Security Threats and Attack Vectors
In this post we will learn about why cyber attacks happen, what are hackers’ motives, classifications of threats and the different attack vectors.
Why Cyber Attacks Happen?
Generally speaking, the more valuable information is, the higher the threats and chances for an attack.
Let’s begin with the definitions:
-
Security threat refers to anything that has a potential of causing damage to a system. Whether they do or do not happen is not as important as the fact that they have a big potential of leading to an attack on the system or network. Therefore, security threats are not to be taken lightly.
-
Security attack (cyber-attack) - refers to an attempt to gain unauthorized access to a system or network.
Motives Behind Cyber Attacks
Accessing valuable information is usually the reason why a hacker would perform an attack.
Depending on what hackers want to do, motives can be different, but generally the core of every motive is access to valuable information.
So, we can conclude that a motive comes from the thought that a system has valuable information stored and as such is a potential target for an attack.
Purpose of An Attack on a System
This depends on the hacker as an individual. Every hacker has their own beliefs, motives, and skills. However, some of the most common motives behind cyber-attacks are:
- Interrupting the flow of business activities and processes
- Stealing valuable information
- Data manipulation
- Stealing money and important financial information
- Revenge
- Ransom
Once the attacker has their motive, they can proceed with finding the right tools and method to exploit the vulnerabilities of the target system and then execute their attack. This can be represented as follows:
Attack Vectors
How do hackers gain access to systems and networks?
Means by which hackers deliver a payload to systems and networks are called attack vectors.
Hackers use different attack vectors to gain access to systems and networks.
Cloud Computing Threats
Cloud computing refers to the delivery of on-demand resources over the internet in which users pay for what and how much they use the resources.
Users use clouds to store their information including sensitive information, which is especially the case with companies.
Despite many advantages the cloud computing brings on the table, there are certain drawbacks to using cloud computing, especially when security is in question.
Some of the cloud computing threats include:
- Stealing information from other cloud users refers to internal threats where employees with bad intentions copy information onto a storage device
- Data loss refers to deleting data stored on the cloud through viruses and malware.
- Attack on sensitive information refers to hackers breaking into clouds and stealing information about other users. Such information usually include credit card numbers and other financial data.
Advanced Persistent Threats
This type of attack refers to stealing information without the target being aware of the attack.
The goal of this attack is to steal as much information as possible as well as stay undetected for as long as possible.
Usually, victims of this attack are governments and big companies.
Viruses and Worms
Virus is a type of malicious software designed to replicate itself to other programs and documents on the infected machine.
Viruses spread to other computers with the transfer of the infected files or programs.
Worm is also a type of malware and, just as a virus, it replicates itself to programs and documents on the victim machine.
The difference is that worms do not need help in spreading to other computers. Instead, worms are designed to exploit vulnerabilities on the victim machines and then spread to other computers as the infected files are transferred. They use network connections to spread further.
Viruses and worms have capabilities to infect systems and networks in a matter of seconds.
Ransomware
Ransomware is a type of malware in which hackers restrict access to files and folders on the target system until a payment is made.
Victims are usually required to pay a certain sum of money in order to be able to access their files.
Mobile Threats
This type of attack takes advantage of the lack of security control in smartphones, which are being increasingly used for both private and business matters.
Through malware applications delivered to targets’ smartphones, attackers can track their targets and their activities.
Botnets
Bots are malicious programs used by hackers to control the infected machines.
Hackers use bots to perform malicious activities from the machines on which bots run.
Once the machine is infected, hackers can use that bot to control the computer and perform attacks on other computers.
Hackers usually use bots to infect multiple machines, creating a botnet which then they can use for distributed denial of service attacks.
Insider attacks
This type of attack is performed by a person from within the organization who has authorized access.
Phishing
This type of attack refers to hackers using deceptive emails to gather personal or account information.
Hackers use emails to distribute malicious links in an attempt to steal personal information.
Web Application Threats
This type of attack takes advantage of poorly written code and lack of proper validation on input and output data.
Some of these attacks include SQL injection and cross-site scripting.
IoT Threats
This type of attack takes advantage of the lack of security mechanisms in IoT devices due to different hardware constraints.
Because such devices are connected to the Internet with little to no security measures implemented, IoT devices are vulnerable and susceptible to attacks.
