1

Threats
Category of Threats
2
 13
Large quantities of computer code are written, debugged, published, and sold before all their bugs are detected
and resolved.

Sometimes, combinations of certain software and hardware reveal new bugs. These failures range from bugs to
untested failure conditions.

Sometimes these bugs are not errors, but rather purposeful shortcuts left by programmers for benign or malign
reasons.

Collectively, shortcut access routes into programs that bypass security checks are called trap doors and can cause
serious security breaches.

Software bugs are often documented in the Bugtraq website which provides up-to-the-minute information on the latest
security vulnerabilities, as well as a very thorough archive of past bugs.

3
 14
Antiquated or outdated infrastructure can lead to unreliable and untrustworthy systems.

Management must recognize that when technology becomes outdated, there is a risk of loss of data integrity
from attacks.

Management’s strategic planning should always include an analysis of the technology currently in use.

Proper planning by management should prevents technology obsolescence, but when obsolescence is
manifested, management must take immediate action. IT professionals play a large role in the identification of
probable obsolescence.

Recently, the software vendor Symantec retired support for a legacy version of its popular antivirus
software, and organizations interested in continued product support were obliged to upgrade immediately to
a different antivirus control software. In organizations where IT personnel had kept management informed
of the coming retirement, these replacements were made more promptly and at lower cost than at
organizations where the software was allowed to become obsolete.

4
 Attacks
Types of Attacks
5
 Attacks
An attack is an act that takes advantage of a vulnerability to compromise a controlled system. It is
accomplished by a threat agent that damages or steals an organization’s information or physical asset.

A vulnerability is an identified weakness in a controlled system, where controls are not present or are no longer
effective.

Unlike threats, which are always present, attacks only exist when a specific act may cause a loss. Attack vector
refers to the method or pathway used by a hacker to access or penetrate the target system.
For example, the threat of damage from a thunderstorm is present throughout the summer in many
places, but an attack and its associated risk of loss only exist for the duration of an actual thunderstorm.

The following sections discuss each of the major types of attacks used against controlled systems.

6
 1.
The malicious code attack includes the execution of viruses, worms, Trojan horses, and
active Web scripts with the intent to destroy or steal information.

The most sophisticated malicious code attack is the polymorphic, or multi-vector, worm. These attack programs
use up to six known attack vectors to exploit the vulnerabilities in an information system.

Perhaps the best illustration of such an attack was the outbreak of Nimda in September 2001, which used
five of the six vectors to spread itself with startling speed. It was reported that Nimda spread to span the
Internet address space of 14 countries in less than 25 minutes.

Multi-vector attack - cybercriminals combine a range of threats deployed at numerous stages,

across multiple points of entry (attack vectors) to infect computers and networks. This blended approach
greatly increases the likelihood of their success and the speed of contagion and severity of damage.

Table below lists and describes the six categories of known attack vectors.

7
SNMP v2 adds several improvements over SNMP version 1. They are improvements in
8
performance along with advancements in security and confidentiality.
 Other forms of malware include covert software applications—bots, spyware, and adware, that are designed to
work out of sight of users or via an apparently innocuous user action.

A bot is an automated software program that executes certain commands when it receives a specific input. Bots are
often the technology used to implement Trojan horses, logic bombs, back doors, and spyware.

Spyware is any technology that aids in gathering information about a person or organization without their
knowledge. Spyware is placed on a computer to secretly gather information about the user and report it.

The various types of spyware include (1) a Web bug, a tiny graphic on a Web site that is referenced within the
HTML content of a Web page (2) a tracking cookie, which is placed on the user’s computer to track the user’s
activity on different Web sites and create a detailed profile of the user’s behaviour.

9
Adware is any software program intended for marketing purposes such as that used to deliver and display advertising
banners or popups to the user’s screen or tracking the user’s online usage or purchasing activity.

Each of these hidden code components can be used to collect information from or about the user which could then be
used in a social engineering or identity theft attack.

Social engineering is the term used for a broad range of malicious activities accomplished through
human interactions. It uses psychological manipulation to trick users into making security mistakes or
giving away sensitive information.

A perpetrator first investigates the intended victim to gather necessary background information, such as
potential points of entry and weak security protocols, needed to proceed with the attack. Then,
the attacker moves to gain the victim’s trust and provide stimuli for subsequent actions that break
security practices, such as revealing sensitive information or granting access to critical resources.

10