A zero-day attack occurs when a security vulnerability is exploited before the security community or software developers are aware of it and have addressed it. Ideally, the person who discovers a zero-day vulnerability would notify the software’s original developer to implement a fix. However, there are instances where this information is sold on the black market to cyber terrorists, governments, or large organizations, who may use it to launch their own cyberattacks. For example, information about a zero-day vulnerability in Apple’s iOS was reportedly sold for $500,000. Additionally, U.S. government contractors have purchased packages of zero-day exploits for $2.5 million annually.
The scale of phishing attacks globally is staggering. Approximately 156 million phishing emails are sent daily, with 16 million successfully bypassing email filters. Of those, around 50 percent, or 8 million, are opened, and 800,000 recipients click on the malicious links embedded in these emails daily.
Why Learn about Cybercrime and Information System Security?
It is crucial to prioritize the security of business data and information systems. Safeguarding confidential business data, private customer information, and employee information is essential to prevent theft or disruption. However, balancing security with other business priorities is often necessary. Business managers, IS professionals, and IS users frequently face complex trade-offs regarding IS security; for example, how much effort and money should be invested in preventing computer crime? (In other words, how secure is secure enough?) What if the recommended security measures make business operations more difficult for customers and employees, leading to lost sales and increased costs? If a company falls victim to a computer crime, should it pursue legal action against the criminals at all costs, keep a low profile to avoid negative publicity, inform affected customers, or take another approach?
The Threat Landscape
Cybercrimes have increased against individuals, organizations, and governments, with their destructive impact becoming severe. These crimes have harmed numerous organizations’ brands, reputations, and earnings globally. In response, many organizations are implementing various countermeasures to fight cybercrime. For example, the global financial services industry spent $27.4 billion on IT security and fraud prevention in 2015. A recent survey of over 10,000 IT professionals worldwide revealed the following:
– 58 percent of global companies have an overall security strategy.
– 54 percent have appointed a Chief Information Security Officer (CISO) to oversee security.
– 53 percent have employee security awareness and training programs.
– 52 percent have established security standards for third-party vendors.
– 49 percent conduct regular threat assessments.
– 48 percent actively monitor and analyze security intelligence.
Despite these countermeasures, computer security incidents increased from 2014 to 2015 in several industries, including public sector organizations, entertainment, media, communications, technology and telecommunications companies, pharmaceuticals and life sciences, and power and utilities organizations.
Why Computer Incidents Are Common
Security incidents are skyrocketing in frequency, variety, and intensity for many reasons: the growing complexity of computing, heightened user demands, the continuous expansion and evolution of systems, the prevalence of BYOD policies, dependence on vulnerable software, and the advance in attacker sophistication.
Complexity Breeds Vulnerability
The computing environment is highly complex, linking cloud services, networks, computers, mobile devices, virtual environments, operating systems, applications, and network equipment through extensive coding. This complexity multiplies potential security breach points, increasing system vulnerability.
User Expectations Fuel Risks
Today’s fast pace demands quick problem-solving, putting pressure on help desks for rapid response. This pressure may lead help desks to overlook security procedures, such as identity checks. Despite risks, some users share passwords, risking unauthorized system access.
System Evolution Introduces Risks
The shift from isolated systems to sprawling, interconnected networks has enabled e-commerce and global connectivity but has also introduced new security challenges. Rapid technological changes strain IT departments, making it hard to meet security needs.
BYOD Policies Add Security Challenges
BYOD policies, allowing personal devices at work, aim to boost productivity but introduce security problems. Personal devices are more vulnerable to malware, risking company-wide infection. Varied devices and systems complicate security for IT departments.
Vulnerabilities in Commercial Software
Exploits target specific system vulnerabilities, often due to flaws in design or implementation. Developers patch these issues, but users are responsible for updates, delaying which leaves systems open to attack. This forces IT support to balance urgent patches with other priorities.
Zero-Day Vulnerability in OS X El Capitan
Apple’s OS X El Capitan operating system identified a significant zero-day vulnerability, allowing hackers to bypass System Integrity Protection (SIP), a feature designed to protect critical system files from unauthorized modifications. This vulnerability is particularly dangerous because it is challenging to detect, and even if users become aware of it, they are unable to remove the infection as SIP would prevent access to or alteration of the compromised system file. Apple addressed this vulnerability by releasing patches for El Capitan 10.11.4 and iOS 9.3 on March 21, 2016.
