Cybersecurity

From SI410
Revision as of 13:17, 29 April 2019 by Nlampa (Talk | contribs) (Incidence Response)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Female owned cyber security firm

Cybersecurity is the protection of computer systems from cyberattacks that include theft or damage to a computers hardware, software or electronic data. Cyberattacks also include the disruption or misdirection of the services devises provide. These cyberattacks are regularly aimed at retrieving personal information in order to access, change, or destroy it typically in an effort to extort money or information.[1] In the digital world, many transactions are made online involving confidential information and money. The purpose of cybersecurity is to protect endpoint devices like computers, smart devices, and routers; networks; and the cloud from these breaches. Without cybersecurity in such a tech-connected world, cyberattacks can yield negative repercussions for those who are targeted and involved. These consequences may include but are not limited to identity theft, extortion, and loss of sentimental digital memories like family photos and videos.

Types of Cyberattacks

Typically, cyberattackers are seeking a ransom or participating in “hacktivism,” which is defined as hacking as a form of political or social expression. They may use a variety of tools to launch attacks, including malware, ransomware, exploit kits, and etc. Below are some of the most common types of cyberattacks used today:

  • Denial-of-Service: With denial-of-service attacks, hackers send a large amount of connections to overwhelm systems, servers, or networks in order to overwork bandwidth and resources. These connections will will overwhelm the servers and network to the point where they shut down and become unusable.
  • Distributed-Denial-of-Service: Similar to a denial-of-service attack, some hackers take over more than one device in order to organize a distributed-denial-of-service attack. Attackers "enslave" an army of Internet of Things (IOT) devices that have no cybersecurity protocols denying connection. This army of bots is often called "zombies." Using the "zombies" attackers can now execute a denial-of-service attack by having all of these devices attempt to make a connection to a system, server, or network. The large number of connections will overwhelm the systems and they will shut down. Distributed-denial-of-service make it harder for the victim to track the attacker because the large amount connections to their system are coming from a lot of different devices which could be all over the world.
  • Malware: Examples of malware include software, spyware, adware, viruses, bugs, worms, and ransomware.[2] Malware is often able to permeate a network through links or email attachments that sometimes install dangerous software without the user’s knowledge. Malware can block access to the network, install additional software, transfer and send out secure data from the hard drive, and fry the system. Malware can also often duplicate itself in order to further spread the malicious software and make it more difficult to remove from a users computer or network. Malware is often thought of to be one of the easiest ways for an unsuspecting user to compromise their cybersecurity. Often times, if a user is not careful, they could click on an ad or another link on a webpage or could accidentally download something onto their computer that contains the malware. Although there are programs designed to look out and stop malware from being downloaded onto a device, once the malware is on the device it can be quite hard to get rid of, and might not even leave after a factory reset of the device.
  • Man-in-the-Middle (MitM): These cyberattacks are categorized by a hacker sneaking into seemingly-two-party transactions. This type of attack relies on the user believing that they are connecting to their intended party, when in reality the information is going to the "man-in-the middle" and then to the final destination. Attackers are essentially eavesdropping in an effort to steal information. Advanced hackers can use man-in-the-middle attacks in order to change the information sent between two parties and redirect users to a potentially malicious site. Common points of entry for these types of cyberattacks are public Wi-Fi networks that are not secure, and after malware has gotten into a network.
  • SQL Injection: SQL injections can occur when code that has not been written with proper security practices fails to sanitize potential input that a web system, mobile application or general application may receive. An SQL injection is performed by sending in formal SQL syntax into input objects found within a given application, and designing the SQL command to alter the inner database which stores the information of users, log information, and other important pieces of data. An SQL Injection is a very common web hacking technique that may destroy a database.[3]
  • Phishing: Phishing usually happens through email when a hacker sends a fraudulent message that seems to be from a legitimate source but is not. It generally uses "click-bait" titles in order to get users to visit the malicious site due to their curiosity. Usually, the goal is to get credit card information or website login credentials or to have them open a file or link that will install malware on their computer.
  • Doxxing: When a user researches or obtains someone's private information and posts it publicly online. Information can be harvested using malware, publicly available social media, or online metedata such as an IP address.
  • Zero-Day Exploit: When a network’s vulnerability is announced publicly allowing for attackers to find an exploit. Hackers using this method launch an attack before the owner of the network has the chance to create a solution or fix whatever created the vulnerability.
  • Eavesdropping Attack: Occurs via the interception of network traffic. An attacker is able to obtain passwords, credit card numbers, & other confidential data being sent over the network. There are two types of eavesdropping - passive and active. Passive is when the hacker detects the information by listening to the message transmission through the network.[4] Active is when the hacker actively steals the information by pretending to be a friendly network and sending queries to transmitters.
  • Password Attack: The most common form of authentication comes from passwords. Therefore, obtaining user passwords is a common attack approach. This information can be found by finding out personal information on the user, using social engineering, gaining access to databases that store the passwords, or even guessing. This occurs through brute force, guessing a password by trying a combination of different characters, or a dictionary attack, where a list of common passwords is recorded and used.

