Computer security, frequently referred to as cybersecurity or information technology security (IT security), is the protection of information systems from theft or damage to the hardware, software, and the data being stored, as well as protection from disruption or misdirection of the services they provide.
To achieve superior computer security a multipronged approach must be adopted, which entails strictly monitoring and controlling the physical access/entry to the information system or devices, as well as safeguarding against computer damage that may come via irresponsible/careless internet use, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
With the prevailing exponential growth of technology, the reliance on progressively more sophisticated computer systems is undoubtedly increasing. The internet’s omnipresence, the upsurge of smart devices and the rise of wireless networks like Bluetooth and Wi-Fi, has introduced a whole new set of challenges and vulnerabilities to cybersecurity.
Vulnerabilities and attacks
In computer security, a vulnerability is a weakness or an accidental flaw which can be exploited and abused by any malignant entity, such as an attacker, that wishes to carry out unlawful, unlicensed or unauthorized actions within a computer system. To exploit a vulnerability, an attacker must have a program, piece of software, a specific tool or method which can take advantage of the computer’s weakness. In this context, vulnerability is also referred to as the attack surface.
The primary way of discovering and exploiting the vulnerabilities of a given device happens with the help of either an automated tool or a manual bespoke script.
Even though there is a plethora of different attacks which can be made against a computer system, these threats can typically be classified into one of these categories below:
Backdoor entry
A backdoor in a computer system, a cryptosystem, a program or software, is any secret method of bypassing normal authentication or security controls. They may exist for a number of reasons, including by original design or from poor configuration. They may have been added by an authorized party to allow some legitimate access, or by an attacker for malicious reasons; but regardless of the motives for their existence, they create a vulnerability.
Denial-of-service attack
The objective of a denial-of-service attack (DoS) is to make the resources of an information system, device or network inaccessible to its users. These cyber-attacks can result in complete lockdown of the victim’s account because the password has been entered multiple times in rapid succession or they may completely overload the processing capacity of a device, causing all users to be blocked at once.
Even though DoS Attacks coming from a single, static IP can be easily blocked with antivirus software or by an adequate firewall, distributed denial of service (DDoS) attacks, where the attack comes from a multiple, dynamic IP’s and locations at the same time, can be much harder to stop. Typical DDoS attacks are the ones carried out by automated bots or “zombie computers”, but a range of other techniques are possible including reflection and amplification attacks, where innocent systems are fooled into sending traffic to the victim.
Direct-access attacks
A direct-access attack is simply gaining physical access to the targeted computer system. This would enable the attacker to damage the hardware and software, to install keyloggers, worms, viruses and covert listening devices or to manually copy sensitive information and data from the device.
Disk encryption and Trusted Platform Module are designed to prevent these attacks.
Eavesdropping
Eavesdropping, frequently referred to as wiretapping or simply spying, is the act of stealthily listening to a verbal conversation between two or more individuals or reading various forms of text communication.
Programs such as “Carnivore” and “NarusInSight” have been used by the FBI and NSA to eavesdrop on internet service providers (ISPs).
Even devices which aren’t connected to the internet or LAN network (i.e. not in contact with the outside world), can still be spied on via TEMPEST monitoring which, as stated in “8. Scope of CODENAME: TEMPEST”, is the faint electromagnetic transmissions generated by the hardware.
Multi-vector, polymorphic attacks and malware
Surfacing in 2017, polymorphic attacks or malware are extremely difficult to detect as they constantly change their identifiable features (file names and types or encryption keys), thus easily evading crude detection and antivirus programs. Many of the common forms of malware can be polymorphic, including viruses, worms, bots, trojans, or keyloggers.
Phishing and social engineering
Phishing (neologism derived from the word “fishing”) is the fraudulent attempt to acquire sensitive data and information such as login details or credit card numbers directly from the targeted user by disguising oneself as a trustworthy entity in an electronic communication.
Phishing is typically carried out by email spoofing (the creation of email messages with a forged sender address) or instant messaging (any online chat that offers real-time text transmission over the Internet).
Typically, phishing leads the victim to a fake website whose appearance is almost identical to that of a well-established, legitimate one. If the victim isn’t technologically savvy enough to realize the trap, there is a high probability that he will enter the login details necessary to access his account, the fake website will steal them and send them over to the cyber attacker.
Phishing can be classified as a form of social engineering which in the context of information security, is the psychological manipulation of people into performing actions or divulging confidential information.
In most cases, the primary objective of social engineering is to fully convince the targeted user (often a vulnerable and misinformed individual) to disclose personal information such as passwords, card numbers, etc. by, for example, impersonating an authorities entity such as a bank, the government or a contractor.
Privilege escalation
Privilege escalation is a type of fraudulent activity where the attacker, who has restricted access to a device due to lack of privilege or authorization, is able to elevate/escalate their privileges to gain entry.
In most cases, this happens when the attacker is able to exploit a vulnerability to gain administrative rights or even “root” access and have full unrestricted access to a system.
Spoofing
Spoofing is a type of fraudulent activity where the attacker or program masquerades as a genuine user and gains an illegitimate advantage through falsification of data (such as an IP address), for the purpose of gaining access to sensitive information or electronic resources.
There are several types of spoofing, including:
- Email spoofing, where the attacker or program falsifies the sending (from; source) address of an email.
- IP address spoofing, where the attacker or program alters the source IP address in a network packet to hide their identity or impersonate another computing system.
- MAC spoofing, where the attacker or program modifies the Media Access Control (MAC) address of their network interface to pose as a valid user on a network.
- Biometric spoofing, where the attacker or program produces a fake biometric (technical term for body measurements and calculations) sample to gain the identity characteristics of another user.
Tampering
Tampering can refer to many forms of sabotage, but the term is frequently used to mean intentional modification of products or services in a way that brings value to the attacker at the expense of being harmful to the consumer.
In the context of computer security, the “Evil Maid attacks” are a primary example of tampering. The Evil Maid attack is a type of fraudulent activity carried out on an unattended device, in which the intruding entity with physical access is able to alter it in some undetectable way so that they can later access the device.