Which is the person who belongs to the said organization and launches security threat

Which is the person who belongs to the said organization and launches security threat

  • PDFView PDF

Which is the person who belongs to the said organization and launches security threat

Which is the person who belongs to the said organization and launches security threat

Highlights

A comprehensive overview of existing security vulnerabilities.

Critical analysis of the state-of-the-art mitigation techniques and their pros and cons.

Analysis of new cyber attack patterns in emerging technologies.

Potential future research directions in cyber security.

Abstract

The exponential growth of the Internet interconnections has led to a significant growth of cyber attack incidents often with disastrous and grievous consequences. Malware is the primary choice of weapon to carry out malicious intents in the cyberspace, either by exploitation into existing vulnerabilities or utilization of unique characteristics of emerging technologies. The development of more innovative and effective malware defense mechanisms has been regarded as an urgent requirement in the cybersecurity community. To assist in achieving this goal, we first present an overview of the most exploited vulnerabilities in existing hardware, software, and network layers. This is followed by critiques of existing state-of-the-art mitigation techniques as why they do or don't work. We then discuss new attack patterns in emerging technologies such as social media, cloud computing, smartphone technology, and critical infrastructure. Finally, we describe our speculative observations on future research directions.

Keywords

Cybersecurity

Malware

Emerging technology trends

Emerging cyber threats

Cyber attacks and countermeasures

Cited by (0)

Crown copyright © 2014 Published by Elsevier Inc. All rights reserved.

In addition to cybercrime, cyberattacks can also be associated with cyber warfare or cyberterrorism, like hacktivists. Motivations can vary, in other words. And in these motivations, there are three main categories: criminal, political and personal.

Criminally motivated attackers seek financial gain through money theft, data theft or business disruption. Likewise, the personally motivated, such as disgruntled current or former employees, will take money, data or a mere chance to disrupt a company's system. However, they primarily seek retribution. Socio-political motivated attackers seek attention for their causes. As a result, they make their attacks known to the public—also known as hacktivism.

Other cyberattack motivations include espionage, spying—to gain an unfair advantage over competitors—and intellectual challenge.

Discover the Cost of a Data Breach Report and explore ways to help mitigate risk

Who is behind cyberattacks?

Criminal organizations, state actors and private persons can launch cyberattacks against enterprises. One way to classify cyberattack risks is by outsider versus insider threats.

Outsider threats

External cyber threats include:

  • Organized criminals or criminal groups
  • Professional hackers, like state-sponsored actors
  • Amateur hackers, like hacktivists

Insider threats

Insider threats are users who have authorized and legitimate access to a company's assets and abuse them either deliberately or accidentally. They include:

  • Employees careless of security policies and procedures
  • Disgruntled current or former employees
  • Business partners, clients, contractors or suppliers with system access

Insider threats

What do cyberattackers target?

Cyberattacks happen because organizations, state actors or private persons want one or many things, like:

  • Business financial data
  • Clients lists
  • Customer financial data
  • Customer databases, including personally identifiable information (PII)
  • Email addresses and login credentials
  • Intellectual property, like trade secrets or product designs
  • IT infrastructure access
  • IT services, to accept financial payments
  • Sensitive personal data
  • US government departments and government agencies

What are common types of cyberattacks?

In the current, connected digital landscape, cybercriminals use sophisticated tools to launch cyberattacks against enterprises. Their attack targets include personal computers, computer networks, IT infrastructure and IT systems. And some common types of cyberattacks are:

Backdoor Trojan

A backdoor Trojan creates a backdoor vulnerability in the victim's system, allowing the attacker to gain remote, and almost total, control. Frequently used to link up a group of victims' computers into a botnet or zombie network, attackers can use the Trojan for other cybercrimes.

Cross-site scripting (XSS) attack

XSS attacks insert malicious code into a legitimate website or application script to get a user's information, often using third-party web resources. Attackers frequently use JavaScript for XSS attacks, but Microsoft VCScript, ActiveX and Adobe Flash can be used, too.

Denial-of-service (DoS)

DoS and Distributed denial-of-service (DDoS) attacks flood a system's resources, overwhelming them and preventing responses to service requests, which reduces the system's ability to perform. Often, this attack is a setup for another attack.

DNS tunneling

Cybercriminals use DNS tunneling, a transactional protocol, to exchange application data, like extract data silently or establish a communication channel with an unknown server, such as a command and control (C&C) exchange.

Malware

Malware is malicious software that can render infected systems inoperable. Most malware variants destroy data by deleting or wiping files critical to the operating system's ability to run.

Read the 2022 Threat Intelligence Index on Malware

Phishing

Phishing scams attempt to steal users' credentials or sensitive data like credit card numbers. In this case, scammers send users emails or text messages designed to look as though they're coming from a legitimate source, using fake hyperlinks.

Ransomware

Ransomware is sophisticated malware that takes advantage of system weaknesses, using strong encryption to hold data or system functionality hostage. Cybercriminals use ransomware to demand payment in exchange for releasing the system. A recent development with ransomware is the add-on of extortion tactics.

