Threats and Vulnerabilities of Information Systems

Today, about half of the world’s population is using the Internet in some way. With so many users online at the same time, cybersecurity threats are growing and becoming increasingly complex, despite all the effort to counter them.

Information security on the Internet is not just about data protection, it is focused mainly on safeguarding intellectual property and sensitive information of organizations and people.

There are two fundamental elements of a cyber risk: a threat of an attack and a vulnerability in the technology. These two interrelated elements must exist at the same time for a risk to be realized.

In a dynamic, interconnected environment, security threats can come from anywhere, even from within the organization. A vulnerability is a weakness in a technology or a process that is inherent in the systems or infrastructure that supports it.

People who use technology to disrupt systems in the network, steal and/or destroy information are commonly known as hackers. Hackers can be classified depending to the intent of their actions:

• White Hat: Ethical hackers, they are computer security professionals who perform penetration testing to assess security.
• Black Hat: Also known as crackers, they break into information systems with malicious intent.
• Gray Hat: These hackers sometimes break the law, but they usually do not attack with malicious intent or for personal gain, they are motivated by protest or personal challenge.

In a company, a data leak can occur as a result of deliberate actions of an exasperated employee, a cyberattack, or inadvertently, through actions of an unsuspecting user who fell victim to malicious software.

Network Attacks

This practice is on the rise due to the existing vulnerabilities in the systems and ever-more sophisticated attack techniques. Here are some of the most common types of network attacks:

• Malware, or malicious software, is any program designed to infiltrate and damage a system. Types of malware include viruses, worms, Trojan horses, etc.
• A virus is a malicious code that, when executed by a user, infects the system files. Once active, it spreads through the entire system and can reach any devices or networks to which the system is connected.
• A worm is malware that, once it infects a computer, replicates itself to spread over networks. Unlike viruses, worms do not require any user action, they can be transmitted via networks or email. Worms are harder to detect as they spread and infect other computers rather than disrupting the system’s normal functioning right away. Hackers use them to create a network of zombie computers (botnet) which they control remotely for denial-of-service (DoS) attacks or other malicious activities.
• A Trojan horse is similar to a virus, however, instead of disrupting a computer’s performance, it opens a backdoor entry to the computer for other malware. Its main purpose is to enter systems unnoticed, without being detected as a potential threat. Trojans are not self replicating, they are usually embedded in executable files that appear harmless.
• Spyware is malicious software used to gather information from a computer and send it to a third party without the owner’s consent. Functioning silently, it can even install other programs without being noticed. Signs of an infection include considerable loss of performance and difficulty connecting to the Internet.
• Adware is a type of software that displays advertising. Although adware does not harm computers, some people consider it a kind of spyware. It collects and reports data about the user’s behavior for targeting advertising.
• Ransomware is one of the most sophisticated and advanced types of malware. It hijacks and encrypts data and then the attackers demand a ransom for it. They usually request payment in cryptocurrency (Bitcoin), because it is harder to trace. Cyberattacks of this type are currently on the rise and the most feared ones.
• A port scan is used to monitor devices and networks to find out which ports are open, what services are available, whether there is a firewall, what kind of architecture the network has, what type of operating system is used, etc. It allows the attacker to pre-analyze the system and identify its vulnerabilities to exploit them later for some other malicious activity because each open port on a device is a potential point of attack.
• Phishing is not software, but rather a set of methods cybercriminals use to obtain their victim’s personal data, such as passwords or bank details. The most common form is when the perpetrators impersonate a trustworthy person or organization via emails, text messages or phone calls and request confidential information, which they later use for personal gain.
• A botnet is a network of infected and remotely controlled computers or devices (smartphones, tablets, etc.) that behave like bots or “zombies”. They are used by hackers to perform distributed denial-of-service attacks or send out massive quantities of spam messages.
• A denial-of-service (DoS) attack disrupts the functioning of a system or computer, making the service unavailable to the intended users. A web server can handle a finite number of user requests or connections simultaneously. If there are too many, it causes the server to slow down or even shut down and disconnect from the network. There are two types of such attacks: denial-of-service (DoS) and distributed-denial-of-service (DDoS). The difference between them is the number of computers used for the attack. In a DoS attack, multiple requests are sent to a service from one machine or IP address in an attempt to use up all its resources until it no longer responds to requests (it denies service). A DDoS attack occurs when many different computers or IP addresses target one service at the same time. This is usually done using infected computers (zombies) that are connected to form a botnet.
• A man-in-the-middle (MITM) attack is when communications between two systems are intercepted by a third party assuming a false identity. In this case, the attacker can control and manipulate the conversation at will without being discovered immediately. MITM attacks are very common on public and unsecured Wi-Fi networks and extremely dangerous as sensitive information can be stolen and, unless you have some knowledge on the subject, they are difficult to detect.

Generally, to carry out any of these attacks, perpetrators need to have the means (such as knowledge and appropriate tools), a motive or purpose and opportunity (for example, a breach in the security of the target computer system to facilitate the attack).

Prevention of Network Attacks

In order to maintain a certain degree of data protection in a network organizations, companies and people must understand that security threats are constantly evolving. Therefore, the best way to prevent them is to figure out how these attacks occur and what these threats are.

There are many effective ways to protect yourself from network security threats. Depending on the type of attack, some of them are:

• To protect yourself from malware, adware and spyware, use 3 steps: install antivirus software, keep it updated and perform regular scans. You should also install security patches for your operating system, create backup copies, use different and strong passwords for each service, configure your browser’s security correctly and avoid downloading applications or files of unknown origin.
• To protect yourself from ransomware, the first thing you should do is update the operating system and all the security software, including the antivirus. Enable the firewall and always use secure protocols for remote administration. Configure your computer to show file extensions to prevent executing malicious code disguised as legitimate non-executable files, disable macros in documents, teach network users to recognize threats before opening email attachments and create backup copies of critical data on a regular basis.
• To protect yourself from port scanning, it can be effective to close the ports or services whenever they are not in use, change the default ports for certain applications and configure your firewall to detect possible port scans.
• To protect yourself from phishing, take your time before taking any action, do not be persuaded by the urgency of the message. Check the facts and be suspicious of any unsolicited communications or unknown sources. Never respond to any requests for confidential information such as passwords or credit card details and never download or run any attachments sent by people you do not know.
• To protect yourself from botnet attacks, change your passwords regularly, including your Wi-Fi password. Update your operating system and antivirus software. Avoid using P2P services or downloading torrents, because they are often used to distribute malicious code. Limit access to websites if you are not sure whether they are safe.
• To protect yourself from denial-of-service (DoS) attacks, block IP addresses that are not used, disable unnecessary network ports and services, use routing filters to block unwanted traffic, implement an effective password policy and configure the bandwidth to be used.
• To protect yourself from man-in-the-middle (MITM) attacks, you should use traffic encryption in public networks. You can do this by using virtual private networks (VPNs), a public key infrastructure (PKI), digital certificates and a certification authority. They help protect documents sent and authenticate users by encrypting messages. A PKI is an infrastructure where the communicating parties trust a certification authority to verify their identities.

Over the past decade, the world has seen a paradigm shift in the ways attackers seek to exploit vulnerabilities within organizations and network infrastructures.

To be able to anticipate and counter these attacks in the best way possible, we must learn from them and update our security policies constantly. It will give network users peace of mind when it comes to the security of their personal data, money and intellectual property.