Reliance on Software with Known Vulnerabilities
U.S. companies are increasingly dependent on commercial software that often has known vulnerabilities. Even when these vulnerabilities are exposed, many corporate IT departments opt to continue using the existing software rather than apply security patches that might complicate its use or remove features that appeal to users.
Increasing Sophistication of Cyber Attackers
The profile of the typical computer troublemaker has evolved significantly. While the old stereotype was of a lone “geek” with limited tools and a desire for notoriety, today’s cyber attackers are often part of well-organized groups such as Anonymous, Chaos Computer Club, or Lizard Squad. These groups have specific agendas and target particular organizations and websites. They are well-funded, possess sophisticated tools, and have deep knowledge of how to circumvent computer and network security measures.
Types of Exploits
There are various forms of computer attacks, and new types are constantly being developed. Some common types of attacks include ransomware, viruses, worms, Trojan horses, blended threats, spam, distributed denial-of-service attacks, rootkits, advanced persistent threats, phishing, spear-phishing, smishing, and vishing, identity theft, cyber espionage, and cyberterrorism. While these attacks are typically associated with computers, smartphones increasingly become targets as they hold more personal information, such as credit card and bank account numbers, and are used for web browsing and online transactions. One type of smartphone malware can run up charges by automatically sending messages to premium-rate numbers.
Ransomware
Ransomware is malware that prevents users from accessing their computer or data unless they meet specific demands, such as paying a ransom. Infection often occurs when users open an email attachment containing the malware or visit a compromised website. Ransomware can also spread through USB drives or messaging services like Yahoo Messenger. A notable case occurred in February 2016 when Hollywood Presbyterian Medical Center’s computer network was shut down by ransomware. After initially refusing to pay, the hospital eventually paid $12,000 to regain access to their data.
Viruses
A computer virus is a piece of code that causes a computer to behave in an unexpected and usually harmful way. Viruses typically attach themselves to files and only activate when the infected file is opened. Once activated, viruses can spread to other computers through shared files or email attachments. Macro viruses, which use application macro languages like Visual Basic, are common. These viruses can insert unwanted content into documents or alter commands, and once they infect a user’s application, they can spread to all future documents created with that application.
Worms
Worms are similar to viruses but differ because they do not require user intervention to spread. Worms reside in a computer’s memory and can duplicate themselves, sending copies to other computers via email. The impact of a worm attack can be severe, leading to lost data, decreased productivity, and significant cleanup efforts. Some worms, like Code Red, SirCam, and Melissa, caused damage exceeding $1 billion, while others, like Conficker and ILOVEYOU, resulted in losses of over $5 billion.
Trojan Horses
A Trojan horse is a seemingly benign program that conceals malicious code. Victims are often tricked into running the program because it appears to be legitimate software. Once executed, the Trojan can destroy files, steal passwords, or create a “backdoor” for future unauthorized access. Trojan horses can be delivered via email attachments, downloads from websites, or removable media like USB sticks. A particularly concerning example involves Trojan horse malware allegedly planted by Russian actors in U.S. critical infrastructure systems, potentially enabling remote control or shutdown of crucial components.
Blended Threats
A blended threat is a cyber attack that combines elements of viruses, worms, Trojan horses, and other malicious code. These sophisticated threats exploit multiple vulnerabilities and can spread through various channels, such as email, file-sharing networks, and web vulnerabilities. Blended threats are hazardous because they can attack multiple files and system components simultaneously.
Spam
Sending unsolicited emails to many recipients, usually for advertising, is spam. While legitimate businesses may use spam, it is also a standard method for spreading malware. The costs of spam include wasted time for users, increased load on internet service providers, and the potential of being exposed to malware. Some spam emails are designed to deceive recipients into clicking on links that download malicious software, such as the Trojan “Infostealer.Dyranges,” which is notorious for stealing financial information.
CAPTCHA
To combat spam, many companies utilize CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to ensure that only humans can register for free email accounts. CAPTCHA tests are designed to be easy for humans to solve but difficult for automated programs, which helps prevent spammers from creating large numbers of untraceable email accounts.
