Chapter 3

Attack Types and Protection Schemes

 Outline
 Definition of terms
 Categories of Attack Types and Security threats
 Vulnerabilities of Information System
 Malicious Security Threats
 Virus
 Worms
 Trojan horses
 Spyware

 Protection schemes
 Social Engineering

2
 Vulnerabilities, Threat,
Attack and Countermeasure
 Vulnerabilities is a point where a system is susceptible to an
attack
 Threat is a possible danger to a system. It could be a person, a
thing or an event that exploits a vulnerability.
 Attack is actual security breach that has been made(violation
of security policy) by a threat.
 Countermeasure is techniques applied to protect a system
from any threat or an attack.

Computer world is full of threats!

3
 What we need to do?
 What is right attitude?
 To do what you do in real life

 What do you do in your real life?

 You learn about the treats
 What are the threats?
 How can these threats affect you?
 What is the risk for you to be attacked by these threats?
 How can you protect yourself from these threats?
 How much does the protection cost?
 What you can do to limit the damage in case you are attacked ?
 How you can recover in case you are attacked?

 Then, you protect yourself in order to limit the risk but to

continue to live your life you need to do exactly the same thing
with computers
4
Security threats
 The management must be informed of the different threats
facing the organization
 By examining each threat category, management effectively
protects information through
 Policy
 education
 training
 technology controls

5
Cont’d…
 In 2023, the IC3 received a record number of complaints form
American public: 880,418 complaints, with potential losses
exceeding $12.5 billion. Nearly 10% increase in complaints
and 22% increase in losses compared to 2022.
 Cybercrime is predicted to cost the world $9.5 trillion
according to cybersecurity ventures in 2024 which expected to
increase to $10.5 trillion by 2025.
 Credential leaks, ransomware, AI-powered threats and malware-as-a-
service (MaaS)

6
 Threats to Information
Systems
Categories of threat Examples
1 Acts of human error or failure Accidents, employee mistakes
2 Compromises to intellectual property Privacy, copyright infringement
3 Deliberate acts of espionage or trespass Unauthorized access and/or data collection
4 Deliberate acts of information extortion Blackmail of information disclosure
5 Deliberate acts of sabotage or vandalism Destruction of systems or information
6 Deliberate acts of theft Illegal confiscation of equipment or
information
7 Deliberate Software attack Viruses, worms, Dos
8 Forces of nature Fire, flood, earthquake, lightning
9 Deviations in quality of service from service Power and WAN service issues
providers
10 Technical hardware failures or errors Equipment failure
11 Technical software failures or errors Bugs, code problems, unknown loopholes
12 Technological obsolescence Antiquated or outdated technologies
7
Acts of human error
 Includes acts performed without malicious intent
 Causes include:
 Inexperience
 Improper training
 Incorrect assumptions

 Employees are among the greatest threats to an

organizations

8
Cont’d…
 Employee mistakes can easily lead to:
 Revelation of classified data
 Entry of erroneous data
 Accidental data deletion or modification
 Data storage in unprotected areas
 Failure to protect information

 Many of these threats can be prevented with

controls

9
 Deliberate Acts of
Espionage or Trespass
 Access of protected information by unauthorized individuals
 Competitive intelligence (legal) vs. industrial espionage
(illegal)
 Shoulder surfing occurs anywhere a person accesses
confidential information
 Hackers use skill, guile, or fraud to bypass controls protecting
other’s information

10
Intellectual property
 Intellectual property is the center (asset) of many organizations.
 It can be a unique business process or actual data such as customer data.
 Examples of intellectual property include such things as patents, drug formulas,
engineering plans, scientific formulas, and recipes.
 Suppose a restaurant chain has a unique process for quickly preparing and
delivering food. If the rest of the industry knew about that process, it would
remove the restaurant’s competitive advantage.
 The data breaches or data losses are occurring every day in every aspect of life.
 This type of loss includes identity theft, business theft, or intellectual property
theft.
 Data breaches occur frequently- As an information systems security
professional, it is your mission to prevent a data breach from occurring to your
assets.
 That is your number-one objective.

11
Shoulder Surfing

12
 Deliberate acts of
information extortion
 Information extortion: occurs when an attacker either threatens
to steal, or actually steals, information from a company.
 The perpetrator demands payment for not stealing the
information, for returning stolen information, or for agreeing not
to disclose the information.
 Is an attacker or formerly trusted insider stealing information
from a computer system and demanding compensation for its
return or non-use
 Extortion found in credit card number

13
 Deliberate acts of sabotage
or vandalism
 Sabotage and vandalism are deliberate acts that
involve defacing an organization’s website, possibly causing the
organization to lose its image and its customers to experience a
loss of confidence.
 Acts aimed to destroy an information asset and, ultimately,
damage organization.
 Sabotage or computer damage can take place on the internet in
two ways:
 It can occur through the modification and/ or destruction of the data or
programs of the infected system
 Can be produced by means of the paralysis or blocking of the system,
without necessarily altering or destroying the data or programs
14
Deliberate acts of theft
 Illegal taking of another’s physical, electronic, or intellectual
property
 Physical theft is controlled relatively easily- locked, guards,
alarm systems, etc.
 Electronic theft is a more complex problem to manage and
control: Organizations may not know it has occurred.

