Читать книгу Cybersecurity and Third-Party Risk - Gregory C. Rasner - Страница 31

A cyberattack is defined as a malicious and deliberate attempt by someone to breach the systems of another. Various types of cyberattacks exist, including the following:

 Phishing: Nearly 100 percent of email users have received phishing emails. Posing as legitimate emails, these fake emails are used to encourage the email recipient to click a link, download a file, or even call a number so that the attacker can steal credentials or data, plant malware, or contact them for another malicious intent. One of the most concerning successful phishing examples is also a third‐party one as well: In January of 2019, there was a report of how Russian state threat actors had gained access to the U.S. power grid. They didn't accomplish this by attacking the hardened sites at the power infrastructure operators, but at their suppliers. A phishing campaign targeted the vendors for the power grid operators, taking advantage of the trust relationship they had with the intended target.Phishing types can include the following:Spear phishing: This type is targeted at a specific individual, and isn't a typical mass email campaign to thousands of targets. Often, these specific targets are researched on LinkedIn and other company websites before being phished. There are only so many ways an email address is created (e.g., grasner@ or greg.rasner@ or Gregory.rasner@ and so on). If an attacker can focus on one (or a few targets) who likely has privileged access (i.e., IT Admin, HR Sys Admin, etc.), then they only have to try a few dozen options before they likely get it right.Whale phishing: Where do you go to get the best data? To the top! Whale phishing is when attackers target the big fish, such as C‐level or very senior IT/security staff. This phishing type takes a little more finesse than the first two types as many firms are also likely to focus their countermeasures at this team of privileged access users. However, the extra effort can have a larger reward as the attacker gets a level of elevated access that takes a lot longer to attain (and more likely to discover) in a typical security breach.Vishing: Rather than email, this type is performed over the telephone and involves social engineering to convince the target it is a legitimate call. The goal is to attain enough information from the call for the attackers to get their target's credentials directly from the call or gain enough information to make guessing it a lot easier.

 Botnets: This cyberattack type is when a network of private computers are infected with malicious software and controlled as a group without the owner's knowledge (e.g., to send spam messages). Kraken, a botnet first discovered in 2008 and on pace to be one of the most successful, has infected over 10 percent of Fortune 500 systems and sends over 500,000 spam emails a day!

 Man‐in‐the‐middle (MitM) attack: Otherwise known as eavesdropping attacks, MitM attacks occur when an attacker is able to insert themselves into a two‐way conversation. When successful, the attacker is then able to filter and steal data from the connection. The most common attack type is via an unsecure, or weakly secured, Wi‐Fi access point; or by installing malware to redirect traffic to a bad actor.

 Denial‐of‐service (DoS) or distributed denial‐of‐service (DDoS): A DoS attack overwhelms or floods a system or network to the point that it makes it unavailable. A DDoS is a case where multiple attackers are performing a DoS. One of the biggest examples of DDoS attack occurred in February 2020 when Amazon Web Services mitigated the biggest such attack recorded to date.

 Brute‐force: When an attacker systematically submits numerous passwords or passphrases until the correct one is found. In 2016, Alibaba was the victim of a successful brute‐force attack that resulted in the loss of 21 million account data records.

 Malware: A term used to describe malicious software and includes worms, ransomware, viruses, spyware/adware, and trojans:Worm: A standalone program that replicates itself to spread to other computers. The most famous worm is the Morris Worm (see Chapter 1).Ransomware: A type of malware that uses encryption to remove a data owner's access so that the attacker can hold the data hostage until the data's owner pays the ransom. There has been a large growth of ransomware, and most cyber intelligence sources anticipate this growth to continue as a threat in 2021 and beyond. WannaCry was the biggest ransomware event so far, with over 250,000 systems affected, in 150 countries, with an average of $300,000 paid per system, and over 176 types of encryption used.Virus: A type of malicious code (or program) written to alter the way a computer operates, and designed to spread from one computer to another. The Mydoom virus is the biggest known virus to date, with an estimated $38 billion damages in 2014.Spyware/adware: These include the annoying pop‐up advertisements on search engines, which redirect your search. Some arrive as browser add‐ons purporting to help save money or time. Other instances include being placed as malware on a system or as spyware performing key logging (i.e., the action of recording the keys struck on a keyboard). CoolWebSearch is a browser add‐on that took advantage of security vulnerabilities in Internet Explorer to hijack it, change settings, and send the browsing history to the software publishers.Trojan: The most common type of cyberattack, it typically arrives in the form of a legitimate‐looking email asking the reader to perform an update or click a link for something. The malware is then unknowingly downloaded into the target's computer; hence, the name Trojan. Storm Worm, in 2007, is a well‐known type of trojan horse attack. It tricked victims into clicking an email link to an article that downloaded trojan malware. It affected over 1.5 million systems, and is estimated to have cost $10 billion in damages.