Categories of Basic Cyber Threats to a System
Therefore, the different categories of basic cyber threats to a system include Phishing and spear phishing attacks. This attack is the practice of sending fake emails which seem to appear from sources which are trusted with the aim of influencing the user to do something or gaining personal information. Phishing combines technical trickery and social engineering (Intel, 2014). Also, it can involve an email attachment that loads malware onto one’s computer, or an illegitimate website linked to it so that people can be tricked into downloading the malware or giving out their personal information. In this case, attackers take time to conduct target research and create personal and relevant messages making phishing very difficult to identify and to defend against (Pomerleau, 2015).
Also, there is the Distributed denial-of-service (DDoS) and Denial-of-service (DoS) attack. A DoS attack overwhelms the resources of a system so that it fails to respond to requested services. A DDoS also affects the system’s resources. However, it is launched from many other host machines infected by malicious software that is controlled by the attacker. Unlike other attacks which are designed to enable an attacker to increase access, direct benefits are not provided by the denial-of-service attack as service satisfaction denial is enough. Additionally, the aim of a denial-of-service attack is always taking a system offline so that other attacks can be launched. The different types of DDoS and DoS are teardrop attack, smurf attack, TCP SYN flood attack, botnets and ping-of-death attack (Pomerleau, 2015).
Thirdly, there is the SQL Injection attack, pronounced as “sequel.” SQL is an abbreviation for a structured query language, that is, a programming language that databases use in communication. A SQL injection attack targets server that stores critical data for services and websites in managing their databases. It uses malicious codes making the server divulge information that it should not (Bakjhi, 2013). This attack is often problematic in servers that store private information of customers in websites such as passwords and usernames, credit card numbers or other personally identifiable information that are lucrative and tempting targets for an attacker. For example, if a SQL server and an injection attack are vulnerable, the attacker might go to the website search box, type in a code that forces the site of the SQL server to dump all usernames and passwords that are stored for the site (Pomerleau, 2015).
Another attack is the Malware attack. Malware can be termed as different forms of harmful software like ransomware and viruses. Once the malware is in a system, all sorts of havoc can be wreaked by controlling the machine to it monitoring your keystrokes and actions thus sending silently confidential data to the attacker’s home base. Malware can be got by downloading or clicking links to access a file or attachment which might look harmless (Intel, 2014). Nonetheless, Cross-site Scripting (XSS) attack is used by attackers who target the user of a website directly. It is, however, similar to SQL injection attack as it involves injecting codes that are malicious into a website but the website remains unattacked. Instead, the injected malicious code only takes control over the user’s browser on visiting the website thus going after the visitor. Other categories of cyber threats include credential reuse, man-in-the-middle attacks, session hijacking, attack networks, social engineering to name but a few (Pomerleau, 2015).
The Actors, Targets, Methods and Impacts involved in Cyber-attacks
The actors involved in cyber-attacks include hacktivists who are not motivated by money. Rather, they have a rage which is burning in them that whatever reason directed to you must be fulfilled. Also, hacktivists often work alone making their attack predictions to be difficult to respond and therefore, should never be underestimated. Also, there are the state-sponsored attackers and system of espionage who are interested in one’s data. This means gaining illegal access to your system infrastructure in areas where data is jealously guarded. Nonetheless, the targets involved in cyber attacks include points of sale servers and terminals (Intel, 2014). As many organizations focus on securing their data, their servers are always the most targeted. Attackers target these points as they want insurance and financial information which can be used in stealing money and commit identity theft. Also, workstations and desktops are targeted by tricking employees in installing malware on the network via a desktop. Storage systems are also targeted as they contain valuable and financial information to cybercriminals (Bakjhi, 2013).
The methods involved in cyber-attacks include reconnaissance where hackers identify a target that is vulnerable and explores the best ways to exploit it. The attackers only need a single-entry point to start. Also, there is scanning the network of an organization with tools that are easily found on the website for finding entry points. The methods often grow slowly giving the hackers time to search for vulnerabilities. Additionally, there is the access and escalation that comes up after weaknesses of a system have been identified. Most attackers find ways of gaining access and escalating through the entire system. Other methods involved include exfiltration, sustainment, assault and obfuscation (Pomerleau, 2015).
The impacts involved in cyber attacks include the economic cost of a cyber-attack leading to a substantial financial loss. These losses arise from the theft of corporate and financial information, money, and disruption to trading et cetera. There is also the reputational damage which can erode the trust of customers that can lead to loss of the customers, reduction of profits and loss of sales. Also, the legal consequences of cyber breach are an impact. If personal data is exposed deliberately or accidentally, and one has failed to deploy security measures that are appropriate, fines might be imposed and also regulatory sanctions (Intel, 2014).