CYBER THREAT

Author – Mohanapriya R

Introduction:

A Cybersecurity threat is a vicious attack made by an individual or an organization to acquire unauthorized access to other individuals or an organization to damage or steal their sensitive data, intellectual property, computer network, etc. The cyber threat emanates within an organization of trusted users or from remote locations by unknown persons. Cyber threats can be launched with ulterior motives or some attackers exterminate the systems and data as a form of ‘hacktivism’. The commission of cybercrime is increasingbecause people are satisfied with unguarded business systems. Many cyber threats are serious, and some are potentially threatening human life.

Types of Cyber Threat:

These Cyber threats are not static, most of the threats follow the standard structure and are becoming more potent [1]. Following are the types of cyber threat:

Malware – Software that performs a malicious task on the target device or network, which corrupts the data. It is described as any file that is to harm or disrupt the computer, which automatically gets installed in the systemwhen the user clicks the links or emails. Malware can block access to critical components, damage and steal the data and acquireconfidential information.

Malware also includes:

Botnet Software – A botnet is a network of devices, that has been infected with malicious software like viruses, which infects a large number of internet-connected devices, without the owner’s knowledge intended to increase the magnitude of the attack. It is difficult to detect, even when the botnet is running. Attackers can control botnet as a group and it is used to affect the system in a distributed denial-of-service attack (DDoS) attack.

RATs – Remote Access Trojans install backdoors on the targeted device and give access to the remote/ administrative control to the attackers.

Spyware – It is used to fraudulently monitor a system’s activity and gathers the personal information of the user.

Trojan – It impersonates itself as legitimate software but performs malicious activity when executed by the attacker.

Viruses and worm – Virus is a piece of code that is installed without the knowledge of the user, it can replicate and spread to other computers. Worms are like viruses, they self-replicate and do not need to attach themselves to another program.

Rootkits and Bootkits – Rootkits tend to comprise many malicious payloads like RATs and viruses, allowing attackers remote access to the targeted device[2]. Bootkit is a type of Rootkit, which can infect start-up code. Start-up code is software that loads before operating the system.

Phishing– Phishers send virulent emails which contend to come from reputable resources, when the user clicks the hyperlink in the email, automatically the malware gets installed and it leads to the disclosure of confidential information, credit card details, login information, and hacking sensitive data. It is not easy to distinguish from genuine emails, which causes financial losses and damages to the organization.

Spear Phishing – Cybercriminals target only privileged users like system administrators and C-suite executives. It is a form of phishing, where the attacker attains knowledge about the victim and impersonates someone whom he/ she trusts.

Man in the Middle Attack –This attack takes place when the cyber cracker stays between the two-party communication like sender and recipient of emails, who believes they are communicating with each other directly. When the attacker interrupts, they may filter and steal the sensitive data and return different responses to the parties. This is used in the military to confuse the enemies. Two common points of entry are on unsecured public Wi-Fi, the attackers position themselves between the visitor’s device and the network, without knowing this, the visitor passes all the information through the attacker and the other entry is when the malware is installed in the targeted device, the hacker installs software to collect all the information of the victim.

Denial of Service Attack -Its aims at flooding networks with massive traffic, where the system is unable to fulfilllegitimate requests. They can use several infected systemsto launch an attack on the system by causing it to crash from an overload of demand.

SQL Injection – Structure Query Language Injection attack happens when the hackerinserts malicious code into the server and gets access to the database by uploading the SQL scripts. When it is successful, the hacker can viewor delete the data stored in the SQL database.

Zero-Day Exploit – A flaw in hardware or software vulnerability is announced, unknown to the parties responsible for patching the flaws. The hackers exploit the vulnerability before a patch or solution is implemented.

Advanced Persistent Threat – The attacker attains unauthorized access to the system and stays undetected for an extended period.

A ransomware attack – This type of malware encrypts a victim’s confidential information the attacker threatens to publish or block access to the data and demands payment in return. Paying the ransom doesn’t guarantee that the victim will be able to recover the encrypted data.

Domain Name System Attack – It is a cyberattack, where cybercriminals exploit the vulnerabilities in DNS. The hackers influence the DNS vulnerabilities to divert site viewers to malicious pages and remove or steal data from compromised systems. It is used as a command, control call-backs from the attacker’s system too compromised system.

Sources of cyber threat:

Cyber threats come from numerous threat attackers[3]. It includes:

1. A criminal organization with many employees develops attack vectors and executes the attacks. They use phishing, spam, spyware, malware to commit online fraud, identity theft, etc.

2. Individuals by using their software tools, create the attack vectors.

3. National states – trying to know other countries’ national secrets, espionage, disruption of key infrastructure, and military activities.

4. Hackersare motivated by personal or financial gains, revenge, stalking, orpolitical activism. They explore and develop various cyber techniques to breach and exploit the network and for the thrill of challenges in their community. They take advantage of zero-day exploitsto acquire unauthorized access to the system.

5. Terrorist Groups mainly attack to destroy, infiltrate the critical infrastructure to threaten national security, disrupt the economy, and cause mass casualties.

6. Hacktivists target industries, organizations thatdo not coordinate with political ideas. They aim to spread propaganda in support of political causes rather than damaging infrastructure and financial gains.

7. Disgruntled insiders are employees or third-party vendors, who have legitimate access to the assets, but misuse that access to destroy for personal or financial gain. They install the malware in the system and download all the necessary contents and share it online, which leads todata breaches.

8. Corporate Spies are interested in profit-oriented activities, conducting industrial espionage and stealing trade secrets, and attacking the key infrastructure.

Ways to Protect from Cyber Threats:

Cyber threats are not under the direct control of the IT security team. Attack vectors are increasing because of global connections, large usage of cloud services[4]. Following are the ways to protect against the cyber threat:

1. The IT security team gets the approval of top management and creates an insider threat program, which is vital for all the organization for preventing the employees from misusing their access to steal or destroy the data.

2. The organization must conduct a cybersecurity awareness program and train the employees on identifying the cyber threats, which improves the organization’s security posture and cyber resilience.

3. Every organization must create an effective Cyber Security Incident Response Plan (CSIRP) to recognize the threat. It responds to emerging threats and quickly recovers from that attack.

4. Need to update the security system and software regularly. Backing up data regularly reduces the risk of cyber threats.

5. All organizations must conduct phishing simulations educating employees for avoiding malicious links. Organizations should encrypt and secure their websites with a Secure Sockets Layer certificate. It protects the integrity and confidentiality of data.

6. Installs firewalls, maintain passwords and employees personal account and wi-fi security.

7. The organization must be updated with the evolving compliance regulations related to industry and geographical location to leverage its benefits.

Conclusion:

To prevent these cyber threats, the organization must refine its cybersecurity program, which helps to disrupt the attack and reduce recovery time. But many organizations are still ill-equipped to handle cybersecurity incidents. Cyber Threat Intelligence explains cyber threats and promotes faster-targeted response. In this cyclic process, data collection is planned and evaluated to produce a report, which is referred to as the intelligence cycle. With a flexible and proactive approach, we will be able to navigate the evolving cyber threat.

REFERENCES:

[1]https://www.cisco.com/c/en_in/products/security/common-cyberattacks.html [2]https://www.itgovernance.co.uk/cyber-threats [3]https://www.secureworks.com/blog/cyber-threat-basics [4]https://leaf-it.com/10-ways-prevent-cyber-attacks/