What is a threat: A threat is any incident that could negatively affect an asset – for

example, if it’s lost, knocked offline or accessed by an unauthorized party.

Threats can be categorized as circumstances that compromise the confidentiality, integrity or

availability of an asset, and can either be intentional or accidental.

Intentional threats include things such as criminal hacking or a malicious insider stealing
information, whereas accidental threats generally involve employee error, a technical
malfunction or an event that causes physical damage, such as a fire or natural disaster.

Motive of Attackers

The categories of cyber-attackers enable us to better understand the attackers' motivations

and the actions they take. As shown in Figure, operational cyber security risks arise from
three types of actions: i) inadvertent actions (generally by insiders) that are taken without
malicious or harmful intent; ii) deliberate actions (by insiders or outsiders) that are taken
intentionally and are meant to do harm; and iii) inaction (generally by insiders), such as a
failure to act in a given situation, either because of a lack of appropriate skills, knowledge,
guidance, or availability of the correct person to take action Of primary concern here are
deliberate actions, of which there are three categories of motivation.

1. Political motivations: examples include destroying, disrupting, or taking control of

targets; espionage; and making political statements, protests, or retaliatory actions.
2. Economic motivations: examples include theft of intellectual property or other
economically valuable assets (e.g., funds, credit card information); fraud; industrial
espionage and sabotage; and blackmail.
3. Socio-cultural motivations: examples include attacks with philosophical, theological,
political, and even humanitarian goals. Socio-cultural motivations also include fun,
curiosity, and a desire for publicity or ego gratification.

Types of cyber-attacker actions and their motivations when deliberate

CYBER SECURITY Page 13
Active attacks: An active attack is a network exploit in which a hacker attempts to make
changes to data on the target or data en route to the target.

Types of Active attacks:

Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain
access or to gain greater privileges than they are authorized for. A masquerade may be
attempted through the use of stolen login IDs and passwords, through finding security gaps in
programs or through bypassing the authentication mechanism.

Session replay: In this type of attack, a hacker steals an authorized user’s log in information
by stealing the session ID. The intruder gains access and the ability to do anything the
authorized user can do on the website.

Message modification: In this attack, an intruder alters packet header addresses to direct a
message to a different destination or modify the data on a target machine.

In a denial of service (DoS) attack, users are deprived of access to a network or web
resource. This is generally accomplished by overwhelming the target with more traffic than it
can handle.

In a distributed denial-of-service (DDoS) exploit, large numbers of compromised systems

(sometimes called a botnet or zombie army) attack a single target.

Passive Attacks:Passive attacks are relatively scarce from a classification perspective, but
can be carried out with relative ease, particularly if the traffic is not encrypted.

Types of Passive attacks:

Eavesdropping (tapping): the attacker simply listens to messages exchanged by two entities.
For the attack to be useful, the traffic must not be encrypted. Any unencrypted information,
such as a password sent in response to an HTTP request, may be retrieved by the attacker.

Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce
information relating to the exchange and the participating entities, e.g. the form of the
exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used, traffic
analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain
information or succeed in unencrypting the traffic.

Software Attacks: Malicious code (sometimes called malware) is a type of software

designed to take over or damage a computer user's operating system, without the user's
knowledge or approval. It can be very difficult to remove and very damaging. Common
malware examples are listed in the following table:

CYBER SECURITY Page 14

Attack Characteristics
Virus A virus is a program that attempts to damage a computer system and replicate itself
to other computer systems. A virus:

 Requires a host to replicate and usually attaches itself to a host file or a

hard drive sector.
 Replicates each time the host is used.
 Often focuses on destruction or corruption of data.
 Usually attaches to files with execution capabilities such as .doc, .exe, and
.bat extensions.
 Often distributes via e-mail. Many viruses can e-mail themselves to
everyone in your address book.
 Examples: Stoned, Michelangelo, Melissa, I Love You.

Worm A worm is a self-replicating program that can be designed to do any number of

things, such as delete files or send documents via e-mail. A worm can negatively
impact network traffic just in the process of replicating itself. A worm:

 Can install a backdoor in the infected computer.

 Is usually introduced into the system through a vulnerability.
 Infects one system and spreads to other systems on the network.
 Example: Code Red.

