Cyber attack methods. Who are the cyber attackers?

This just in: Cyber criminals are planting chips in electric irons and kettles to launch spam attacks.  A Russian TV channel had footage of an iron being opened up to reveal a “spy chip” with a small microphone that could be used to spread viruses by connecting to any computer withing 656 feet using an unprotected Wi-Fi network.  Mobile phones, car dashboard cameras, and other devices were also found to have “spy chips” as well.  A customs brokerage professional said the hidden chips had been used to infiltrate company networks, sending out spam without administrators’ knowledge.

Cross-site scripting. An attack that uses third-party web resources to run script within the victim’s web browser or scriptable application. This occurs when a browser visits a malicious website or clicks a malicious link. The most dangerous consequences occur when this method is used to exploit additional vulnerabilities that may permit an attacker to steal cookies (data exchanged between a web server and a browser), log key strokes, capture screen shots, discover and collect network information, and remotely access and control the victim’s machine.

Denial-of-service. An attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources.

Distributed denial-of-service. A variant of the denial-of-service attack that uses numerous hosts to perform the attack.

Logic bombs.  A piece of programming code intentionally inserted into a software system that will cause a malicious function to occur when one or more specified conditions are met.

Phishing. A digital form of social engineering that uses authentic looking, but fake, e-mails to request information from users or direct them to a fake website that requests information.

Passive wiretapping. The monitoring or recording of data, such as passwords transmitted in clear text, while they are being transmitted over a communications link. This is done without altering or affecting the data.

Structured Query Language (SQL) injection. An attack that involves the alteration of a database search in a web-based application, which can be used to obtain unauthorized access to sensitive information in a database.

Trojan horse. A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms by, for example, masquerading as a useful program that a user would likely execute.

Virus. A computer program that can copy itself and infect a computer without the permission or knowledge of the user. A virus might corrupt or delete data on a computer, use email programs to spread itself to other computers, or even erase everything on a hard disk. Unlike a computer worm, a virus requires human involvement (usually unwitting) to propagate.

War driving. Driving through cities and neighborhoods with a wireless-equipped computer—sometimes with a powerful antenna—searching for unsecured wireless networks.

Worm.  A self-replicating, self-propagating, self-contained program that uses network mechanisms to spread itself. Unlike computer viruses, worms do not require human involvement to propagate.

Zero-day exploit. An exploit that takes advantage of a security vulnerability previously unknown to the general public. In many cases, the exploit code is written by the same person who discovered the vulnerability. By writing an exploit for the previously unknown vulnerability, the attacker creates a potent threat since the compressed time frame between public discoveries of both makes it difficult to defend against.

Who are the cyber attackers?

Bot-network operators use a network, or bot-net, of compromised, remotely-controlled systems to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services of these networks are sometimes made available on underground markets (e.g., purchasing a denial-of-service attack or services to relay spam or phishing attacks).

Criminal groups seek to attack systems for monetary gain. Specifically, organized criminal groups use spam, phishing, and spyware/malware to commit identity theft, on-line fraud, and computer extortion. International corporate spies and criminal organizations also pose a threat to the United States through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent.

Hackers break into networks for the thrill of the challenge, bragging rights in the hacker community, revenge, stalking, monetary gain, and political activism, among other reasons. While gaining unauthorized access once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the internet and launch them against victim sites. Thus, while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency, the large majority of hackers do not have the requisite expertise to threaten difficult targets such as critical U.S. networks. Nevertheless, the world-wide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage.

Insiders. The disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat includes contractors hired by the organization, as well as careless or poorly-trained employees who may inadvertently introduce malware into systems.

Nations use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power—impacts that could affect the daily lives of citizens across the country. In his January 2012 testimony, the Director of National Intelligence stated that, among state actors, China and Russia are of particular concern.

Phishers. Individuals or small groups execute phishing schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware or malware to accomplish their objectives.

Spammers. Individuals or organizations distribute unsolicited e-mail with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware or malware, or attack organizations (e.g., a denial of service).

Spyware or malware authors. Individuals or organizations with malicious intent carry out attacks against users by producing and distributing spyware and malware. Several destructive computer viruses and worms have harmed files and hard drives, including the Melissa Macro Virus, the Explore.Zip worm, the CIH (Chernobyl) Virus, Nimda, Code Red, Slammer, and Blaster.

Terrorists seek to destroy, incapacitate, or exploit critical infrastructures in order to threaten National security, cause mass casualties, weaken the economy, and damage public morale and confidence. Terrorists may use phishing schemes or spyware/malware in order to generate funds or gather sensitive information.

Related articles

Electric Grid

This entry was posted in CyberAttacks and tagged . Bookmark the permalink.

One Response to Cyber attack methods. Who are the cyber attackers?

  1. Bruce S. says:

    Thanks for the glossary! These definitions are correct and accurate.