cyber attacks
DESCRIPTION
Jacky Altal. Cyber Attacks. T O C. Hackers Terminology Cyber attacks in 2012 (so far…) Nations Conflict Cyber Motives Characteristics of CyberCrime DEMO – Client Side Attacks. Layer I The best of the best Ability to find Vulnerabilities - PowerPoint PPT PresentationTRANSCRIPT
CYBER ATTACKSJacky Altal
T O C
Hackers Terminology Cyber attacks in 2012 (so far…) Nations Conflict Cyber Motives Characteristics of CyberCrime DEMO – Client Side Attacks
The Hacker Terminology
Layer IThe best of the bestAbility to find VulnerabilitiesAbility to write exploit code and tools to override security measures
Layer IIIT SavvyAbility to write scriptsUnderstand vulnerability and how they work
Layer IIIScript KiddieAbility to download tools from the internetDon’t have knowledge or willing to understand technology
Cyber Attacks
Cyber attacks accompany physical attacks (Stuxnet)
Cyber attacks are increasing in volume, sophistication, and coordination
Cyber attacks are attracted to high-value targets (Sony, stratfort, Special Forces, CIA, FBI etc.)
Cyber Attacks
Cyber Attacks
Cyber Attacks
Cyber Attacks
Cyber Attacks
Cyber Attacks
Cyber Attacks
Physical Conflicts and Cyber Attacks
The Pakistan/India Conflict The Israel/(Palestinian, Turkish) Conflict The Former Republic of Yugoslavia
(FRY)/NATO Conflict in Kosovo The U.S. – China Surveillance Plane
Incident The Turkish/France Conflict
Cyber Threats
Against users, system administrators, hardware and software manufacturers.
Against documentation which includes confidential user information for hardware and software, administrative procedures, and policy documents, supplies that include paper and even printer cartridges
A cyber threats is an intended or unintended illegal activity, an unavoidable or inadvertent event that has the potential or could lead to unpredictable, unintended, and adverse consequences on a cyberspace resource.
Most cyber attacks can be put in one of the following categories:Natural or Inadvertent attack – including things
like accidents originating from natural disaster like fire, floods, windstorms, and they usually occur very quickly without warning, and are beyond human capacity, often causing serious damage
Human blunders, errors, and omissions – including things like unintentional human actions
Intentional Threats like illegal or criminal acts from either insiders or outsiders, recreational hackers, and criminal
Types of e-attacks:Penetration Attack Type -involves breaking into
a system using known security vulnerabilities to gain access to any cyberspace resource –○ There is steady growth of these attacks – see the
CERT
Denial of Service Attacks – they affect the system through diminishing the system’s ability to function, capable of bringing a system down without destroying its resources.
Motives of E-attacksRevenge Joke/Hoax/Prank The Hacker's Ethics Terrorism Political and Military Espionage Business ( Competition) Espionage Hate (national origin, gender, and race)Personal gain/Fame/Fun/Notoriety Ignorance
Potential Cyber AttacksUnauthorized IntrusionsDefacementsDomain Name Server AttacksDistributed Denial of Service AttacksComputer Worms – Zeus, StuxnetRouting OperationsCritical InfrastructuresCompound Attacks
Critical InfrastructuresCritical infrastructures include gas, power, water,
banking and finance, transportation, communications
All dependent to some degree on information systems
Insider threat - specialized skills Network attack – default passwords, unprotected
device, un updated system.
Topography of Attacks One-to-One One-to-Many Many-to-One Many-to-Many
Analysis of the motives and reasons why such attacks occur.
Study the most current security threats.
Vulnerability Types
Computer basedPoor passwordsLack of appropriate protection/or improperly configured
protection Network based
Unprotected or unnecessary open entry points Personnel based
Temporary/staff firingsDisgruntled personnelLack of training
Facility basedServers in unprotected areasInadequate security policies
DEMO – Client Side Attack
The dark net / dark side of the internet
The dark net / dark side of the internet
The dark net / dark side of the internet
The dark net / dark side of the internet
The dark net / dark side of the internet
How to handle cyber threat System-Aware Cyber Security Architecture
Addresses supply chain and insider threatsEmbedded into the system to be protectedIncludes physical systems as well as information
systems Requires system engineering support tools for
evaluating architectures factors To facilitate reusability requires establishment of
candidate Design Pattern Templates and initiation of a design librarySecurity DesignSystem Impact Analyses