Trojan A Trojan horse is a malicious program that is disguised as legitimate software.

horse Discretionary environments are often more vulnerable and susceptible to Trojan
horse attacks because security is user focused and user directed. Thus the
compromise of a user account could lead to the compromise of the entire
environment. A Trojan horse:

 Cannot replicate itself.

 Often contains spying functions (such as a packet sniffer) or backdoor
functions that allow a computer to be remotely controlled from the
network.
 Often is hidden in useful software such as screen savers or games.
 Example: Back Orifice, Net Bus, Whack-a-Mole.

Logic A Logic Bomb is malware that lies dormant until triggered. A logic bomb is a
Bomb specific example of an asynchronous attack.

 A trigger activity may be a specific date and time, the launching of a

specific program, or the processing of a specific type of activity.
 Logic bombs do not self-replicate.

CYBER SECURITY Page 15

Hardware Attacks:
Common hardware attacks include:

 Manufacturing backdoors, for malware or other penetrative purposes; backdoors

aren’t limited to software and hardware, but they also affect embedded radio-
frequency identification (RFID) chips and memory

 Eavesdropping by gaining access to protected memory without opening other

hardware
 Inducing faults, causing the interruption of normal behaviour

 Hardware modification tampering with invasive operations

 Backdoor creation; the presence of hidden methods for bypassing normal computer
authentication systems

 Counterfeiting product assets that can produce extraordinary operations and those
made to gain malicious access to systems.
Cyber Threats-Cyber Warfare:Cyber warfare refers to the use of digital attacks -- like
computer viruses and hacking -- by one country to disrupt the vital computer systems of
another, with the aim of creating damage, death and destruction. Future wars will see
hackers using computer code to attack an enemy's infrastructure, fighting alongside
troops using conventional weapons like guns and missiles.
Cyber warfare involves the actions by a nation-state or international organization to attack
and attempt to damage another nation's computers or information networks through, for
example, computer viruses or denial-of-service attacks.
Cyber Crime:
Cybercrime is criminal activity that either targets or uses a computer, a computer network
or a networked device.Cybercrime is committed by cybercriminals or hackers who want
to make money. Cybercrime is carried out by individuals or organizations.
Some cybercriminals are organized, use advanced techniques and are highly technically
skilled. Others are novice hackers.
Cyber Terrorism:
Cyber terrorism is the convergence of cyberspace and terrorism. It refers to unlawful
attacks and threats of attacks against computers, networks and the information stored
therein when done to intimidate or coerce a government or its people in furtherance of
political or social objectives.
Examples are hacking into computer systems, introducing viruses to vulnerable
networks, web site defacing, Denial-of-service attacks, or terroristic threats made via
electronic communication.
Cyber Espionage:
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and
information without the permission and knowledge of the holder of the information from

CYBER SECURITY Page 16

 individuals, competitors, rivals, groups, governments and enemies for personal,
economic, political or military advantage using methods on the Internet.

Security Policies:

Security policies are a formal set of rules which is issued by an organization to ensure that the
user who are authorized to access company technology and information assets comply with
rules and guidelines related to the security of information.

A security policy also considered to be a "living document" which means that the document
is never finished, but it is continuously updated as requirements of the technology and
employee changes.

We use security policies to manage our network security. Most types of security policies are
automatically created during the installation. We can also customize policies to suit our
specific environment.

Need of Security policies-

1) It increases efficiency.

2) It upholds discipline and accountability

3) It can make or break a business deal

4) It helps to educate employees on security literacy

CYBER SECURITY Page 17

There are some important cyber security policies recommendations describe below-

Virus and Spyware Protection policy:

 It helps to detect threads in files, to detect applications that exhibits suspicious

behavior.
 Removes, and repairs the side effects of viruses and security risks by using signatures.

Firewall Policy:

 It blocks the unauthorized users from accessing the systems and networks that connect
to the Internet.
 It detects the attacks by cybercriminals and removes the unwanted sources of network
traffic.

Intrusion Prevention policy:

 This policy automatically detects and blocks the network attacks and browser attacks.
 It also protects applications from vulnerabilities and checks the contents of one or
more data packages and detects malware which is coming through legal ways.

Application and Device Control:

 This policy protects a system's resources from applications and manages the
peripheral devices that can attach to a system.
 The device control policy applies to both Windows and Mac computers whereas
application control policy can be applied only to Windows clients.

CYBER SECURITY Page 18