Top Information Security Attack Vectors

Subscribe to my newsletter and never miss my upcoming articles

Listen to this article

Cloud Computing Threats Cloud Computing is the most common trend & popularly in use nowadays. It does not mean that threats to cloud computing or cloud security are fewer.

Mostly, the same issues as in traditionally hosted environments also exist in cloud computing. It is very important to secure Cloud computing to protect services and important data.

The following are some threats that exist in Cloud Security:

In the Cloud Computing Environment, a major threat to cloud security is a single data breach that can result in loss. Additionally, it allows the hacker to further have access to the records which allows the hacker to have access to multiple records over the cloud. It is the extremely worst situation where compromising of single entity leads to the compromise of multiple records. Data Loss is one of the most common potential threats that are vulnerable to Cloud security as well. Data loss may be due to intended or accidental means. It may be large scales or small scale; however massive data loss is catastrophic & costly. Another Major threat to Cloud computing is the hijacking of Account over cloud and Services. Applications running on a cloud having software flaws, weak encryption, loopholes, and vulnerabilities allow the intruder to control. Furthermore, there are several more threats to Cloud computing which are:

Insecure APIs Denial of Services Malicious Insiders Poor Security Multi-Tenancy Advanced Persistent Threats An advanced persistent threat (APT) is the process of stealing information by a continuous process. An Advanced Persistent Threat usually focuses on private organizations or for political motives. The APT process relies upon advanced, sophisticated techniques to exploit vulnerabilities within a system.

The "persistent" term defines the process of an external command and controlling system that is continuously monitoring and fetching data from a target. The "threat" process indicates the involvement attacker with potentially harmful intentions.

Characteristics of APT Criteria are:

Characteristics Description Objectives Motive or Goal of threat Timeliness Time spend in probing & accessing the target Resources Level of Knowledge & tools Risk tolerance Tolerance to remain undetected Skills & Methods Tools & Techniques used throughout the event Actions Precise Action of threat Attack origination points Number of origination points Numbers involved in the attack Number of Internal & External System involved Knowledge Source Discern information regarding threats Table - Advanced Persistent Threat Criteria

Viruses and Worms Term "Virus" in Network and Information security describes malicious software. This malicious software is developed to spread, replicate itself, and attach itself to other files. Attaching with other files helps to transfer onto other systems. These viruses require user interaction to trigger and initiate malicious activities on the resident system.

Unlike Viruses, Worms are capable of replicating themselves. This capability of worms makes them spread on a resident system very quickly. Worms are propagating in different forms since the 1980s. Some types of emerging worms are very destructive, responsible for devastating DoS attacks.

Mobile Threats Emerging mobile phone technology, especially Smartphones has raised the focus of attackers over mobile devices. As Smartphones are popularly used all over the world, it has shifted the focus of attackers to steal business and personal information through mobile devices. The most common threat to mobile devices are:

Data leakage Unsecured Wi-Fi Network Spoofing Phishing Attacks Spyware Broken Cryptography Improper Session Handling Insider Attack An insider attack is the type of attack that is performed on a system, within a corporate network, by a trusted person. A trusted User is termed as Insider because Insider has privileges and it is authorized to access the network resources.

Botnets Combination of the functionality of Robot and Network develop a continuously working Botnet on a repetitive task. It is the basic fundamental of a bot. They are known as the workhorses of the Internet. These botnets perform repetitive tasks. The most often of botnets are in connection with Internet Relay Chat. These types of botnets are legal and beneficial.

A botnet may use for positive intentions but there also some botnets which are illegal and intended for malicious activities. These malicious botnets can gain access to the systems using malicious scripts and codes either by directly hacking the system or through "Spider." Spider program crawls over the internet and searches for holes in security. Bots introduce the system on the hacker’s web by contacting the master computer. It alerts the master computer when the system is under control. Attacker remotely controls all bots from the Master computer.

 
Share this