See the Threat Intelligence Index for more

SQL injection

Structured Query Language (SQL) injection attacks embed malicious code in vulnerable applications, yielding backend database query results and performing commands or similar actions that the user didn't request.

Zero-day exploit

Zero-day exploit attacks take advantage of unknown hardware and software weaknesses. These vulnerabilities can exist for days, months or years before developers learn about the flaws.


What can cyberattacks do?

If successful, cyberattacks can damage enterprises. They can cause valuable downtime, data loss or manipulation, and money loss through ransoms. Further, downtime can lead to major service interruptions and financial losses. For example:

  • DoS, DDoS and malware attacks can cause system or server crashes.
  • DNS tunneling and SQL injection attacks can alter, delete, insert or steal data into a system.
  • Phishing and zero-day exploit attacks allow attackers entry into a system to cause damage or steal valuable information.
  • Ransomware attacks can disable a system until the company pays the attacker a ransom.

As an illustration, DarkSide, a ransomware gang, attacked Colonial Pipeline, a large US refined products pipeline system, on April 29, 2021. Through a virtual private network (VPN) and a compromised password (link resides outside of ibm.com), this pipeline cyberattack gained entry into the company's networks and disrupted pipeline operations. In effect, DarkSide shut down the pipeline that carries 45% of the gas, diesel and jet fuel supplied to the US east coast. They soon followed their shutdown with a ransom note, demanding almost USD 5 million in Bitcoin cryptocurrency, which Colonial Pipeline's CEO paid (link resides outside of ibm.com).

After all, Colonial Pipeline hired a third-party cybersecurity firm and informed federal agencies and US law enforcement. USD 2.3 million of the ransom paid was recovered.

Read more: Shedding Light on the DarkSide Ransomware Attack Explore unified endpoint management solutions

How cyberattacks can be reduced

Organizations can reduce cyberattacks with an effective cybersecurity system. Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks, involving technology, people and processes. An effective cybersecurity system prevents, detects and reports cyberattacks using key cybersecurity technologies and best practices, including:

  • Identity and access management (IAM)
  • A comprehensive data security platform
  • Security information and event management (SIEM)
  • Offensive and defensive security services and threat intelligence

Prevent cyberattacks

A threat management strategy identifies and protects an organization's most important assets and resources, including physical security controls for developing and implementing appropriate safeguards and protecting critical infrastructure.

Detect cyberattacks

The threat management system provides measures that alert an organization to cyberattacks through continuous security monitoring and early detection processes.

Report cyberattacks

This process involves ensuring an appropriate response to cyberattacks and other cybersecurity events. Categories include response planning, communications, analysis, mitigation and improvements.


Why is cybersecurity important?

Cybercrime can disrupt and damage enterprise business. In 2021, for example, the average cost of a data breach was USD 4.24 million globally and USD 9.05 million in the United States. These costs include discovering and responding to the violation, the cost of downtime and lost revenue, and the long-term reputational damage to a business and its brand. And in the case of compromised PII, it can lead to a loss of customer trust, regulatory fines, and even legal action.

Read more: "What is cybersecurity?"

Cybersecurity solutions

Transform your security program with the largest enterprise security provider.

Threat management services

Get an intelligent, integrated unified threat management approach to help you detect advanced threats, quickly respond with accuracy, and recover from disruptions.

Data security solutions

Whether on-premises or in hybrid cloud environments, data security solutions help you gain greater visibility and insights to investigate and remediate threats while enforcing real-time controls and compliance.

Security information and event management (SIEM)

SIEM solutions centralize visibility to detect, investigate and respond to your most critical organization-wide cybersecurity threats.

Zero trust solutions

A zero trust approach aims to wrap security around every user, every device, every connection, every time.

IBM Cloud Pak® for Security

Gain insights into threats and risks and respond faster with automation. Explore the integrated security platform.

Flash storage solutions

Simplify data and infrastructure management with the unified IBM FlashSystem® platform family, which streamlines administration and operational complexity across on-premises, hybrid cloud, virtualized and containerized environments.

Endpoint security

The rise in remote work trends and interconnectivity of endpoints comes with its own set of cybersecurity challenges. To combat these, there is a need for a modern, AI-driven endpoint response and detection tool that can proactively block and isolate malware and ransomware threats and propel endpoint security into a zero-trust world.

Resources

Who is responsible for cybersecurity in an organization?

Although the CIO, or CISO, still carries primary responsibility for cybersecurity in 85% of organisations (1), it is the entire organisation and everyone working in the business who holds the secondary responsibility for it. Cyberattacks can be targeted at anyone in the business.

What is a security threat to an organization?

A security threat is a malicious act that aims to corrupt or steal data or disrupt an organization's systems or the entire organization. A security event refers to an occurrence during which company data or its network may have been exposed.

Who in your organization has the potential as an insider threat?

An insider threat is any employee, vendor, executive, contractor, or other person who works directly with an organization. A malicious insider is one that misuses data for the purpose of harming the organization intentionally.

What are they called the individuals who launch attacks against others users and their computers?

People who carry out cyber attacks are generally regarded as cybercriminals. Often referred to as bad actors, threat actors and hackers, they include individuals who act alone, drawing on their computer skills to design and execute malicious attacks.