Large-Scale Cyberattacks

Cyber attacking traffic

Cyberterrorism

According to Palo Alto Networks, an American multinational cybersecurity company, cyberattacks are often directed at secret, political, military or infrastructural assets or people. Cyberattacks used by terrorist groups to further advance their agendas, whether it's political or ideological. This is simply known as cyberterrorism. Military Times reported a case on cyberterrorism in 2016 involving a 20-year-old hacker from Kosovo who pleaded guilty after hacking into a U.S. company's networks and providing Islamic terrorist group ISIS, with personal information of government employees and active military personnel. The hacker had access to retrieve their names, addresses, and financial information.

Cyberwarfare

Cyberwarfare is described by Palo Alto Networks as, nations using information technology to infiltrate the networks of other nations in an attempt to cause damage or disruption. Usually, the goal of cyberwarfare hackers is to steal valuable information, attack particular networks, or damage systems for infrastructural, transportation, medical, or commerce services. An example of a cyberwarfare attack cited by Mohan B. Gazula in his report Cyber Warfare Conflict Analysis and Case Studies, was the WannaCry ransomware attack that infected over 230,000 computers, some of which belonged to Britain’s National Health Service.

Cyberespionage

Cyberespionage refers to hacking into systems to obtain confidential information from others that they do not have the right to access. Palo Alto Networks explains it is most commonly used to, “gain strategic, economic, political or military advantage, and is conducted using cracking techniques and malware.” One case of cyberespionage was in Ukrainian Artillery Tracking. Gazula stated that a hacking group thought to be linked to the Russian government was blamed for the placement of a malware insert used to track artillery units in Ukraine. The inserts were able to recover intelligence that would have been used to attack Russian separatists.

Examples of Large Scale Cyberattacks

Yahoo (2013): In 2013, Yahoo suffered one of the largest data breaches in history. Every user account at the time had been compromised, which totaled to around 3 billion users. The attackers gained access to the names, emails, birth dates, passwords and phone numbers of the victims.[5]

Ebay (2014): Ebay suffered from a cyberattack that compromised all of its 145 million user accounts. The attackers performed the attack by accessing the network using employee credentials. They gained access to names, addresses, and passwords of every user.[5]

Equifax (2017): A vulnerability on the Equifax website caused around 147 million user accounts to be exposed. The information uncovered included social security numbers, addresses, drivers’ license numbers and credit card numbers.[5]

GitHub (2018): The largest DDoS attack to date occurred on February 28th, 2018--an attack on GitHub, a hugely popular developer platform. The site was hit with 1.35 terabits per second of traffic, which was record-breaking at the time.[6]

Critical Cyber Attacks

Government Services

Recently, sixty million users were affected due to the weak security for USPS website. This led to exposure to its database that consisted of emails to phone numbers, mailing campaign data, social security numbers, possibly credit card numbers, access to request account changes for other users so they can make changes to the email addresses and phone numbers of other users, access to street addresses, who lived in each residence, and data of everyone who lived in the same household as those who logged into the site. This data breach took this organization a year to resolve these problems. In other words, these issues were aware of but not fixed right away. It is possible that other branches of the government can be impacted because of this scenario.

