1

Threats
Category of Threats
2
 Large quantities of computer code are written, debugged, published, and sold before all
their bugs are detected and resolved.

Sometimes, combinations of certain software and hardware reveal new bugs. These failures range
from bugs to untested failure conditions.

Sometimes these bugs are not errors, but rather purposeful shortcuts left by programmers for
benign or malign reasons.

Collectively, shortcut access routes into programs that bypass security checks are called trap
doors and can cause serious security breaches.

Software bugs are often documented in the Bugtraq website which provides up-to-the-minute
information on the latest security vulnerabilities, as well as a very thorough archive of past bugs.

3
 Antiquated or outdated infrastructure can lead to unreliable and untrustworthy systems.

Management must recognize that when technology becomes outdated, there is a risk of
loss of data integrity from attacks.

Management’s strategic planning should always include an analysis of the technology

currently in use.

Proper planning by management should prevents technology obsolescence, but when

obsolescence is manifested, management must take immediate action. IT professionals play a
large role in the identification of probable obsolescence.

Recently, the software vendor Symantec retired support for a legacy version of its popular antivirus software,
and organizations interested in continued product support were obliged to upgrade immediately to a different
antivirus control software. In organizations where IT personnel had kept management informed of the
coming retirement, these replacements were made more promptly and at lower cost than at organizations
where the software was allowed to become obsolete.

4
 Attacks
Types of Attacks
5
 Attacks
An attack is an act that takes advantage of a vulnerability to compromise a controlled
system. It is accomplished by a threat agent that damages or steals an organization’s information
or physical asset.

A vulnerability is an identified weakness in a controlled system, where controls are not present or
are no longer effective.

Unlike threats, which are always present, attacks only exist when a specific act may
cause a loss. Attack vector refers to the method or pathway used by a hacker to access or
penetrate the target system.
For example, the threat of damage from a thunderstorm is present throughout the summer in
many places, but an attack and its associated risk of loss only exist for the duration of an actual
thunderstorm.

The following sections discuss each of the major types of attacks used against controlled systems.

6
 The malicious code attack includes the execution of viruses, worms, Trojan horses, and
active Web scripts with the intent to destroy or steal information.

The most sophisticated malicious code attack is the polymorphic, or multi-vector, worm.
These attack programs use up to six known attack vectors to exploit the vulnerabilities in an
information system.

Perhaps the best illustration of such an attack was the outbreak of Nimda in September 2001, which used
five of the six vectors to spread itself with startling speed. It was reported that Nimda spread to span the
Internet address space of 14 countries in less than 25 minutes.

Multi-vector attack - cybercriminals combine a range of threats deployed at numerous stages,

across multiple points of entry (attack vectors) to infect computers and networks. This blended approach
greatly increases the likelihood of their success and the speed of contagion and severity of damage.

Table below lists and describes the six categories of known attack vectors.

7
SNMP v2 adds several improvements over SNMP version 1. They are improvements in
8
performance along with advancements in security and confidentiality.
 Other forms of malware include covert software applications—bots, spyware, and
adware, that are designed to work out of sight of users or via an apparently innocuous user
action.

A bot is an automated software program that executes certain commands when it receives a
specific input. Bots are often the technology used to implement Trojan horses, logic bombs, back
doors, and spyware.

Spyware is any technology that aids in gathering information about a person or organization
without their knowledge. Spyware is placed on a computer to secretly gather information about
the user and report it.

The various types of spyware include (1) a Web bug, a tiny graphic on a Web site that is
referenced within the HTML content of a Web page (2) a tracking cookie, which is placed on the
user’s computer to track the user’s activity on different Web sites and create a detailed profile of
the user’s behaviour.

9
Adware is any software program intended for marketing purposes such as that used to deliver and
display advertising banners or popups to the user’s screen or tracking the user’s online usage or
purchasing activity.

Each of these hidden code components can be used to collect information from or about the user
which could then be used in a social engineering or identity theft attack.

Social engineering is the term used for a broad range of malicious activities accomplished through human
interactions. It uses psychological manipulation to trick users into making security mistakes or giving away
sensitive information.

A perpetrator first investigates the intended victim to gather necessary background information, such as
potential points of entry and weak security protocols, needed to proceed with the attack. Then,
the attacker moves to gain the victim’s trust and provide stimuli for subsequent actions that break security
practices, such as revealing sensitive information or granting access to critical resources.

10