Information Security Threats and Attack Vectors
1. Motives, Goals, and Objectives of Information Security Attacks
In the information security world, an attacker attacks the target system with the three main components behind it. "Motive or Objective" of an attack makes an attacker focus on attacking a particular system. Another major component is "Method" that is used by an attacker to gain access to a target system. Vulnerability also helps the attacker to fulfill his intentions. These three components are the major blocks on which an attack depends. Motive and Objective of an attacker to attack a system may depend upon something valuable stored in that specific system. The reason might be ethical or non-ethical. However, there must be a goal to achieve for the hacker, which leads to the threat to the system. Some typical motives of behind attacks are information theft, Manipulation of data, Disruption, propagation of political or religious beliefs, attack on target's reputation or taking revenge. Method of attack & Vulnerability runs side by side. Intruder applies various tools and number of advanced & older techniques to exploit a vulnerability within a system, or security policy to breach & achieve their motives.
2. Top Information Security Attack Vectors
Cloud Computing Threats
Cloud Computing is the most common trend & popularly in use nowadays. It does not mean that threats to cloud computing or cloud security are fewer. Mostly, the same issues as in traditionally hosted environments also exist in the cloud computing. It is very important to secure Cloud computing to protect services and important data.
The following are some threats that exist in the Cloud Security:
- In the Cloud Computing Environment, a major threat to cloud security is a single data breach that can to result loss. Additionally, it allows the hacker to further have access to the records which allows the hacker to have access to multiple records over the cloud. It is the extremely worst situation where compromising of single entity leads to compromise multiple records.
- Data Loss is one of the most common potential threats that is vulnerable to Cloud security as well. Data loss may be due to intended or accidental means. It may be large scales or small scale; however massive data loss is catastrophic & costly.
- Another Major threat to Cloud computing is the hijacking of Account over cloud and Services. Applications running on a cloud having software flaws, weak encryption, loopholes, and vulnerabilities allows the intruder to control.
Furthermore, there are several more threats to Cloud computing which are:
- Insecure APIs
- Denial of Services
- Malicious Insiders
- Poor Security
- Multi-Tenancy
Advanced Persistent Threats
An advanced persistent threat (APT) is the process of stealing information by a continuous process. An Advanced Persistent Threat usually focuses on private organizations or for political motives. The APT process relies upon advanced, sophisticated techniques to exploit vulnerabilities within a system. The "persistent" term defines the process of an external command and controlling system that is continuously monitoring and fetching data from a target. The "threat" process indicates the involvement attacker with potentially harmful intentions.
Characteristics of APT Life. Cycle are:
Viruses and Worms
Term "Virus" in Network and Information security describes malicious software. This malicious software is developed to spread, replicate themselves, and attach themselves to other files. Attaching with other files helps to transfer onto other systems. These viruses require user interaction to trigger and initiate malicious activities on the resident system. Unlike Viruses, Worms are capable of replicating themselves. This capability of worms makes them spread on a resident system very quickly. Worms are propagating in different forms since the 1980s. Some types of emerging worms are very destructive, responsible for devastating DoS attacks.
Mobile Threats
Emerging mobile phone technology, especially Smartphones has raised the focus of attacker over mobile devices. As Smartphones are popularly used all over the world, it has shifted the focus of attackers to steal business and personal information through mobile devices. The most common threat to mobile devices are:
- Data leakage
- Unsecured Wi-Fi
- Network Spoofing
- Phishing Attacks
- Spyware
- Broken Cryptography
- Improper Session Handling
Insider Attack
An insider attack is the type of attack that is performed on a system, within a corporate network, by a trusted person. Trusted User is termed as Insider because Insider has privileges and it is authorized to access the network resources.
Botnets
Combination of the functionality of Robot and Network develop a continuously working Botnet on a repetitive task. It is the basic fundamental of a bot. They are known as the workhorses of the Internet. These botnets perform repetitive tasks. The most often of botnets are in connection with Internet Relay Chat. These types of botnets are legal and beneficial. A botnet may use for positive intentions but there also some botnets which are illegal and intended for malicious activities. These malicious botnets can gain access to the systems using malicious scripts and codes either by directly hacking the system or through "Spider." Spider program crawls over the internet and searches for holes in security. Bots introduce the system on the hacker’s web by contacting the master computer. It alerts the master computer when the system is under control. Attacker remotely controls all bots from Master computer.