Distributed Denial-of-Service (DDoS) Attacks
A Distributed Denial-of-Service (DDoS) attack happens when a malicious hacker gains control of many computers over the internet, using them to flood a target website with excessive data requests. Unlike other attacks, a DDoS attack does not breach the target system. Instead, it overwhelms the target with so many requests that legitimate users cannot access the site—similar to repeatedly dialing a phone number, causing it to remain engaged and unavailable to other callers. The software needed for a DDoS attack is simple and easily accessible on various hacker websites. In a DDoS attack, a small program is quietly downloaded from the attacker’s computer to thousands of computers worldwide. These compromised computers, known as botnets or “zombies,” are remotely controlled by hackers without their owners’ knowledge. Some botnets’ combined processing power can surpass that of the world’s most advanced supercomputers. When the attacker activates the botnet, the zombies bombard the target site with requests, effectively shutting it down for legitimate users.
Arbor Networks, a company that monitors DDoS attacks, notes that these attacks are becoming increasingly sophisticated and are targeting more organizations. In 2015 alone, over 200 reported DDoS attacks generated traffic of 100 gigabits per second (Gbps), with the most significant attack reaching 500 Gbps—enough to disrupt an entire Internet service provider’s network. Botnets are also commonly used to spread spam and malicious code. The Grum botnet, active from 2008 to 2012, infected hundreds of thousands of computers and accounted for 35% of the world’s spam at its peak.
Rootkit
A rootkit is a set of programs that allows a user to gain unauthorized administrator-level access to a computer without the end user’s knowledge. Once installed, the attacker can take complete control of the system and hide the presence of the rootkit from legitimate administrators. Rootkits enable attackers to execute files, access logs, monitor user activities, and alter the computer’s configuration. A rootkit attack typically involves a dropper, a loader, and the rootkit itself. The dropper initiates the installation and can be activated by clicking on a malicious link or opening an infected file. The loader loads the rootkit into the system memory, after which the dropper deletes itself. Rootkits are challenging to detect because the compromised operating system cannot be trusted to provide accurate diagnostic results. Symptoms of a rootkit infection may include computer freezing, unexplained screen saver changes, the disappearance of the taskbar, or prolonged network performance issues. If a rootkit is detected, the most practical solution is to reformat the disk, reinstall the operating system and all applications, and reconfigure the user’s settings, which can be time-consuming.
Advanced Persistent Threat (APT)
An Advanced Persistent Threat (APT) is a network attack in which an intruder gains unauthorized access and remains undetected for an extended period to steal sensitive data. APT attackers continually update their tactics and use sophisticated evasion techniques to avoid detection. These attacks typically target organizations with valuable information, such as financial institutions, government agencies, and insurance companies. An APT progresses through five phases: reconnaissance, where the attacker gathers information about the target; incursion, where they gain low-level access and establish a backdoor; discovery, where they move laterally across the network and install additional backdoors; capture, where they begin extracting sensitive data; and export, where the stolen data is sent back to the attacker’s base for analysis or use in criminal activities.
APT attacks are challenging to detect, but monitoring for unusual outbound data activity can help identify them. For example, the hacker group Carbanak used APT techniques to steal over $1 billion from banks across several countries by infiltrating bank systems, including ATMs, and transferring funds to accounts under their control.
Phishing
Phishing is a fraudulent practice in which attackers use email to trick recipients into revealing personal information. In a typical phishing scam, con artists send emails that seem to be from legitimate sources, urging recipients to click on a link or open an attachment to avoid a negative consequence or gain a reward. These actions often lead victims to fake websites that steal information or install malware on their computers. Phishing is widespread, with an estimated 156 million phishing emails sent daily. Of these, 16 million evade email filters, 8 million are opened, and 800,000 recipients click on malicious links.
Phishing attacks frequently target financial institutions and their customers. For instance, the University of Connecticut experienced two phishing attacks within five weeks—both attempts aimed to steal users’ login credentials by pretending to be legitimate university communications. Spear phishing is a more specific form of phishing involving attackers sending emails that seem to be from high-level executives within an organization to trick employees into disclosing sensitive information.
Smishing and Vishing
Smishing and vishing are variations of phishing that use text messages and voice messages to trick victims into revealing personal information. In a smishing scam, victims receive a text message that appears to be from a legitimate source, prompting them to log in to a fake website or call a phone number. Vishing involves receiving a voice message that directs the victim to call a number or visit a website, where they are asked to provide sensitive information. These scams can lead to the theft of money, unauthorized credit card charges, or the compromise of personal data. Organizations should educate their customers about phishing, smishing, and vishing risks and take proactive steps to detect and respond to these threats.
In essence, the reasons behind the rising frequency of security incidents are detailed, including the growing complexity of systems, user expectations, and the evolving nature of IT environments.
+ There are no comments
Add yours