Healthcare

Unfortunately, healthcare companies are easy targets in terms of hacking because it is maximized vulnerability. They have access to social security numbers and dates of births. Their medical conditions or health related information is exposed to the public which is an issue because it is something they may be embarrassed or hiding it for professional or personal reasons. Example, one may not want their job to know they are battling cancer in fear of losing their job and not having financial security for the medical treatments. People are vulnerable and not only will their medical information can be exposed it is also unpaid or extensive healthcare bills may be shown as well. It can potentially look bad on that person financially in terms of current or potential employment.

Responses to Cybersecurity

Incidence Response

Incidence response is an organized way of addressing the aftermath of a security breach. When an incident is not identified and managed at the time of intrusion, the incident can escalate into an even bigger data breach or even system failure. Incidence response aims to limit the damage that occurred as quickly as possible. The speed in which the system is able to respond to compromises can mitigate vulnerabilities and quickly restore services and processes to get the system back into a secure state. A computer incident response plan[7] often includes four main aspects:

  1. A system must be prepared for incoming attacks. This includes making sure the entire aspect of the company or system involved is prepared for the losses that occur when an attack happens.
  2. A system must detect and analyze an attack. A system must be able to detect any type of unusual or suspicious behavior and alert the rest of the system that an attack is occurring.
  3. A system must be able to contain, eradicate, and recover from an attack. Isolating and further removing the area of an attack can prevent other parts of the system from also being attacked.
  4. A system must learn from an attack. Identifying the root cause of why an attacked occurred or weaknesses can allow for the system to be rebuilt stronger than before, taking account these weaknesses.

Countermeasures to Cyber Attacks

Throughout the field of computer security there are many measures that can be taken in order to prevent cyber attacks. These countermeasures include actions, devices, procedures, or techniques that reduce the ability for threats and or attacks. Common countering measures include:

  • Security by design: in the scenario security is considered a main feature. This includes code review, unit testing, and splitting up the application so that even if an attacker is able to gain access to part of the system, he or she cannot gain access to other parts.
  • Security through architecture: which involves creating a system that describes security controls. This includes aspects of how different parts are related to each other and understanding the control and dependency they have on each other, the determination of control risk assessment, and standardizing these controls.
  • Security measures: A state of "security" is achieved through the process of threat prevention, detection and response. Using things like cryptography and firewalls allow for threat prevention.
  • Vulnerability management: which includes the identification of vulnerabilities in a system and counteracting those vulnerabilities through rendition or mitigation.
  • Hardware protection mechanisms: The use of devices such as trusted platforms, drive locks, USBs, and mobile-enabled access prevents cybersecurity threats due to the lack off accessibility to these objects.
  • End user training: The end user is often identified as the weakest link in a security chain, and therefore the proper training promotes a culture of awareness towards cybersecurity threats and in turn decreases the amount that occur.
  • Response to breaches: Responding to security breaches is a hard and expensive process, due to the difficulty of identifying hackers, the number of attacks that occur, and a lack of laws prohibiting hacking.

Careers in Cybersecurity

Due to the number of security attacks that occur and the large effects they can have, cybersecurity has become a growing field in IT. Commercial, government, and non-governmental agencies employ cybersecurity professionals in order to deal with and prevent attacks. The highest area of demand of cybersecurity professionals comes from industries that manage large volumes of personalized consumer data. Examples of these include finance and health care.

Jobs in the area of cybersecurity include: security analysts, security engineer, security architect, security administrator, chief security officer, and security consultants. These fields vary in their specific descriptions but all aim to employ both the incidence response and countermeasures to cyber attacks listed above.

Ethics of Cybersecurity

Self-Exposure & Exposure of the Self

Cyberattacks are constantly becoming more and more sophisticated leading to an increased need in the field of cybersecurity. As explained by Wikipedia, the field of cybersecurity is becoming increasingly important because of our increasing reliance on computer systems. These include but are not limited to smart devices and other devices that constitute the Internet of Things.

