Types of threats and Cybersecurity

Cybersecurity

Cybersecurity refers to the processes, technologies, and human practices that are purposefully designed to protect computers, networks, data, and programs against unauthorized access, interruption, malicious attacks, or damage to the software, hardware, or information contained within them. According to Bernik (2014), it was designed in response to rising cyber risks and extensive system damage caused by cybercrime. It began with competitor businesses focusing on sensitive data, financial performance, trade secrets, operational strategies, and important supply chain nodes. The introduction of cloud computing and its associated security concerns has heightened the demand for more stringent cybersecurity measures (Hile, 2010). This refers to diverse types of harmful software such as ransomware and viruses (Bernik, 2014). Once the malware gains access to a computer or a system, it is capable of wreaking many sorts of havoc such as taking illegal control of the system, monitoring keystrokes and actions of the rightful users, send away confidential data from the system secretly, or stalling some of the vital components of the system (Hile, 2010).

Phishing

This involves the attackers of the system pretending to be someone else connected to the system, organization or current authorized users (Sood & Enbody, 2014). Phishing mostly relies on human impulses and curiosity to gain access to a system. In a phishing attack, a malicious email can be sent to a point within the system that appears urgent and legitimate and if it is opened, it has hidden malware that spies on the system, attack it or tries to control it. In some incidences, it can involve a person physically impersonating to be a different person connected to the company such as regular trading partners and gains physical access to the organization's systems (Loukas, 2015). Phishing is commonly used in espionage attempts.

SQL injection threat

This happens when one of the known SQL vulnerabilities are exploited by attackers to make the SQL server run various malicious codes. Hile (2010) argued that these codes can force the server to give away confidential information that it would not have divulged if working normally. It can include usernames, login patterns, passwords and other algorithms.

Denial of service attack

According to Sood and Enbody (2014), this threat comes from attackers overload the server of a website or network with malicious traffic to essentially make it break down and deny users the services from that website. It can be done by rivals who want to make a company's system to shut down so as to divert customers into their systems.

Man-in-the-middle attack

When logged in to a network, a person's computer and the respective website server are assigned unique sessions ID to enable them to communicate privately to other computers on the internet. A cyber attacker hijacks the session by stealing the session ID and the pose a genuine computer trying to make a request. According to Loukas (2015), this allows the attacker to log in and gain access to unauthorized data on the website's server. The attacker can do this using cross-site scripting that allows them to hijack sessions and steal their IDs.

Actors, targets, methods, and impacts of cyber attacks

The perpetrators of cybercrimes are many ranging from individual geeks to organized groups with different motives. Some may act in good faith such as intelligence and law enforcement agencies while others have ulterior motives. Reasons for the cybercrimes include personal gratification, profit-making, fraud, espionage, terrorism, religious fulfillment, crime prevention, intelligence gathering, and economic sabotage among others.

Table A1: Common actors, their targets, techniques used and the overall impact of the cyber attacks

Actor(s)

Targets

Methods

Impacts

State-sponsored agencies.

These are government-coordinated attacks either using state machinery or a commissioned agencies

Private organizations, other governments, systems of terrorist group

Social engineering such as phishing. Network intrusion through SQL injection and man-in-the-middle attacks. Espionage using signals intelligence operations (SIGINT) and operation Flatliquid (Shimonski, 2015)

Corporate and state data is stolen or leaked including military technology and information, state secret documents, photos, and financial information. Loss of SSL keys and leakage of personal communication activities and log in details (Chawki et al., 2015). Breakdown of international relations and diplomatic ties in case the attack is discovered such as the Russian alleged meddling in the 2016 US presidential elections. When done in as a corrective action it prevents fraud, restore intellectual property rights and recover stolen data.

Hacktivists.

Group of hackers who attacks systems to cause attention or stop the support of a given cause such as a political process. Examples include Anonymous, Syrian Electronic Army (SEA), and Lulzsec_root

Servers, DNS accounts and email accounts of government systems, civil societies, politicians, and political parties

Malware such as viruses and Trojans. DDoS, doxxing, and software vulnerability exploits such as AIS protocol vulnerabilities, touch ID vulnerability and CVE-2013-3613.

Recruitment and coordination of individuals into volatile political groups that may cause political instability (Ghosh, 2013). Small political issues are magnified, spreads malicious propaganda, hijacking existing opposition movements and the conversion of amorphous discontent into national political crises. If persistent may lead to economic down warping as tech-firms exit the market due to the cyber-activism that may target they systems and reputation.

