Current Cyber Attacks And Countermeasures Information Technology Essay
As technology progress and capabilities of information warfare have developed significantly in recent years, the probability of cyber attacks have increased as well. Computer-network attacks mainly known as cyber attacks can destroy adversary data, computer systems, and networks, and can have a major effect on an adversary’s ability to wage war (Bayles, 2001).
In the cyber arena, the situation is, in some ways, worse than simply paying too little heed to a potential new threat until it manifests itself. Threats in the cyber arena have manifested themselves. We are reminded constantly of our vulnerabilities to the threat, yet we still are not doing enough. Every hour of every day, some individual or group is writing or disseminating a new disruptive virus or worm or is breaking into a computer network or to harm a network by some other means (Vatis, 2004). It is usually said that it is very productive and simple to bring computer in our systems and to increase its usage but at the same time it is significantly difficult and far more expensive to develop technologies to make it secure mainly because of the internet, a network which is used to share information rather than hiding it. Most cyber attackers are attracted to high value targets such as networks, servers, or routers, whose disruption could yield financial
or political consequences (Vatis 2001).
Types of cyber Attacks:
According to (Arnold and Pangi, 2003) Main objective of the cyber attacker is to steal, destroy, remove or change information or to block the functionality of the system which they want to target. We can divide these attacks typically into three main categories,
Unauthorized Intrusion or Hacking
Destructive Viruses or Worms
Denial of Service attacks (DoS)
Unauthorized Intrusion or Hacking:
Unauthorized attacks are attacks in which attacker get access in to the system by the means of different hacking or cracking techniques. This type of activity will be performed by some outsider who wants to have access of the system in order to use it for some negative purpose.
Second type of threat is from an insider who illegally wants to access the system which he or she is not authorized to in order to do harm the network or system. We can divide hacking further in to three more categories, system can be shut down by hacker after regular interval but this kind of hacking activity easily recognized by the administrator and can be easily fixed. Sometimes there are defacements which change the information on the computer system, this type of activity is also easily traceable as sometimes hackers place a note like you have been hacked ……etc. Defacements are potentially more disruptive as they subtly change figures or alter information. Another common type of defacement is website defacement. Hackers regularly deface information on organizations or government websites in order to ridicule the entity that sponsors the site or to put hackers own message. Most of them are just nuisance not a serious threat. Semantic hacking is one form of defacement which is potentially more harmful as it changes the content of a web page deviously so that the change could not be obvious which results in the dissemination of the false information. An example of possible semantic attack with significant impact would be change in the website of disease control and prevention system which could have a disastrous effect on research and analyses or treatment of the disease. Thirdly the possible threat is of Trojan horse programmes. These are the silent operations and aim to pass undetected by virus scanners. They get the information from the system and send it to the hacker. (*, 2007)
Destructive Viruses or Worms:
These types of attack usually spread through emails or some other source of data transfer between computer to computer and can cause the loss of functionality of parts of the network.
Worm and viruses are malicious computer program example of famous virus is love mail which use to shut down the system and another example of this kind of virus is I love you email as soon as attachment is opened it start sending copies of the same email to all address in users address book.
Denial of Service attacks (DoS)
Denial of service attack is a sort of attack in which hacker bombard the system with number of messages with such a frequency that system cannot able to process anything else. It overload the computer system which results in effecting the functionality of the system.
Distributed denial of service (DDoS) attacks is another useful mean of putting computers off network for some time. In Distributed Denial of service attacks hacker bombard the web and email server from great number of messages, by receiving such a high numbers of fake messages system functionality becomes slow or sometime system get crashed. Hackers can easily increase the effect of their distributed denial of service (DDoS) attacks by using malicious codes to get control of other systems and using these Zombie machines to send more messages on to the servers(Arnold and Pangi, 2003).
Domain Name server (DNS) Attack:
According to (Arnold and Pangi, 2003) Communication between two computers on the internet is done by using internet protocol address of computers. To map the name of the website computer consult domain name servers and if DNS give wrong numerical address than user will connect to a wrong server without any information that he is on wrong server. This sort of attacks will be useful in spreading incorrect information and to divert a customer of e-commerce site from the original site or sometime block access. DNS is hierarchal there for the cascading effect on remote servers would result in traffic to selected site to be redirected or loss. (Cortes, 2004)
Compound attacks:
As the word compound itself describes these attacks are the combinations of 2 or 3 different attacks simultaneously. Purpose of these attacks is to increase the destructiveness of some sort of physical attack with the help of coordinated cyber attacks e.g. terrorist might place some boom in densely populated area at the same time with the help of cyber attacker they disable the communication setup of emergency services like ambulance, fire, police to impede there response. (Arnold and Pangi, 2003)
Routing Vulnerabilities:
Router controls all the traffic on the internet that is there they make it sure that the information in the form of packets, get from the source to destination. In general router is not a primary threat for disruption, but if the routing operation is not well diversified than it can lead to a massive routing attack. So it now a primary concern for the router manufactures to follow standards and regulation for maintaining the security on routers. (Cortes, 2004)
Sources of Attacks:
Cyber attacks can be launched from different sources depending upon their motives and the target they want to attack, generally we can group them in three categories terrorist groups, targeted nation-states and thrill seekers.
