Motives, Goals, and Objectives of Information Security Attacks
- Attacks = Motive (Goal) + Method + Vulnerability
Windows XP and Flash are common Vulnerabilities
- A motive originates out of the notion that the target system stores or processes something valuable and this leads to threat of an attack on the system.
- Attackers try various tools and attack techniques to exploit vulnerabilities in a computer system or security policy and controls to achieve their motives.
The target exists or executes something of value, and attackers exploit exploit vulnerabilities to achieve their motivation or purpose
- Motives Behind Information Security Attacks:
- Disrupting business continuity
- Information theft
- Manipulating data
- Creating fear and chaos by disrupting critical infrastructures
- Propagating religious or political beliefs
- Achieving state’s military objectives
- Damaging reputation of the target
- Taking revenge
Top Information Security Attack Vectors
- Cloud Computing Threats:
- Cloud computing is an on-demand delivery of IT capabilities where sensitive data of organization’s and clients is stored.
- Flaw in one client’s application cloud allow attackers to access other client’s data.
- Advanced Persistent Threats: APT is an attack that focus on stealing information from the victim machine without the user being aware of it.
Persistent: low-key, slow, timeless
- Viruses and Worms: Viruses and worms are the most prevalent networking threat that are capable of infecting a network within seconds.
The virus replicates itself through entrainment in other programs. A worm is a malicious program that is spread, copied and executed over a network.
- Mobile Threats: Focus of attackers has shifted to mobile devices due to the increased adoption of mobile devices for business and personal purposes and comparatively lesser security controls.
- Botnet: A botnet is a huge network of the compromised systems used by an intruder to perform various network attacks.
Botnet is a large number of hacked computers on the Internet, which will be used by attackers to launch DDoS attacks
- Insider Attack: It is an attack performed on a corporate network or on a single computer by an entrusted person (insider) who has authorized access to the network.
Information Security Threat Categories
- Information gathering
- Sniffing and eavesdropping
- Session hijacking and Man-in-the-Middle attack
- DNS and ARP Poisoning
- Password-based attacks
- Denial-of-Service attack
- Compromised-key attack
- Firewall and IDS attacks
Threats posed by attacks from computer-to-computer communications
- Malware attacks
- Password attacks
- Denial-of-Service attacks
- Arbitrary code execution
- Unauthorized access
- Privilege escalation
- Backdoor attacks
- Physical security threats
Threats posed by attacks against specific hosts of value
- Improper data/Input validation
- Authentication and Authorization attacks
- Security misconfiguration
- Information disclosure
- Broken session management
- Buffer overflow attacks
- Cryptography attacks
- SQL injection
- Improper error handling and exception management
Vulnerabilities in applications allow attackers to exploit the threat posed by
Types of Attacks on a System
Operating System Attacks:
- Attackers search for vulnerabilities in an operating system’s design, installation or configuration and exploit them to gain access to a system.
- OS Vulnerabilities: Buffer overflow vulnerabilities, bugs in operating system, unpatched operating system, etc.
Attackers look for operating system or OS level vulnerabilities to access system privileges, such as buffer overflow, operating system bugs, operating system not updated, specific network protocol vulnerabilities, attacking system privileges, corrupting file-system, cracking passwords and encryption mechanism.
Misconfiguration: Attacks Misconfiguration vulnerabilities affect web servers, application platforms, databases, networks, or frameworks that may result in illegal access or possible owning of the system.
Incorrect configuration settings allow an attacker to gain unauthorized access to the system.
Modify system defaults, remove or close unnecessary services.
- Attackers exploit the vulnerabilities in applications running on organizations’ information system to gain unauthorized access and steal or manipulate data.
- Application Level Attacks: Buffer overflow, cross-site scripting, SQL injection, man-in-the-middle, session hijacking, denial-of-service, etc.
Exploiting vulnerabilities in applications to gain unauthorized access and steal or modify data.
Attacks are : Buffer overflow, Sensitive information disclosure, XSS, session hijacking, man-in-the-middle, denial-of-service attacks, SQL injection attacks, Phishing, Parameter/form tampering, Directory traversal attacks.
Will session ID put cookie instead of URL prevent session hijacking
Denial-of-Service It is to do a lot of access resources to the target computer/network, making it impossible for legitimate users to use it. You can use finally for exception handling.
Shrink-Wrap Code Attacks: Attackers exploit default configuration and settings of the off-the-shelf libraries and code.
If there are loopholes in the free libraries used by software developers, all developers’ software will have loopholes. Therefore, the content of the code must be modified and adjusted when using, so that no exploit can be used normally.
- The term information warfare or InfoWar referes to the use of information and communication technologies (ICT) to take competitive advantages over an opponent.
- Defensive Information Warfare: It refers to all strategies and actions to defend against attacks on ICT assets.
- Emergency Preparedness
- Offensive Information Warfare: It refers to information warfare that involves attacks against ICT assets of an opponent.
- Web Application Attacks
- Web Server Attacks
- Malware Attacks
- MITM Attacks
- System Hacking
Information warfare weapons seem to have viruses, worms, Trojan horses, logic bombs, trap doors, nano machines nad microbes, electronic jamming和penetration exploits and tools.
Command and control (C2) warfare, intelligence-based warfare, electronic warfare, psychological warfare, hacker warfare, economic warfare, and cyberwarfare are the different types of information warfare.