Cyberattack:
Since the late 1980s, cyber attacks have evolved several times to use innovations in information technology as a vector for committing cyber crimes. In recent years, the scale and intensity of cyber attacks have grown rapidly, as the World Economic Forum observed in its 2018 report: "Offensive cyber capabilities are developing faster than the ability to respond to adverse events".
In May 2000, the Internet Engineering Task Force defined the attack in RFC 2828:
An attack on system security arises from an intelligent threat, that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate a system's security policies.
CNSS Directive No. 4009 dated April 26, 2010, by a committee of the United States National Security Systems Committee, defines an attack as:
Any type of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.
Modern society's increasing reliance on information and computer networks (both military and private, including the military)
CNSS Directive No. 4009 defines a cyber attack as:
An attack, via cyberspace, targeting an enterprise's use of cyberspace to disrupt, disable, destroy, or maliciously control a computing environment/infrastructure; or destroying data integrity or steal controlled information.
As cars begin to adopt more technology, cyber attacks are becoming a security threat to automobiles.
.jpg)
Type of attack:
An attack can be active or passive.
An "active attack" attempts to modify system resources or affect their operation.
A "passive attack" attempts to learn or use information from the system but does not affect system resources (eg, wiretapping).
An attack may occur from an insider or from outside the organization;
An "insider attack" is an attack initiated by an entity inside the security perimeter (an "insider"), i.e., an entity that is authorized to access system resources but uses them in a manner not authorized by those authorized.
An "outside attack" is initiated from outside the perimeter by an unauthorized or illegitimate user of the system (an "outsider"). On the Internet, potential external attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.
An asset (both physical and logical), called an asset, may have one or more vulnerabilities that can be exploited by a threat agent in a threat operation. As a result, the confidentiality, integrity, or availability of resources may be compromised. Potentially, the extent of the damage may extend to resources beyond those initially identified as at risk, including more resources of the organization and resources of other involved parties (customers, suppliers).
The so-called CIA triad is the cornerstone of information security.
The attack can be activated when it tries to change system resources or affect their operation: therefore it compromises integrity or availability. A "passive attack" attempts to learn or use information from the system but does not affect system resources: it therefore compromises privacy.
A threat is a possibility of a security breach, which exists when there is a situation, capability, action, or event that could breach security and cause harm. That is, a threat is a potential danger that can exploit a vulnerability. A threat can be "intentional" (eg, intelligent; eg, an individual cracker or a criminal organization) or "accidental" (eg, the possibility of a computer malfunctioning, or the possibility of an "act of God" such as an earthquake, fire or tornado).
A set of principles related to information security management, an information security management system (ISMS), according to risk management principles, is developed to manage remedial measures to follow applicable rules and regulations to complete a security strategy. the country
An attack will lead to a security incident i.e. a security event involving a security breach. In other words, a security-relevant system event where system security policies are violated or otherwise violated.
The overall picture represents the risk factors of the risk scenario.
An organization should take steps to identify, classify, and manage security incidents. The first logical step is to set up an incident response plan and eventually a computer emergency response team.
To detect attacks, several countermeasures can be deployed at organizational, procedural, and technical levels. Computer emergency response teams, information technology security audits, and intrusion detection systems are examples of these.
An attack is usually carried out by someone with bad intentions: black-hatted attacks fall into this category, while others perform intrusion tests on an organization's information systems to find out if all the predicted controls are in place.
Attacks can be classified according to their origin: I.E. If it is conducted using one or more computers: The last case is called a distributed attack. Botnets are used to conduct distributed attacks.
Other classifications are according to the method used or the type of vulnerability exploited: attacks can be focused on network processes or host properties.
Some attacks are physical: such as stealing or damaging computers and other equipment. Others are attempts to force changes in the logic used by computers or network protocols to achieve unexpected results (by the original designer) but useful to the attacker. Software used for logical attacks on computers is called malware.
