Assaults on Organizations You Should Know about for a Job in Information Security

By Peter H. Gregory

The unrelenting assaults on governments and businesses by cybercriminal organizations is the central theme of information security at every level, from executives to analysts. Indeed, cybersecurity is an important topic at the highest levels of government and private industry. Senior officials and executives are expressing concern over high‐profile break‐ins and their own organizations’ defenses. Check out the type of assaults the world is facing today.

Break-ins

Malware is not the only tool in an attacker’s toolbox. Just as lock picking is one way to break into a building, other techniques are frequently used to break into computer systems. Some of these techniques follow:

  • Password guessing: Intruders will attempt to guess a user’s login credentials so that they can access a system. From there, the intruder may steal data, perform fraudulent transactions, or gather information that will lead to a break‐in on another system. Tools are available that rapidly guess likely passwords, but sometimes attackers guess passwords manually.

  • Eavesdropping: Intruders will use a number of techniques to eavesdrop on a network connection or even a telephone conversation to pick up valuable information that they can use to break into a target system.

  • Social engineering: Intruders will trick other people to perform certain acts or reveal certain information, all of which helps the intruder break into a target system. Intruders can trick users into giving them various bits and pieces of information that, when put together, will give an intruder enough information to slip into an organization’s network.

  • Theft: In a time‐proven technique, an attacker steals a computer (or smartphone or tablet computer) and hopes to find information on the device to break into that device or break into another system.

In the early days of computer crime, malware didn’t yet exist, so attackers relied on the preceding techniques, which they performed manually. These techniques are still used regularly even with some punchy malware.

Social engineering is one of the biggest problems in computer security today. When organizations do a good job of protecting their computers and networks, intruders turn to “hacking the people” instead, with great success.

Bots and botnets

A product of networking and the global Internet, bots and botnets represent a remarkable feat of distributed computing. They would be something to admire if it weren’t for the fact that they exist primarily to carry out malicious deeds. Still, bots and botnets require our respect, for they can be powerful and inflict much mischief and damage when so directed.

In the early 2000s, malware creators expanded their vision and created a concept wherein a single operator could create a piece of malware that would give him or her automated remote control of many computers at once. Any one of these compromised computers is called a bot (short for robot), and a collection of these bots under central control is known as a botnet or bot army. The person who operates the bot army is a bot herder.

By themselves, bots are capable of a variety of tasks, including the following:

  • Hosting phishing sites: A phishing scam typically involves an imposter website. Rather than going to a cloud service provider such as AWS or Azure, an adversary will use compromised systems, modifying them so that they are web servers that steal login credentials or implant malware on new victim computers (sometimes for the purpose of growing a bot army).

  • Relaying intrusions: While carrying out illicit activities online, adversaries are usually careful to cover their tracks, typically by relaying their traffic through a number of compromised systems.

In addition to the preceding capabilities, a bot army can be used for additional tasks, such as

  • Relaying spam: A spammer always needs to find new compromised machines through which he or she can relay spam messages. This is because of spam services that quickly detect spam relays and block them. A bot army is an effective tool for relaying spam as the spammer can use bots in quick succession, evading spam‐blocking tactics.

  • Participating in a distributed denial of service attack (DDoS): In this attack, hundreds or thousands of computers are directed to flood a target system (or network) with a high volume of network traffic. The objective of a distributed denial of service attack is the prolonged incapacitation of a target system so that it is unusable by its legitimate users.

Two famous botnets are

  • Storm: This botnet started out as the Storm worm, infecting each vulnerable target system with the storm bot software, forming the storm botnet. Little known fact: Though called a worm, Storm was a Trojan because it spread through email and relied on users to open attachments containing malware.

  • Conficker: This worm and its variants infected many versions of the Windows operating system, as old as Windows 2000 and as new as Windows 7.

Advanced persistent threats

An advanced persistent threat (APT) is a broad technique of cyberespionage, system compromise, and data exfiltration inflicted on a specific target and with a specific objective. The term APT is also frequently used as a label for a person or a group of people using such tools.

Depending on the sophistication of the APT team, the techniques for a specific campaign may be custom developed to target the technologies used by the organization. A result of this customization is a zero‐day attack.