Common methods of attack and types of malware

Who are the attackers?

Attackers can be a variety of people – hackers, script kiddies, employees, spies, cyber-terrorists or cyber-criminals.

1. Hackers are essentially anyone who illegally breaks into a computer or uses a computer for use not originally authorized for.  Most hackers have strong technical skills, are motivated by thrill or some sense of power, and typically do damage as a by-product of their illegal activity
2. Script kiddies, like hackers, illegally break into a computer or use it for unauthorized purposes.  Unlike hackers, they are not as technically savvy – they usually download scripts from the web and are usually considered more dangerous that hackers because they are less technically aware of the damage they’re causing.
3. Employees are the most damaging because of their internal knowledge of the systems, uses, etc.  and pose the largest IS threat
4. Cyber-criminals typically target for financial reasons – common examples are identity thieves, financial fraudsters.  They are typically career criminals.
5. Spies are individuals who have been hired for a specific purpose – to break into a computer and steal information.
6. Cyber-terrorists – Attacks organized by terrorists – goal is to do harm
7. Cyber-war – Government sponsored – and often used in conjunction with physical attacks

Difficulties in defending against attacks

Attacks are becoming more an more difficult to defend against for a number of reasons:

1. Speed of attacks – todays attackers can launch attacks against millions of computers within minutes
2. Sophistication of attacks – tools can vary attacks so they look different each time
3. Simplicity of attack tools – can download scripts off web
4. Vulnerabilities can be seen more quickly
5. Delays in patching – vendors difficultly keeping up with latest
6. Distributed attacks
7. User confusion

Defenses against attacks

There are 5 fundamental security principles to defend against attacks (LLDOS)

1. Layering

1. Layering different types of security measures make it harder for an attacker to break through all layers.  For example, gates, badges, sign-ins, etc.

2. Limiting

1. Limiting access to information reduces possible threats.  Only those who should have access ultimately get it

3. Diversify

1. Layers must be different/diverse.  If an attacker penetrates one layer, they can’t use the same methodology to penetrate the others.

4. Obscurity

1. Not revealing the type of computers, operating systems, software, network connections, etc.

5. Simplify

1. Networks are complex by nature.  The security layer needs to be simple enough for internal resources to manage and use.

CIA Triangle + Authentication and Non-repudiation

1. Confidentiality

1. Basically means that those with sufficient privileges have access certain information.  Can use classifications, encryption, controls, etc.

2. Integrity

1. Quality of the information – is it whole, complete and uncorrupted

3. Availability

1. Is the information accessible to authorized users?  Users can be another person or a computer

4. Authentication

1. Requires you to prove you are who you say you are by something you have, something you are, or something you know.

5. Non-Repudiation

1. The most difficult to pull off – simply means that a message has been sent and received and the sender can be verified