15
Forces of Nature
 Forces of nature are among the most dangerous threats
 Disrupt not only individuals live, but also storage,
transmission, and use of information
 Organizations must implement controls to limit damage and
prepare contingency plans for continued operations

16
 Vulnerabilities of
Information Systems
 Physical vulnerabilities (eg. buildings)
 Natural vulnerabilities (eg. Earthquake)
 Hardware and Software vulnerabilities (eg. failures)
 Media vulnerabilities (eg. Disks can be stolen)
 Communication vulnerabilities (eg. Wires can be tapped)
 Human vulnerabilities (eg. Insiders)

17
Attack Types
 Hacking attack
 Any attempt to gain unauthorized access to your system
 Denial of service(DoS) attack
 Blocking access from legitimate users
 Physical attack
 Stealing, breaking, or damaging computing devices

18
Malware Attack
 Malware, short for "malicious software"
 [SOUP13] defines malware as:
 “a program that is inserted into a system, usually covertly (secretly), with the
intent of compromising the Confidentiality, Integrity, or Availability of the
victim’s data, applications, or operating system or otherwise annoying or
disrupting the victim.”
 Malware is a malicious software which is typically used to infect computers or
networks.
 Common types of malware include viruses, worms, trojans, ransomware,
adware, spyware, rootkits, keyloggers, fileless malware, cryptojacking, and
hybrid malware.

19
Classification of Malware

20
 Types of malicious software
(malware)
Propagation Mechanisms include:
 Infection of existing content by viruses that are subsequently spread to other
systems
 Exploit of software vulnerabilities by worms or drive-by-downloads to allow the
malware to replicate
 Social engineering attacks that convince users to bypass security
mechanisms to install Trojans or respond to phishing attacks
Payload actions performed by malware once it reaches a target
system can include:
 Corruption of system or data files
 Theft of service/make the system a zombie agent of attack as part of a botnet
 Theft of information from the system

21
Viruses
 “A small program that replicates and hides itself inside other programs
usually without your knowledge” by Symantec
 Piece of software that infects programs
 Modifies them to include a copy of the virus
 Replicates and goes on to infect other content
 Easily spread through network environments

 When attached to an executable program, a virus can do anything that

the program is permitted to do
 Executes secretly when the host program is run

 Specific to operating system and hardware

 Takes advantage of their details and weaknesses

22
23
Who writes virus
 Adolescence
 Ethically normal

 College Students
 Ethically normal

 Adult
 Ethically abnormal

24
worm
 An independent program that reproduces by copying itself from one
computer to another
 Is a worm a virus?
 No. A worm is not a virus, although, like a virus, it can severely disrupt IT
operations and cause data loss. A worm is much more serious than a virus
because once it infects a vulnerable machine, it can “self-replicate” and
spread automatically across multiple devices.
 It often creates denial of service

25
Cont’d…
 A program that actively seeks out more machines to infect
 Each infected machine serves as an automated launching pad for attacks on
other machines
 Exploits software vulnerabilities in client or server programs
 Can :
 Spread through Network Connections from system to system
 Spread through Shared Media (USB drives, CD, DVD data disks)
 Spread through E-mails, email worms spread in macro or script code included in
attachments and instant messenger file transfers
 Upon activation the worm may replicate and propagate again

26
Steps of a Worm Attack
The 3 stages of a worm attack Step
 1: Enabling vulnerability
 The initial phase of a worm attack occurs when the worm is first installed
on a vulnerable machine. The worm may have been transmitted through a
software vulnerability. Or, it may have arrived through a malicious email or
IM attachment or a compromised removable drive.
 Step 2: Automatic replication
 Once a worm is installed on a vulnerable device or system, it begins to self-
replicate automatically. Through propagation, the worm makes its way to
other new targets in the network—consuming bandwidth and hard-drive
space and undermining device and system performance as it spreads.

27
Cont’d…
 Step 3: Payload delivery
 In the last stage of a worm attack, the malicious actor behind the campaign
tries to increase their level of access to the targeted system. Over time,
they could gain access rights equivalent to those of a system administrator.
From there, the adversary can cause significant damage, including data
theft, and potentially gain access to multiple systems.
 Repeating the process
 Once a worm has propogated throughout a device or system, it continues
to spread automatically, using vulnerabilities in other systems attached to
the system initially targeted. This is how malicious actors gain access to
multiple systems. Some cyber criminals will even go on to use these
systems in a botnet—a network of infected computers that can send spam,
steal data, and more.
28
Social Engineering
 “Tricking” users to assist in the compromise of their own systems or
personal information.
 This can occur when a user views and responds to some SPAM e-mail, or
permits the installation and execution of some Trojan horse program or
scripting code

29
Trojan horses

30
Phishing
 Phishing attacks are fraudulent emails, text messages, phone calls or web
sites designed to trick users into downloading malware, sharing sensitive
information or personal data (e.g., Social Security and credit card numbers,
bank account numbers, login credentials), or taking other actions that
expose themselves or their organizations to cybercrime.

31
Cont’d…

32
Summary
 Types of malicious software (malware)
 Propagation
 Infected content
 viruses

 Vulnerability exploit
 worms

 Social engineering
 spam
 e-mail
 Trojans

33
Cont’d…
 Payload
 System corruption
 Attack agent
 Zombie
 Bots

 Information theft
 Keyloggers
 Phishing
 Spyware

 Steal thing

34
Protection schemes
 Authentication
 Encryption
 Auditing
 Administrative procedures
 Standards
 Certifications
 Physical security
 Laws
 Backups

35