This survey paper will provide us with a brief overview of cyber attacks, their types, their causes, and what steps should be taken to control or counter them in regards to information security management. Considering the widespread adoption of cyber technology by most organizations and businesses, cyber security has become a top priority. Various operations, such as financial, industrial, and commercial, are interconnected and dependent on each other, and have become increasingly reliant on information technology. Meanwhile, the rapidly growing interconnection of IT systems, and the convergence of their technology towards industry-standard hardware and software components and sub-systems, makes these IT systems increasingly vulnerable to malicious attacks. (Randel, etal,1998)
As technology advances and the capabilities of information warfare have evolved in recent years, the probability of cyber attacks has increased as well. Cyberattacks, also known as computer-network attacks, destroy adversary data, computer systems, and networks, and have a major effect on an adversary's ability to wage war (Bayles, 2001).
In some ways, the cyber arena is worse than simply ignoring a potential threat until it manifests itself. In the cyber arena, threats have manifested themselves. Although we are constantly reminded of our vulnerabilities, we still don't do enough. Some individual or group is writing or disseminating a disruptive computer virus or worm every hour of the day, or breaking into a computer network or harming a network in some other manner (Vatis, 2004). It is easy to add computers to our systems and to use them more, but at the same time it is harder and more expensive to develop technologies to make them secure, mainly because of the internet, which allows us to share information rather than hide it. The most popular targets for cyber attackers are high value targets such as networks, servers, or routers, whose disruption could yield financial gains
or political consequences (Vatis 2001).
(Arnold and Pangi, 2003) state that the aim of a cyber attack is to steal, destroy, remove or change information or to block the functionality of the target system. There are three main types of attacks:
In unauthorized attacks, the attacker uses different hacking or cracking techniques to gain access to the system. Outsiders will perform this type of activity if they want to access the system for some negative purpose.
The second type of threat is an insider attempting to gain unauthorized access to the network or system in order to cause harm to the network. Hackers can shut down system after regular intervals, but this kind of hacking activity is easily spotted by administrators and can be easily fixed. In some cases, there are defacements which alter the information on the computer system. This type of activity is easily traceable because hackers sometimes place notes that say "you have been hacked" etc. It is possible that defacements are more disruptive since they alter figures or information subtly. Defacing a website is another common form of defacing. Hackers regularly deface information on government or nonprofit websites in order to ridicule the entity that sponsors them or to convey their own message. They are mostly just nuisances rather than serious threats. One form of defacement, semantic hacking, is potentially more harmful, since it modifies the content of a web page deviously, so that the change cannot be noticed, which results in false information being spread. Changes to the website of a disease control and prevention program could have disastrous effects on research and analysis or treatment of the disease as an example of a semantic attack with significant impact. Trojan horse programs are another possible threat. Silent operations are designed to pass undetected by virus scanners. They collect information from the system and send it to the hacker. (*, 2007)
Most of these types of attacks are spread via emails or other methods of data transfer between computers and can result in the loss of functionality of parts of the network.
An example of a virus is love mail that shuts down the system when opened and I love you email that sends multiple copies of the same email to all address in the users address book as soon as the attachment is opened.
A denial-of-service attack is when hackers bombard the system with so many messages at such a high frequency that the system is not able to process any other information. Consequently, it overloads the computer system, which affects its functionality.
Another way to take computers off the network for some time is by using distributed denial of service (DDoS) attacks. Distributed Denial of Service attacks bombard the web and email servers with a large number of fake messages, resulting in system slowdowns or even system crashes. By using malicious codes to take control of other systems and using these so-called zombie machines to send more messages on to the servers, hackers can easily increase the effect of distributed denial of service attacks (DDoS)(Arnold and Pangi, 2003).
According to (Arnold and Pangi, 2003) communication on the internet is done by using internet protocol addresses. A computer consults domain name servers when mapping the name of a website, and if DNS provides a wrong numerical address, then the user will connect to the wrong server without knowing. The purpose of these attacks will be to spread inaccurate information and divert a customer of an e-commerce site from the original site or sometimes even to block the access. Therefore, DNS is hierarchical, so the cascading effect on remote servers will result in traffic being redirected or lost. (Cortes, 2004)
Compound attacks combine two or three different attacks simultaneously, as the word itself suggests. It is the intent of these attacks to increase the destructiveness of physical attacks with the help of coordinated cyber attacks, for example a terrorist might place some booms in densely populated areas while a cyber attack disables the communication system of emergency services like ambulance, fire and police to prevent timely response. (Pangi and Arnold, 2003)
They make sure that the information in the form of packets gets from the source to the destination by controlling all traffic on the Internet. Routing operations are generally not a primary threat for disruption, but if they are not well diversified, then they can become the target of massive routing attacks. Now it is a primary concern for router manufacturers to follow standards and regulations in order to maintain security on routers. (Cortes, 2004)
Cyber attacks can be launched from a variety of sources, based on their motives and the target they want to attack; we can generally divide them into three categories: terrorist groups, targeted nation-states, and thrill-seekers.
The threat posed by terrorist activities is huge for the entire world. Now terrorists are targeting the IT infrastructure of countries in addition to their physical infrastructure. For instance, hacking government websites and causing serious damage to sensitive information (Cortes, 2004).
In order to protect their own national interests, most countries that do not have friendly relations with one of their potential enemies resort to cyber attacks in order to sabotage their IT infrastructure. So, both India and Pakistan are trying to harm each other by attacking government and defense resources. In a similar vein, the U.S., China, and Russia have all tried attacking each other's national infrastructure, primarily security networks (Cortes, 2004).
Attackers of this type don't target the network for a specific purpose, but rather for fun and to test their ability to break secured networks. The probability of these attacks is high due to the advancement of technology (Cortes, 2004).
In the age of technological advancements and the increasing use of IT in almost every aspect of our lives, it is mandatory to counter all these cyber attacks and to secure the IT infrastructure as much as possible. In spite of this, countering these cyber attacks is not an easy task, as it involves several layers of defense. A mature program requires time. The likelihood of risk is increasing day by day, and organizations should change their approach to information security and make it a primary concern.
Threat monitoring
Risk analysis
Security strategy validation
Security awareness enhancements
Continuous controls update
Website protection
Threat monitoring
Application security testing
Application whitelisting
Least access privileges
Network restrictions/segmenting
Identity and access management
Protect the data/data loss prevention
Host and network anomaly detection
Incident response program
Forensics
Source: insight of IT risk 2010
Organizations should develop intelligence gathering capabilities to oversee and plan strategic and tactical responses to threats in order to keep up with the continuously changing threat landscape. The team should consist of professionals who can stay on top of current threats and determine how they can affect the organization and what steps should be taken to modify the organization's security controls and overall security strategy. The primary goal for this period is to monitor the threat level, analyze how it can affect their organization, then develop a strategy (Ernst & Young's, 2010).
By implementing traditional security measures in the organization, the threat of malware can be greatly reduced. Below are some ways in which we can reduce the threat level.
The method is one of the most common ways to reduce the threat or malware environment. It is possible to introduce this threat in a number of methods like phishing or leaving a USB drive in the organization and hoping that someone will use it on the company computer, resulting in employees inadvertently performing a harmful action. No matter how advanced the technical controls are, humans will remain the weakest link in spreading malware. This problem can be solved by educating employees as much as possible about these threats so that they will not become unintentionally a source for spreading these malware. There is a lack of awareness among employees among companies, according to research. Information security programmes should be conducted periodically by the organization. In order to increase their effectiveness (Ernst & Young's, 2010).