Deliberate Threats to Information Systems

772views

written 4.7 years ago by

There are many types of deliberate threats to information systems. We provide a list of ten common types for your convenience.

Espionage or trespass
Information extortion
Sabotage or vandalism
Theft of equipment or information
Identity theft
Compromises to intellectual property
Software attacks
Alien software
Supervisory control and data acquisition (SCADA) attacks
Cyberterrorism and cyberwarfare

Espionage or Trespass

Espionage or trespass occurs when an unauthorized individual attempts to gain illegal access to organizational information. It is important to distinguish between competitive intelligence and industrial espionage. Competitive intelligence consists of legal information-gathering techniques, such as studying a company’s Web site and press releases, attending trade shows, and so on. In contrast, industrial espionage crosses the legal boundary.

Information Extortion

Information extortion occurs when an attacker either threatens to steal, or actually steals, information from a company. The perpetrator demands payment for not stealing the information, for returning stolen information, or for agreeing not to disclose the information.

Sabotage or Vandalism

Sabotage and vandalism are deliberate acts that involve defacing an organization’s Web site, possibly damaging the organization’s image and causing its customers to lose faith. One form of online vandalism is a hacktivist or cyberactivist operation. These are cases of high-tech civil disobedience to protest the operations, policies, or actions of an organization or government agency.

Theft of Equipment or Information

Computing devices and storage devices are becoming smaller yet more powerful with vastly increased storage. As a result, these devices are becoming easier to steal and easier for attackers to use to steal information.

One form of theft, known as dumpster diving, involves the practice of rummaging through commercial or residential trash to find information that has been discarded. Paper files, letters, memos, photographs, IDs, passwords, credit cards, and other forms of information can be found in dumpsters. Unfortunately, many people never consider that the sensitive items they throw in the trash may be recovered. Such information, when recovered, can be used for fraudulent purposes.

Identity Theft

Identity theft is the deliberate assumption of another person’s identity, usually to gain access to his or her financial information or to frame him or her for a crime. Techniques for illegally obtaining personal information include:

stealing mail or dumpster diving;
stealing personal information in computer databases;
infiltrating organizations that store large amounts of personal information;
impersonating a trusted organization in an electronic communication (phishing).

Recovering from identity theft is costly, time consuming, and difficult. Victims also report problems in obtaining credit and obtaining or holding a job, as well as adverse effects on insurance or credit rates. In addition, victims state that it is often difficult to remove negative information from their records, such as their credit reports.

Software Attacks

Software attacks have evolved from the early years of the computer era, when attackers used malicious software to infect as many computers worldwide as possible, to the profit-driven, Web-based attacks of today. Modern cyber criminals use sophisticated, blended malware attacks, typically via the Web, to make money.

Below table displays a variety of software attacks. These attacks are grouped into three categories: remote attacks requiring user action; remote attacks requiring no user action; and software attacks by programmers during the development of a system.

(1) Remote Attacks Requiring User Action

Types of Software Attacks	Description
Virus	Segment of computer code that performs malicious actions by attaching to another computer program.
Worm	Segment of computer code that performs malicious actions and will replicate, or spread, by itself (without requiring another computer program).
Phishing Attack	Phishing attacks use deception to acquire sensitive personal information by masquerading as official looking e-mails or instant messages.
Spear Phishing Attack	Phishing attacks target large groups of people. In spear phishing attacks, the perpetrators find out as much information about an individual as possible to improve their chances that phishing techniques will be able to obtain sensitive, personal information.

(2) Remote Attacks Needing No User Action

Types of Software Attacks	Description
Denial-of-Service Attack	Attacker sends so many information requests to a target computer system that the target cannot handle them successfully and typically crashes (ceases to function).
Distributed Denialof-Service Attack	An attacker first takes over many computers, typically by using malicious software. These computers are called zombies or bots. The attacker uses these bots-which form a botnet-to deliver a coordinated stream of information requests to a target computer, causing it to crash.

(3) Attacks by a Programmer Developing a System

Types of Software Attacks	Description
Trojan Horse	Software programs that hide in other computer programs and reveal their designed behavior only when they are activated.
Back Door	Typically a password, known only to the attacker, that allows him or her to access a computer system at will, without having to go through any security procedures (also called a trap door).
Logic Bomb	Segment of computer code that is embedded within an organization’s existing computer programs and is designed to activate and perform a destructive action at a certain time or date.

Supervisory Control and Data Acquisition (SCADA) Attacks

SCADA refers to a large-scale, distributed measurement and control system. SCADA systems are used to monitor or to control chemical, physical, and transport processes such as those used in oil refineries, water and sewage treatment plants, electrical generators, and nuclear power plants.

Essentially, SCADA systems provide a link between the physical world and the electronic world. SCADA systems consist of multiple sensors, a master computer, and communications infrastructure. The sensors connect to physical equipment. They read status data such as the open/ closed status of a switch or a valve, as well as measurements such as pressure, flow, voltage, and current. They control the equipment by sending signals to it, such as opening or closing a switch or a valve or setting the speed of a pump.

The sensors are connected in a network, and each sensor typically has an Internet address. If attackers gain access to the network, they can cause serious damage, such as disrupting the power grid over a large area or upsetting the operations of a large chemical or nuclear plant. Such actions could have catastrophic results, as described in IT’s About Business 4.3. Cyberterrorism and Cyberwarfare Cyberterrorism and cyberwarfare refer to malicious acts in which attackers use a target’s computer systems, particularly via the Internet, to cause physical, real-world harm or severe disruption, usually to carry out a political agenda. These actions range from gathering data to attacking critical infrastructure (e.g., via SCADA systems).

Cyberterrorism and Cyberwarfare

Cyberterrorism and cyberwarfare refer to malicious acts in which attackers use a target’s computer systems, particularly via the Internet, to cause physical, real-world harm or severe disruption, usually to carry out a political agenda. These actions range from gathering data to attacking critical infrastructure (e.g., via SCADA systems).

We treat the two types of attacks as synonymous here, even though cyberterrorism typically is carried out by individuals or groups, whereas cyberwarfare is carried out by nation states. The following Example examines cyber attacks perpetrated against Estonia and the Republic of Georgia, formerly parts of the Soviet Union.

ADD COMMENT EDIT