Terrorist Groups
Terrorist activities are the great threat for the whole world. Terrorist are not only targeting the physical infrastructure of the countries but now they are targeting the IT infrastructure as well. i.e. hacking the government websites and causing serious damage to vulnerable information (Cortes, 2004).
Targeted Nation-States
Most of the countries which don’t have the friendly relation with one of the some countries use cyber attacks to sabotage the IT infrastructure of their potential enemy in order to safe guard their own national interests. e.g. India and Pakistan both are trying to attack government an defense resources in order to harm each other. Similarly China, America and Russia try to initiate attacks on each other national infrastructure primarily security network (Cortes, 2004).
Thrill Seekers
These sorts of attacker are not attacking the network for specific purpose rather they do it for fun and check their ability to break the secured networks. Because of the advancement in technology probability of these attacks are high (Cortes, 2004).
Countering Cyber Attacks:
Due to technology advancement and use of IT in almost every field of life and day by day increasing cyber attacks it is mandatory to counter all this cyber attacks and to secure the IT infrastructure as much as possible. Although countering these cyber attacks is not an easy job rather much complex and consist of several layer of defense. It take time to develop a mature program. The ratio of threat is changing day by day probability of risk is increasing and organizations should change their approach towards information security and take it as a primary concern.
Establish threat intelligence gathering
Capability
Threat monitoring
Risk analysis
Security strategy validation
Minimize delivery of malware
Security awareness enhancements
Continuous controls update
Website protection
Threat monitoring
Application security testing
Prevent execution of malware
Application whitelisting
Least access privileges
Network restrictions/segmenting
Identity and access management
Protect the data
Protect the data/data loss prevention
Detect and respond
Host and network anomaly detection
Incident response program
Forensics
Source: insight of IT risk 2010
Established threat gathering capabilities:
In order to understand the continuously changing threat landscape organization should develop an intelligence gathering capabilities to supervise and plan strategic and tactical responses to threats. This team should consist of qualified professionals who can keep an eye on the current threats and interpret how the organization can be effected by these potential threats and what necessary steps should be taken to modify the organizational security controls and overall security strategy. The prime objective of this time is to monitor the threat level than analyze it that how it can effect their organization and than to develop a strategy (Ernst & Young’s, 2010).
Minimize delivery of malware:
By strictly implementing the traditional security measures in the organization the threat of malware can be greatly reduced below mentioned are the ways how we can reduce the threat level.
Social engineering:
It is one of the most common methods of reducing the threat or malware environment. There are number of ways by which this threat can be introduce like phishing or dropping USB in organization premises and hoping some one will use this USB in company computer, resulting employees unintentionally perform a harmful action. Regardless of implementing the entire advance technical controls human factor will remain the weakest link in spreading malware. So the solution of this problem is to aware the employees as much possible against these threats so that the employees protect them self to unintentionally become a source for spreading these malware. Research shows that companies are not doing well in promoting awareness to their employees. The organization should conduct the information security programmes on regular intervals. So that there effectiveness will be increase (Ernst & Young’s, 2010).
Security awareness:
Mean to educate the employee about the common threats which are used by the cyber attackers. This awareness can be increase by including security awareness programs in the companies overall defense in depth strategy. These programs should include education about new threats different examples how employees contribute to the success of the attack and lesson learned what means are used by cyber attacker using social media etc. to target organizational networks and than take the feedback from the employees (Ernst & Young’s, 2010).
Malicious software:
Another way which can reduce the threat of cyber attack is a use of registered software’s on all user computers. Corrupted or pirated software’s are also the main source of introducing malware in the network.
Phishing and DNS redirection:
Threat can be introduced in the company network by redirecting the DNS to a malware site while preventing the user from visiting the hack or fraudent site to begin with would be preferred but it would not happen most of the time. So it is preferred to block the sites but it is infective to block the sites on domain name bases because they can easily be change. So it is more effective to block the sites by IP address. Install the tools which can tell the users when they visit the site whether the site is safe or unsafe the network. At the end decision is again in the employee’s hand, so awareness to employees is really very important (Ernst & Young’s, 2010).
Protect the data:
Data is the most important aspect in information system because at the end it all about the data. By implementing the Data Loss Prevention DLP solution can help stop malware collecting the sensitive data and from sanding data back to attacker home network. On the basis of predefined policies host based DLP can be implemented in order to control the information which user has access. In order to keep the check on the flow of data on the network, network DLP can be use which keep the record which data is going in and out of the network and block the specific data to going out of the network ( Ernst & Young’s, 2010).
Conclusion:
After considering all the factors in mind which we have discussed above we came to conclusion that As technological advancement reaching at its peak, at the same time Cyber crime is also increasing day by day but different organization and agencies are working to overcome all such crimes. As cyber crime become a global issue so globally Governments are putting all their resources against these crimes by imposing legislation against these activities and most of the country have consensus to help each other against cyber attacks. Software companies are developing most sensitive tools and controls in order to protect organizational or government assets from these threats. The most important thing is to implement all those advance controls along with conventional security measures to safe guard all sort of assets from cyber attack.
Order Now