Know Thine Enemy — Defining Cyberthreats
Cyberthreats are defined under a wide umbrella of possible malicious attempts to damage or disrupt computer networks or systems. Sadly, these threats are many and varied.
As the FBI notes, “Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated. Our nation’s critical infrastructure, including both private and public sector networks, are targeted by adversaries. American companies are targeted for trade secrets and other sensitive corporate data, and universities for their cutting-edge research and development. Citizens are targeted by fraudsters and identity thieves, and children are targeted by online predators.”
Cyberthreats come in all shapes and sizes and attacks are launched for a variety of reasons. It’s important to understand the particulars of each in order to best protect yourself and your organization from harm.
It’s hard to understand anything without being able to define it, and cyberthreats are no different. Luckily, the Vocabulary for Event Recording and Incident Sharing (VERIS) project lays out a helpful set of metrics designed to provide a common language for defining cybersecurity incidents.
VERIS uses seven categories of threat actions to distinguish various cyberthreats from one another. Two of these categories (Error and Environmental) exclude any malice — they concern threats to equipment and/or data stemming from things such as honest programming mistakes, equipment malfunction, or natural disaster.
The other five VERIS categories provide an excellent framework for defining the current scope of nefarious cyberthreats facing industry and individual alike:
- Malware: A portmanteau of “malicious” and “software,” malware is any code that alters computer or device function without the owner’s informed consent. It is delivered by surreptitiously installing illicit programs or scripts, and is most commonly distributed via unsecure Wi-Fi networks, fraudulent websites, and infected mobile apps or email attachments. Among the types of malware commonly encountered are:
- Viruses — Programs that copy themselves to “infect” a computer or network and usually require “host” software applications or programs to run. Viruses also usually require some user action to proliferate (such as clicking on an infected email attachment).
- Worms — Program that spread copies of themselves through computer networks, self-replicate without any user interaction, and don’t need to be attached to host programs in order to run.
- Spyware — Malware that violates user privacy and device control. Spyware can include adware (banners and popups), Trojans (programs that claim to do one thing, but really do something else), keyloggers (programs that monitor keyboard use, often aiming to steal passwords and user credentials), and data harvesting programs (which surreptitiously collect and often sell user data such as location, browsing habits, contact lists, etc.).
- Backdoors — Programs that overtake or bypass user authentication safeguards. Backdoors can give intruders remote access to applications on a computer or network, or issue unauthorized remote system commands.
- Ransomware — Programs that deny authorized users access, encrypt files, and/or threaten the destruction of data unless perpetrator demands are met (usually by paying a ransom).
- Cryptojackers — Programs that appropriate a computer’s processing power to mine for cryptocurrency.
- Hacking: In terms of cyberthreats, hacking is any attempt to digitally access, steal, damage, or destroy data or assets without authorization by bypassing or traversing security safeguards. Common examples of hacking cyberthreats Include brute force attacks (repeated and often automated trial-and-error attempts to gain entry to password-protected content or systems); SQL injection (inserting code into web application database queries to take control of their contents), and denial-of-service attacks (disrupting an internet host to render network resources unavailable).
- Social: Social cyberthreats focus on human fallibility and use deception and/or intimidation to gain unlawful access to systems and data. Phishing, the practice of impersonating a trusted or legitimate source via email/text/SMS to trick targets into revealing privileged information for malicious purposes, or to install malware on the victim’s computer, is currently among the most common (and rapidly increasing) social cyberthreats. Spear-phishing is a type of phishing focused on a specific individual, organization or business. A term adopted from the gambling industry, whaling is an even more narrowly-defined phishing scam where hackers target high-level executives or other powerful, high-worth individuals through tailored campaigns designed to trick their marks into giving over the figurative keys to their kingdoms.
- Misuse: Misuse is also a human-driven cyberthreat whereby privileged access is intentionally exceeded or abused. Misuse only occurs among trusted insiders. One of the most pernicious misuse cyberthreats is intentional data leakage, such as when disgruntled ex-employees post confidential company information on the internet or supply competitors with sensitive digital intellectual property. Data leakage is also often referred to as data exfiltration.
- Physical: Physical cyberthreats involve intentional proximity, possession, or force actions perpetrated by a human against computer equipment or information assets — purposely smashing a company server or furtively copying sensitive company files onto a USB drive are both examples of physical cyberthreats.
Malware, hacking, social, misuse, and physical threats make up the five basic classifications for malicious cyberattack. Interestingly, each threat category is constantly evolving right alongside the technology and human customs they target. For example, McAfee research shows that incidence IoT-device-targeted cryptojacking surged in late 2018; and phishing attacks are on the rise amongst mobile users in 2019.
Arming yourself with an understanding of this dynamic cyberthreat landscape is the first step in practicing good cybersecurity hygiene. The next step is deploying holistic security tools that can outpace those threats. Good luck!
Eric Williams is the founder and CEO of ijura (www.ijura.com), whose cloud-based cybersecurity platform provides holistic real-time Mobile Threat Defense solutions to remediate attacks against smartphone, tablets, and IoT without impacting performance. ijura (@ijuraCloud) is a startup venture of Tata Communications. Eric can be reached at [email protected].