Cybersecurity is necessary as cyberattacks threaten the safety, sanctity, and identities. Interestingly, we are almost always surprised when people has the ability to find private, prevalent information about us.However, this information is commonly targeted in cyberattacks. According to David Shoemaker, author of Self-exposure and the exposure of the self: Informational privacy and the presentation of identity, “Several have tried to make the case that a threat to informational privacy is a threat to our personal identity.” A threat to our informational privacy and personal identity undermine our authority to decide on what we want our public presentations of ourselves to be. This is summarized by The Control Theory of Privacy which states that, the domain of informational privacy, the zone to be protected is information about one’s self-identity, i.e. information about all or part of the set of properties about which one’s beliefs ground emotions of self-esteem. One has the informational privacy to the extent one has control over others’ access to, and one’s own presentation of, such (unrevealed) information.

Luciano Floridi, would agree that cybersecurity is imperative to our privacy, because of the informational gap.[8] Cybersecurity in the infosphere can act as informational friction, which helps to prevents those from attempting to obtain data on others. Without cybersecurity, society would be exposed to the already increasing cyberattacks of people's information.

Screen Shot 2019-02-28 at 11.54.31 PM.png

Cybersecurity Threats & Our Plural Selves

Cybersecurity serves an important role in the stability and protection of the plural selves we’ve worked so hard to develop. Dean Cocking describes our identities as a “bundle of plural selves.” He suggest we have a multitude of aspects of selves, and the way we choose to represent ourselves changes depending on the context. We understand that certain aspects of ourselves are best summoned in certain situations and with certain people, and we tend to use that information to our advantage. However, a breach of cybersecurity puts our plural selves at risk of them being discovered by those we do not wish to expose them to. That, in turn, could jeopardize the basis and foundation of the relationships we’ve achieved in particular circles, as relationships are based on an assumed mutual level of trust.

Cybersecurity - A Necessary Ethical Consideration

As technology develops it is necessary for companies to consider the ethical problems that may arise [9]. This is especially important to consider in cases where new technology is responsible for safeguarding private user data. Many cyber attacks exploit insecurities in technological systems in order to gain access to users’ information. Companies have an obligation to secure the vulnerabilities in their systems before shipping their product. James Moor’s law states, “As technological revolutions increase their social impact, ethical problems increase,” [9] which is primarily because ethical policies have not been considered for many technologies. Cybersecurity should be an ethical consideration when developing and deploying the product rather than an afterthought. Time and resources should be spent towards securing websites to ensure users are protected from the beginning.

Cybersecurity & Our Privacy

Breaches to cybersecurity can cause information leaks and all types of malware could cause trouble not only for big businesses but also for common people who could have their information leaked or shared because of malware or another attacker or cybersecurity. This not only breaches the privacy of the user, and reveals information that they would like to be hidden, but also breaks the trust between them and the technology they are using, which they had previously entrusted their precious data with.

The Future of Cybersecurity

As the growth of technology endures, the threat to our security does also. Cybersecurity will continue to become evermore important as the amount of online tasks we carry out every day increases. According to research released by the International Data Corporation, businesses are expected to spend $101.6 billion dollars in 2020 on cybersecurity software, services, and hardware. This number will almost certainly go up in time. The question is, if we continue to take the necessary steps to protect our online identities, whether it is possible to execute this through proper channels.

