Leading Threats

Leading Cyber Threats

There are many threats, some more serious than others. Some examples of how your computer and systems could be affected by a cyber-security incident – whether because of improper cyber security controls, manmade or natural disasters, or malicious users wreaking havoc-include the following:

 

Interruption Threats:

 

Denial-of-service: refers to an attack that successfully prevents or impairs the authorized functionality of networks, systems or applications by exhausting resources. What impact could a denial-of-service have if it shut down a government agency’s website, thereby preventing citizens from accessing information or completing transactions? What financial impact might a denial-of-service have on a business? What would the impact be on critical services such as emergency medical systems, police communications or air traffic control? Can some of these be unavailable for a week, a day, or even an hour?

 

Malicious Code Attacks:

 

Malware, worms, and Trojan horses: These spread by email, instant messaging, malicious websites, and infected non-malicious websites. Some websites will automatically download the malware without the user’s knowledge or intervention. This is known as a “drive-by download.” Other methods will require the users to click on a link or button.

 

Botnets and zombies: A botnet, short for robot network, is an aggregation of compromised computers that are connected to a central “controller.” The compromised computers are often referred to as “bots” or “zombies”. These threats will continue to proliferate as the attack techniques evolve and become available to a broader audience, with less technical knowledge required to launch successful attacks. Botnets designed to steal data are improving their encryption capabilities and thus becoming more difficult to detect.

 

“Scareware” – fake security software warnings: This type of scam can be particularly profitable for cyber criminals, as many users believe the pop-up warnings telling them their system is infected and are lured into downloading and paying for the special software to “protect” their system.

 

Social Network Attacks: Social networks can be major sources of attacks because of the volume of users and the amount of personal information that is posted. Users’ inherent trust in their online friends is what makes these networks a prime target. For example, users may be prompted to follow a link on someone’s page, which could bring users to a malicious website.

 

Top 5 Social Networking Attacks

 

  1. Fake offering
    • These offers invite users to use a free gift card or discount coupon; to receive these offers the user must share personal information with the scammer.
  2. Fake Plug-in Scams
    • These trick the user into downloading a fake extension or web browser. The infected extension or browser will begin to steal password data and other sensitive information.
  3. Like-jacking
    • The fake “Like” button on websites to get users to click on the button; once the user clicks on the “Like” button an installation begins of malware and other malicious code.
  4. Fake-Apps
    • Typically, the app is legitimate, but it’s bundled with malware then released again by the attacked and once the user installs or uses the app the malware is released on their machine to wreak havoc.
  5. Manual Sharing
    • User is sharing the infected offering that will intrigue other users without knowing what was shared was malicious.

For more information visit: http://msisac.cisecurity.org/