethics of Cyberwarfare Randall R. Dipert a a SUNY (State University of New York) at Buffalo, NY, USA Version of record first published: 16 Dec 2010. To cite this article: Randall R. Dipert (2010): The Ethics of Cyberwarfare, Journal of Military Ethics, 9:4, 384-410 To link to this article: http://dx.doi.org/10.1080/15027570.2010.536404 PLEASE SCROLL DOWN FOR ARTICLE Full terms and conditions of use: http://www.tandfonline.com/page/terms-and- conditions This article may be used for research, teaching, and private study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. The publisher does not give any warranty express or implied or make any representation that the contents will be complete or accurate or up to date. The accuracy of any instructions, formulae, and drug doses should be independently verified with primary sources. The publisher shall not be liable for any loss, actions, claims, proceedings, demand, or costs or damages whatsoever or howsoever caused arising directly or indirectly in connection with or arising out of the use of this material. Journal of Military Ethics, Vol. 9, No. 4, 384Á410, 2010 The Ethics of Cyberwarfare RANDALL R.
    [Show full text]
  • Cyberattack and the Use of Force in International Law
    Beijing Law Review, 2021, 12, 631-649 https://www.scirp.org/journal/blr ISSN Online: 2159-4635 ISSN Print: 2159-4627 Cyberattack and the Use of Force in International Law Joseph N. Madubuike-Ekwe Department of Public Law, Faculty of Law, Benson Idahosa University, Benin City, Nigeria How to cite this paper: Madubuike-Ekwe, Abstract J. N. (2021). Cyberattack and the Use of Force in International Law. Beijing Law This article examines how the existing law of armed conflict may be applied Review, 12, 631-649. or adapted to meet the challenges posed by cyber-attacks. It begins with a de- https://doi.org/10.4236/blr.2021.122034 finition of cyber-attacks, cyberexploitation and cyberespionage and their dif- Received: September 11, 2020 ferences. The article discusses how cyber-attacks are regulated by the existing Accepted: June 19, 2021 body of laws such as the United Nations Charter, International humanitarian Published: June 22, 2021 Law (IHL), international treaties and domestic laws. It notes that the existing law addresses only a small fraction of potential cyber-attacks. IHL, for exam- Copyright © 2021 by author(s) and Scientific Research Publishing Inc. ple, provides a useful framework for a very small number of cyber-attack that This work is licensed under the Creative amounts to an armed attack or that take place within the context of armed Commons Attribution International conflict. The article concludes that, since cyber-attacks are global in nature, License (CC BY 4.0). there is need for a new international legal framework to more effectively deal http://creativecommons.org/licenses/by/4.0/ with the challenges posed by cyber-attacks.
    [Show full text]
  • Safeguarding Against Cyberattack in an Increasingly Digital World
    Safeguarding against cyberattack in an increasingly digital world As part of its strategic partnership with Viva Technology, McKinsey & Company is publishing a series of articles looking at seven areas of technology that are potentially the most disruptive: Quantum computing, Cybersecurity, Connectivity & 5G, Cloud computing, AI, Digital ID, and Biotechnologies; as well as two major shifts for society: Future of work and Digital ecosystems. June 2020 Safeguarding against cyberattack in an increasingly digital world The threat of cyberattack is universal. Factors such as digitization, greater use of online services and a rapid rise in working from home have all increased cyber risk. But there are things businesses can do to safeguard their organizations. By Jim Boehm, James Kaplan, and Wolf Richter All industries face the threat of cyberattack. According to a prior McKinsey survey, 75 percent of experts, across many industries, consider cyberrisk to be a top concern.1 Until recently, financial firms were the primary targets. Risks for banks arise from diverse factors including vulnerabilities to fraud and financial crime inherent in automation and digitization; massive growth in transaction volumes; and greater integration of financial systems within countries and internationally. Today, due to digitization and automation, the threat is universal. Added to this, the recent COVID-19 pandemic has intensified the danger of cyberattack, across all industries. Changes in working conditions have made it harder for companies to maintain security. Large-scale adoption of work-from-home technologies, heightened activity on customer-facing networks, and greater use of online services all present fresh openings, which cyber attackers have been quick to exploit.
    [Show full text]