See also

References

  1. C. (2019, January 16). What Is Cybersecurity? Retrieved February 26, 2019, from https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
  2. What is Malware?. Cisco. Retrieved from https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-malware.html
  3. SQL Injection. W3Schools.com. Retrieved from https://www.w3schools.com/sql/sql_injection.asp
  4. Teng, J., Gu, W., Xuan, D.: Defending against physical attacks in wireless sensor networks. In: Sajal, K., Krishna, K., Zhang, N. (eds.) Handbook on Securing Cyber-physical Critical Infrastructure, pp. 251–279. Elsevier, Tokyo (2012), doi: 10.1016/B978-0-12-415815-3.00054-6
  5. 5.0 5.1 5.2 Armerding, Taylor. “The 18 Biggest Data Breaches of the 21st Century.” CSO Online, CSO, 20 Dec. 2018, www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html.
  6. Newman, L. H. (2018). GitHub Survived the Biggest DDoS Attack Ever Recorded. Retrieved from https://www.wired.com/story/github-ddos-memcached/
  7. Dobran, Bojana, Upgrade Your Security Incident Response Plan (CSIRP) : 7 Step Checklist, https://phoenixnap.com/blog/cyber-security-incident-response-plan, March 10 2019
  8. Floridi describes the informational gap as the instance in which the less you about know someone, the more private their lives can be. "The Fourth Revolution: How the Infosphere is Reshaping Human Reality" by Luciano Floridi, Oxford University Press, 2014
  9. 9.0 9.1 Moor, James. “Why We Need Better Ethics for Emerging Technologies.” Ethics and Information Technology.

1. Boyd, A. (2017, August 08). Hacker pleads guilty in first case of cyber terrorism. Retrieved February 27, 2019, from https://www.militarytimes.com/2016/06/15/hacker-pleads-guilty-in-first-case-of-cyber-terrorism/

4. Cocking, D. (2008). Plural Selves and Relational Identity(Rep.). Cambridge, U.K.: Cambridge University Press.

5. Computer security. (2019, February 27). Retrieved February 27, 2019, from https://en.wikipedia.org/wiki/Computer_security The field is growing in importance due to increasing reliance on computer systems, the Internet[2] and wireless networks such as Bluetooth and Wi-Fi, and due to the growth of "smart" devices, including smartphones, televisions and the various tiny devices that constitute the Internet of things. Due to its complexity, both in terms of politics and technology, it is also one of the major challenges of the contemporary world.

6. Cyber Attack - What Are Common Cyber threats? (2019, February 25). Retrieved February 26, 1999, from https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html

7. Cybersecurity. (n.d.). Retrieved March 1, 2019, from https://www.wmep.org/services/cybersecurity/

8. Computer security. (2019, March 22). Retrieved March 25, 2019, from https://en.wikipedia.org/wiki/Computer_security The field is growing in importance due to increasing reliance on computer systems, the Internet[2] and wireless networks such as Bluetooth and Wi-Fi, and due to the growth of "smart" devices, including smartphones, televisions and the various tiny devices that constitute the Internet of things. Due to its complexity, both in terms of politics and technology, it is also one of the major challenges of the contemporary

9. First Person Plural. (2015, August 04). Retrieved March 1, 2019, from http://www.fiftybits.com/20081113first-person-plural/

10. Gazula, M. B. (2017, May). Cyber Warfare Conflict Analysis and Case Studies. Retrieved February 27, 2019, from https://cams.mit.edu/wp-content/uploads/2017-10.pdf

11. Internet of things. (2019, March 23). Retrieved March 25, 2019, from https://en.wikipedia.org/wiki/Internet_of_things The Internet of things (IoT) is the extension of Internet connectivity into physical devices and everyday objects. Embedded with electronics, Internet connectivity, and other forms of hardware (such as sensors), these devices can communicate and interact with others over the Internet, and they can be remotely monitored and controlled.

12. Palo Alto Networks. WHAT IS CYBERSECURITY? (2019). Retrieved February 27, 2019, from https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-security

13. Shoemaker, D. W. (2009). Self-exposure and the exposure of the self: Informational privacy and the presentation of identity (Rep.). Berlin, Germany: Springer Science Business. doi:10.1007/s10676-009-9186-x

14. Vanian, J. (2016, October 12). Here's How Much Businesses Worldwide Will Spend on Cybersecurity by 2020. Retrieved March 1, 2019, from http://fortune.com/2016/10/12/cybersecurity-global-spending/

Retrieved from "http://si410wiki.sites.uofmhosting.net/index.php?title=Cybersecurity&oldid=85094"