Please enable JavaScript.
Coggle requires JavaScript to display documents.
Threat Environment
Attack and Attackers (Computer Virus (Trojan (Spyware,…
-
-
-
-
-
Motivated by thrills, validation of skills
-
- Server or entire network unavailable
-
- Strong technical skills and dogged and persistence
- Script Kiddies use these scripts to make attack
- Script kiddies are dangerous because of their have a large of number
-
- most attackers are career criminals with traditional criminal motives
- make prosecution difficult
- The cyber criminal use black market forum
i) Credit card and identity information
ii) Vulnerabilities
iii) Exploit software (often with update contracts)
- deceives the victim into doing something against the victim’s
financial self-interest
- Criminals are learning to conduct traditional frauds and new frauds over networks
- Steal money or intellectual property that can be sold to other criminals or to competitors
- Threaten a DoS attack or threaten to release stolen information unless the victim pays the
attacker
- carding, bank account, online stock account, identity theft (steal personal information)
- Steal the identity the entire corporation
- Accept credit cards on behalf of the corporation
- Pretend to be the corporation in large transactions
- Can even take ownership of the corporation
-
- Attacks on confidentiality
- Public information gathering
- Trade secret espionage
- Trade secret theft approaches
- National intelligence agencies engage in commercial espionage
- Attacks on availability
- Rare, but can be devastating
-
- Attacks by national governments (Cyberwar)
- Attacks by organized terrorists (cyberterror)
- Nightmare threats
- • Potential for far greater attacks than those caused by criminal attackers
- Computer-based attacks by national governments
- Espionage (spy)
- Attack to damage the financial and communication infrastructure
- To augment conventional physical attacks
- Attacks by terrorists or terrorist groups
- May attack IT resources directly
- Use the Internet for recruitment and coordination
- Use the Internet to augment physical attacks
- Turn to computer crime to fund their attacks
- Destruction of hardware, software, data
- Plant time bomb or logic bomb
- Accessing without authorization or in excess of authorization
- Misappropriation of assets
- Theft of money
-
- prepetrator tries to obtain money
- Via E-mail
- Displaying pornographic materials
- Download pornographic, pirate software, excessive personal use
- theft sensitive information
- contract workers
- workers in contracting companies
- copy the virus code in the virus sector
- infect the system and change the signature
-
- Like viruses, can spread by e-mail, instant messaging, and file transfers
- Can do damage if computer has vulnerability
- Social engineering is attempting to trick users into doing something that goes against security
policies
- spreads through removable drives, malicious email attachments
and drive-by downloads.
- spread itself by posting malicious in instant massage and social media sites.
- Take control of the super user account (root, administrator, etc.)