Classification of Threats
Threats can be classified into three categories:
- Network threats
- Host threats
- Application threats
Network Threats
Network is a set of computers and hardware devices connected by communication channels.
These communication channels enable computers and other hardware devices to communicate and exchange information.
Information travels through the communication channel that connects two systems, and during that exchange of information a hacker can break into the channel and steal the information that is being exchanged.
Network threats include:
- Denial of Service attacks
- Password-based attacks
- Compromised-key attacks
- Firewall and IDS attacks
- DNS and ARP poisoning
- Man in the middle attack
- Spoofing
- Session hijacking
- Information gathering
- Sniffing
Host threats
Host threat refers to the attack on a specific system in an attempt to gain access to the information that resides on the system.
Host threats include:
- Password attacks
- Unauthorized access
- Profiling
- Malware attacks
- Footprinting
- Denial of Service attacks
- Arbitrary code execution
- Privilege escalation
- Backdoor attacks
- Physical security threats
Application threats
Application threat refers to the exploit of vulnerabilities that are present in the application due to the lack of proper security measures in the application.
Application threats are:
- SQL injection
- Cross-site scripting
- Session hijacking
- Identity spoofing
- Improper input validation
- Security misconfiguration
- Information disclosure
- Hidden-field manipulation
- Broken session management
- Cryptography attacks
- Buffer overflow issue
- Phishing
Classification of Attacks
Hackers have many different ways of attacking a system, and all of them depend on one thing and that is the vulnerability of the system. So, for an attack to be performed, it is necessary to find a vulnerability that can be exploited.
Attacks can be categorized into four categories:
- Operating System Attacks
- Misconfiguration Attacks
- Application-level Attacks
- Shrink-wrap Code Attacks
Operating System Attacks
Operating systems have always been appealing to attackers who have always tried to discover and exploit OS vulnerabilities in order to gain access to a target system or network.
With the growing number of features as well as the system complexity, operating systems nowadays are a subject to vulnerabilities and as such interesting to hackers.
Because of the complexity of the system and networks, it is challenging to protect systems from future attacks. Hot fixes and patches could be applied, but at that point in time it is usually either too late or only one problem is solved.
Therefore, protecting the system from OS attacks requires regular monitoring of the network as well as being informed about the latest trends in this area of knowledge and expertise.
Following are some of the operating system vulnerabilities and attacks:
- Bugs
- Buffer overflow
- Unpatched Operating Systems
- Exploit of the implementation of a specific network protocol
- Attack on authentication systems
- Cracking passwords
- Breaking filesystem security
Misconfiguration Attacks
Misconfiguration attack happens when a hacker gains access to the system that has poorly configured security.
This attack allows hackers to access the system and its files, and perform malicious actions. Such vulnerabilities have an effect on networks, databases, web servers, etc.
Application-level Attacks
With the ever-increasing number of requested features and tight deadlines, applications nowadays are prone to vulnerabilities due to the developers’ inability to properly and thoroughly test the code.
As the number of features and functionalities grows, so do the opportunities for vulnerabilities.
Hackers use different tools and techniques in order to discover and exploit these vulnerabilities and thus gain access to the application information.
Some of the most common application-level attacks include:
- Sensitive information disclosure
- Buffer overflow attack
- SQL injection
- Cross-site scripting
- Session hijacking
- Denial of Service
- Man in the middle
- Phishing
Shrink-wrap Code Attacks
To spend as little time and money as possible on developing new software, programmers regularly utilize free libraries and code authorized from different sources.
Because they don’t change the libraries and code they used, a substantial amount of the program code remains the same.
If a hacker manages to find vulnerabilities in that code, then that would cause a great deal of problems.
So, it is advised to always check the code and if possible tweak it a bit.
Modern Age Information Warfare
Information warfare involves the use and management of information and communication technologies in order to gain the advantage over the competitors.
Weapons used in information warfare include various tools and methods such as viruses, trojan horses, and penetration exploits.
Information warfare can be classified into several categories:
- Command and control warfare
- Intelligence-based warfare
- Electronic warfare
- Psychological warfare
- Hacker warfare
- Economic warfare
- Cyber warfare
Each of these categories consists of offensive and defensive strategies:
- Offensive strategies refer to the attacks on the opponent
- Defensive strategies refer to the actions taken against the attacks