Cyber attacks by and against countries
In Q2 2013, Akamai Technologies reported that Indonesia topped China with a 38 percent share of cyber attacks, up from a 21 percent share in the previous quarter. China was 33 percent and the US 6.9 percent. 79 percent of the attacks came from the Asia Pacific region. Indonesia dominates attacks in ports 80 and 443 by nearly 90 percent.
Infrastructure as a target
Once a cyber attack begins, certain targets need to be attacked to cripple the adversary. Specific infrastructure as targets has been highlighted as critical infrastructure in times of conflict that can severely cripple a nation. Control systems, energy resources, finance, telecommunications, transportation, and water facilities are seen as critical infrastructure targets during conflict. A new report on industrial cyber security issues produced by the British Columbia Institute of Technology and PA Consulting Group, using data dating back to 1981, found a 10-fold increase in the number of successful cyber attacks on infrastructure surveillance. Control and Data Acquisition (SCADA) systems since 2000. Cyber attacks that have an adverse physical effect are known as cyber-physical attacks.
Control system
Control systems are responsible for activating and monitoring industrial or mechanical controls. Many devices integrate with computer platforms to control valves and gates in specific physical infrastructure. Control systems are typically designed as remote telemetry devices that link to other physical devices via Internet access or modems. Little security can be provided when working with these devices, enabling many hackers or cyber terrorists to find systemic vulnerabilities. Paul Blomgren, manager of sales engineering at a cybersecurity firm, explains how his people walk into a remote substation, see a wireless network antenna, and immediately plug in their wireless LAN cards. They took their laptops and connected to the system because it was not using passwords. "Within 10 minutes, they had mapped every piece of equipment in the facility," Blomgren said. "Within 15 minutes, they've mapped every piece of equipment to the operational control network. Within 20 minutes, they're talking to the business network and pulling up several business reports. They haven't even left the vehicle."
.jpg)
Strength
Energy is seen as a secondary infrastructure that can be attacked. It is divided into two categories, electricity and natural gas. Electricity also known as the electric grid powers cities, regions, and households; It powers machines and other mechanisms used in daily life. Using the United States as an example, cyberterrorists in a conflict can access data through daily system status reports that show power flows throughout the system and identify the busiest parts of the grid. By shutting down these grids, they can cause mass hysteria, backlogs, and confusion; Being able to identify critical areas of operations for further attacks in a more direct manner. Cyber terrorists can access instructions on how to connect to the Bonneville Power Administration to help instruct them on how not to bug the system in the process. This is a major advantage that can be used while conducting cyber attacks as foreign attackers without prior knowledge of the system can attack with maximum accuracy without errors. Cyber attacks on natural gas installations go much the same way as attacks on electric grids. Cyber terrorists can shut down these installations by cutting off the flow, or they can even reroute the gas flow to another area that their allies can seize. In one case with a gas supplier in Russia known as Gazprom, they lost control of their central switchboard that routes gas flow, after an inside operator and Trojan horse program bypassed security.
2021 The Colonial Pipeline cyber attack shuts down the pipeline that carries 45% of gasoline, diesel, and jet fuel to the US East Coast.
Both onshore and offshore wind farms are vulnerable to cyber-attacks. In February 2022, a German wind turbine manufacturer, Enercon, lost remote connectivity to approximately 5,800 turbines due to a large-scale disruption of satellite links. In April 2022, another company, Deutsche Windtechnik, lost control of nearly 2,000 turbines due to a cyber-attack. Although the wind turbines were not damaged during the incident, these attacks illustrate how vulnerable their computer systems are.
Financing
Financial infrastructure can be hit hard by cyber attacks because financial systems are connected by computer systems. Money is constantly being exchanged in these institutions and if cyber terrorists attack transactions are rerouted and large amounts of money are stolen, financial industries will collapse and civilians will be jobless and insecure. Activities will come to a standstill from region to region leading to nationwide economic recession In the US alone, the average daily volume of transactions hits $3 trillion and 99% of it is cash flow. Being able to disrupt that amount of money for a day or a few days can cause lasting damage