Cyber terrorists. These are extremist groups that attack computer systems to cause panic and alarm with political or ideological goals. Examples include Al-Qaeda, Daesh, Hezbollah, and Alshabaab (Ghosh, 2013)

Financial accounts, cloud accounts, POS, and other sensitive information from governments, state corporations, multinationals, security apparatus, individuals and financial institutions

Malware, sniffers, social engineering, Advanced Persistent Threats (APTs), intellectual property theft, data manipulation using SQL injection attacks, and malvertising.

Radicalization and recruitment of innocent citizens into terror and extremist groups. Political instability and citizens lose trust in their government. Heightened fear and insecurity through the impression created by the propaganda spread by the cyber terrorists. Financial loss due to stolen confidential data that is manipulated to siphon money away from institutions.

Organized crime. This involves a group of cybercriminals who engage in hacking to make a profit. The attack is normally intended to extort money from the targets or steal information for sale. Examples include data thieves, manufacturers of ransomware, and piracy masters

Financial organizations, state corporations, communication networks, healthcare, entertainment industry, software manufacturing companies, and other technology-based companies

Malware, worms, software vulnerability exploits, phishing, session hijacks using man-in-the-middle attacks and doxxing (Chawki et al., 2015)

Loss of corporate data and personal information which may lead to huge financial losses. Stolen SSL keys and file transfer protocol credentials, bank account information, and contact information may lead to customers losing trust. The huge ransom fees demanded are added costs to companies and governments which were not budgeted for (Ghosh, 2013). Increased repair and prevention costs such as building firewalls and repair of damaged systems. Vandalism to systems and increased fraud through coordinated hacking.

Authority and law enforcers.

This includes any group that engages in cyber-attacks in order to enforce the law (Shimonski, 2015). Examples include the police, INTERPOL, FBI, MOSSAD, and Scotland Yard

Terrorist networks, private enterprises, public corporations, individual computers, drug cartels, foreign companies, business cartels among others

Signals intelligence operations (SIGINT) and operation Flatliquid (Bernik, 2014). Wiretapping and social engineering. Network intrusion using SQL injection and session hijacks. software vulnerability exploits such as AIS protocol vulnerabilities and touch ID vulnerability

Interception of signals and communication lines by the law enforcement agencies leads to privacy intrusion and eavesdropping may include other matters outside the ones under investigation. Deterrence of fraud and espionage thereby making the internet safe (Shimonski, 2015). Eradication of sefnit botnet and patching of software vulnerabilities through increased regulatory compliance for Cybersecurity.

Conclusion

With the advent of the internet and computers, security of their usage has also been facing challenges as malicious individuals have been trying to gain unauthorized access to a system and cause harm. Consequently, cybersecurity is an important aspect of information technology and computer engineering because millions of dollars have been lost through cybercrimes. Some attacks have been perpetrated for ideological fundamentalism in an attempt to promote terrorism and extreme activism leading to fear and political instability. State-sponsored attacks such as espionage have eroded diplomatic ties and led to cold wars. It is important for cybersecurity to be constantly evolving because the hackers are also evolving and becoming more innovative every day. It is encouraging to note that virtually no country in the world that has not instituted cybersecurity policies with some cutting across borders. However, there is a need for universal policies and regulatory guidelines to guide cybersecurity and give standard consequences for cybercrimes.

References

Bernik, I. (2014). Cybercrime. Cybercrime and Cyberwarfare, 1-56. doi:10.1002/9781118898604.ch1

Chawki, M., Darwish, A., Khan, M. A., & Tyagi, S. (2015). Cybercrime: Introduction, Motivation, and Methods. Studies in Computational Intelligence, 3-23. doi:10.1007/978-3-319-15150-2_1

Ghosh, P. (2013). Cyber Attacks in the Post 9/11 Era: Perspectives on the Non-State Actors and Transnational Armed Conflicts. SSRN Electronic Journal. doi:10.2139/ssrn.2266712

Hile, K. (2010). Cybercrime. Farmington Hills, MI: Lucent Books.

Loukas, G. (2015). Cyber-Physical Attacks on Industrial Control Systems. Cyber-Physical Attacks, 105-144. doi:10.1016/b978-0-12-801290-1.00004-7

Shimonski, R. (2015). Cyber reconnaissance surveillance and defense. Waltham, MA: Syngress.

Sood, A. K., & Enbody, R. (2014). Why Are Targeted Cyber Attacks Easy to Conduct? Targeted Cyber Attacks, 2(1), 113-122. doi:10.1016/b978-0-12-800604-7.00007-3

Sutton, D. (2017). Cyber Security: A practitioner's guide. Swindon: BCS Learning & Development Limited.