3. Information Security Threat Categories
Information Security Threats categories are as follows:
Network Threats
The primary components of network infrastructure are routers, switches, and firewalls. These devices not only perform routing and other network operations, but they also control and protect the running applications, servers, and devices from attacks and intrusions. The poorly configured device offers intruder to exploit. Common vulnerabilities on the network include using default installation settings, open access controls, Weak encryption & Passwords, and devices lacking the latest security patches. Top network level threats include:
- Information gathering
- Sniffing & Eavesdropping
- Spoofing
- Session hijacking
- Man-in-the-Middle Attack
- DNS & ARP Poisoning
- Password-based Attacks
- Denial-of-Services Attacks
- Compromised Key Attacks
- Firewall & IDS Attacks
Host Threats
Host threats are focused on system software; Applications are built or running over this software such as Windows 2000, .NET Framework, SQL Server, and others. The Host Level Threats includes:
- Malware Attacks
- Footprinting
- Password Attacks
- Denial-of-Services Attacks
- Arbitrary code execution
- Unauthorized Access
- Privilege Escalation
- Backdoor Attacks
- Physical Security Threats
Application Threats
Best practice to analyze application threats is by organizing them into application vulnerability category. Main threats to the application are:
- Improper Data / Input Validation
- Authentication & Authorization Attack
- Security Misconfiguration
- Information Disclosure
- Broken Session Management
- Buffer Overflow Issues
- Cryptography Attacks
- SQL Injection
- Improper Error handling & Exception Management
4. Types of Attacks on a System
Operating System Attacks
Operating System Attacks In Operating System Attacks, Attackers always search for an operating system's vulnerabilities. If they found any vulnerability in an Operating System, they exploit to attack against the operating system. Some most common vulnerabilities of an operating system are:
- Buffer overflow vulnerabilities
Buffer Overflow is one of the major types of Operating System Attacks. It is related to software exploitation attacks. In Buffer overflow, when a program or application does not have well-defined boundaries such as restrictions or pre-defined functional area regarding the capacity of data it can handle or the type of data can be inputted. Buffer overflow causes problems such as Denial of Service (DoS), rebooting, achievement of unrestricted access and freezing.
- Bugs in the operating system
In software exploitation attack & bugs in software, the attacker tries to exploit the vulnerabilities in software. This vulnerability might be a mistake by the developer while developing the program code. Attackers can discover these mistakes, use them to gain access to the system.
- Unpatched operating system
Unpatched Operating System allows malicious activities, or could not completely block malicious traffic into a system. Successful intrusion can impact severely in the form of compromising sensitive information, data loss and disruption of regular operation.
Misconfiguration Attacks
In a corporate network while installation of new devices, the administrator must have to change the default configurations. If devices are left upon default configuration, using default credentials, any user who does not have the privileges to access the device but has connectivity can access the device. It is not a big deal for an intruder to access such type of device because default configuration has common, weak passwords and there are no security policies are enabled on devices by default. Similarly, permitting an unauthorized person or giving resources and permission to a person more than his privileges might also lead to an attack. Additionally, Using the organization in Username & password attributes make it easier for hackers to gain access.
Application-Level Attacks
Before releasing an application, the developer must make sure, test & verify from its end, manufactures or from developer’s end. In an Application level attack, a hacker can use:
- Buffer overflow
- Active content
- Cross-site script
- Denial of service
- SQL injection
- Session hijacking
- Phishing
Shrink Wrap Code Attacks
Shrink Wrap code attack is the type of attack in which hacker uses the shrink wrap code method for gaining access to a system. In this type of attack, hacker exploits holes in unpatched Operating systems, poorly configured software and application. To understand shrink wrap vulnerabilities, consider an operating system has a bug in its original software version. The vendor may have released the update, but it is the most critical time between the release of a patch by vendor till client’s systems updates. During this critical time, unpatched systems are vulnerable to the Shrinkwrap attack. Shrinkwrap attack also includes vulnerable to the system installed with software that is bundled with insecure test pages and debugging scripts. The developer must have to remove these scripts before release.
5. Information Warfare
Information warfare is a concept of warfare, to get involved in the warfare of information to gain the most of information. The term, “Information Warfare” or “Info War” describes the use of information and communication technology (ICT). The major reason or focus of this information war is to get a competitive advantage over the opponent or enemy. The following is the classification of Information warfare into two classes: -
1. Defensive Information Warfare
Defensive Information warfare term is used to refer to all defensive actions that are taken to defend from attacks to steal information and information-based processes. Defensive Information ware fare areas are: -
- Prevention
- Deterrence
- Indication & Warning
- Detection
- Emergency Preparedness
- Response
2. Offensive Information Warfare
The offensive term is associated with the military. Offensive warfare is an aggressive operation that is taken against the enemies dynamically instead of waiting for the attackers to launch an attack. Accessing their territory to gain instead of losing territory is the fundamental concept of offensive warfare. The major advantage of offensive warfare is to identify the opponent, strategies of the opponent, and other information. Offensive Information warfare prevents or modifies the information from being in use by considering integrity, availability, and confidentiality.
