In my last blog I discussed the overview of cyber security and different type of attacks. Now let us explore insider attack in detail.

Internal Attack:

Employees and contractors have a significant knowledge of organization’s primary security mechanisms (e.g. firewalls, access controls, physical access controls). Systems are built for the untrusted external attacker and not for the trusted insider. People working for or within the organization are aware of the mechanisms in place and can use this knowledge to circumvent defenses.

In order to overcome this advantage and realistically address insider threats, organizations need better capabilities.  Areas could be context-based monitoring, advanced behavior anomaly detection, and link-analysis driven investigation.

Authorisation Creep(Deliberate/Malicious insider):

If a user gets a set of access rights after joining the organisation and soon he gets transferred/ promoted to other departments. Thus, getting more set of access rights and also major productivity classes.

  1. Appropriate SOD (segregation of duties) must  be defined for the access of systems.
  2. Only necessary privilege should be given to one user.
  3. All privilege should not be given to single person.
  4. System must have four eye or six eye principle to prevent such attacks, also it must be audited regularly.
  5. Ensure that security patches are reviewed and tested beforehand.
  6. Also, the deployment of the patches should be performed promptly to OS.
  7. For bigger patches, monitoring of the system is beneficial.

An employee can become a malicious insider threat when there is job frustration, persuasion by a competitor who is trying to hire him or a financial motive.

Based on the lack of security and control around critical information, the malicious insider will often copy large amounts of proprietary data either to the cloud, a USB device or a personal device. While this seems very simple and basic, it is extremely effective and happens on a regular basis.TAccidental Insider:

An accidental insider is someone who is tricked or manipulated into doing something that ultimately harms the organisation. Some people further categorize the accidental insider threats into “the infiltrator” and “the ignorant insider.” The infiltrator situation occurs when an adversary accesses a user’s system or steals credentials to gain access to a system.

The ignorant insider is a situation that occurs when an adversary convinces the user to click on a link or open an attachment, which ultimately causes the user’s system to be compromised.

Since both cases are caused by a user action that ultimately results in a system or account being compromised, we group these types of threats together.

Prevention and Mitigation of Internal Attack

  1. Enforce clear security policies and guidelines to minimize the risk posed by both intentional and unintentional security incidents.
  2. Implement the rule of least privilege which indicates that employees should only have access to information resources necessary to perform their daily tasks.
  3. Access control mechanisms enable companies to specify and implement monitoring and auditing requirements

Cyber Security – Different type of Attacks

To be continued…..

I am going to create a series of blogs on the security and type of attack. Here is just a heads-up.

Cyber Security:

Today’s world cybersecurity involves protecting financial and non financial information and systems from major cyberthreats, such as cyber terrorism, cyber warfare, and cyber espionage.

In their most disruptive form, cyberthreats take aim at secret, political, military, or infrastructural assets of a institution, nation, or its people. Cybersecurity is critical part of any institutions’ security strategy.

Cyber Terrorism

Cyber terrorism, which involves crimes of terrorism that occur electronically. These crimes occur against individuals, businesses, organizations, and against the government itself.

Our lives are accessible electronically now, from our social details on a job application, to our bank account, to medical records and more.

With the greater convenience of using technology, we trade off some degree of security since it’s very difficult to stop every instance of cyber terrorism. Consider for a moment, how much of our own private information could a hacker potentially find online about our life? Who or what protects us against theft or other crimes related to our personal data?

Cyber Espionage

Cyber spying is the act of engaging in an attack or series of attacks that let an unauthorized user or users view classified/protected material.

These attacks are often subtle, amounting to nothing more than an unnoticed bit of code or process running in the background of a mainframe or personal workstation, and the target is usually a personal, institution or government entity.

The goal is typically to acquire intellectual property or government secrets. Attacks can be motivated by greed or profit, and can be used in conjunction with a military operation or as an act of terrorism. Consequences can range from loss of competitive advantage to loss of materials, data, infrastructure, or loss of life.

Cyber espionage is very common and prominent also. Current attacks of WannaCry, Petya are recent attacks which infected millions of devices across the world. Let’s understand some of the attack type which can cause damage to any institution, country and individuals.

Cyber Attack:

A cyberattack is deliberate exploitation of computer systems, technology-dependent enterprises and networks. Cyberattack uses malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft.

Cyberattacks may include the following consequences:

  1. Identity theft, fraud, extortion
  2. Malware, pharming, phishing, spamming, spoofing, spyware, Trojans and viruses
  3. Stolen hardware, such as laptops or mobile devices
  4. Denial-of-service and distributed denial-of-service attacks
  5. Breach of access
  6. Password sniffing
  7. System infiltration
  8. Website defacement
  9. Private and public Web browser exploits
  10. Instant messaging abuse
  11. Intellectual property (IP) theft or unauthorized access

It is not limited to above list, but it can be much more than this. On daily basis hackers uses far more advance technologies and methods than what we think normally.

Mainly there are two main categories of attacks which cause damage.

  1. Internal Attacks
  2. External Attacks

These attacks may be active and passive in nature. Active attacks is deliberate exploitation in which hacker attempts to make changes to data on target or Enroute to target. Passive attacks is a network attack in which system is monitored and scanned for vulnerabilities like open ports, week passwords etc.

In the next few articles I will discuss more on the approx 50 different type of attacks.

To be continued….