Threats to IT systems can come from a variety of sources. A company's employees, either deliberately or unintentionally, can be a source of security risk, while a range of threats also exist outside the company. The threats themselves come in a number of different forms: internal, external, physical or social engineering and software driven threats.
There are many threats to IT security from within an organisation, both deliberate and accidental or unintentional.
There are a number of deliberate, internal threats to security:
Employee actions: Disgruntled or recently dismissed staff may damage or delete files as a form of revenge. They may also cause damage to the company software systems or post damaging information about the company online.
Data theft: Employees may steal data (such as customer lists or credit card detaib) which they can then sell to cybercriminals or competitors. In many cases it is relatively easy for employees who have legitimate access to an organisation's computer systems and data, to make copies of it.
Users overriding security controls: Employees may want to bypass controls as they find them too restrictive and frustrating. For example, they may want to use their favourite internet browser or install a game they enjoy playing during their lunch break.
Computer equipment can be valuable and there is a possibility that it may be stolen or maliciously damaged Theft or loss of portable equipment which may contain sensitive information is a particular threat to security because once a hard disc is removed from a computer system, it may be possible to circumvent the security measures that protect the data it holds. Social engineering and software-driven threats Social engineering is a technique that is used to attempt to fool computer users to provide secure information to cybercriminals. Social engineering uses software that is designed with a malicious intent.
The best known example of social engineering is the phishing scam. This involves sending emails that claim to come from a bank to large numbers of people asking them to log into their account using a link provided in the email. (Quite often the people receiving the phish email will not even have an account with the bank that the email claims to come from). The link provided in the email does not take the receiver to the real bank's website but to a fake version of the site where, if the individual enters their banking login credentials, these can be stolen by the cybercriminals running the scam.
There are many other scams which use social engineering and some are as simple as telephoning someone in an office claiming to be from their IT support department and asking them for their passwords. Social engineering threats can be difficult to defend against and there is no software protection available, so people need to be trained to be aware of these kinds of threat and to be on their guard at all times.
Some of the well-known social engineering threats with specific names include the following:
Shoulder surfing: This is simply looking over someone's shoulder in an attempt to obtain sensitive information such as usernames, passwords and PINs Careful placement of monitors can help prevent this.
Spear phishing and whaling: These are both forms of phishing that involve targeting a specific group of people rather than the blanket approach used with phishing. For example, a criminal might send an emailto all the employees in a company that claims to come from one of the company directors, which asks them to reply to the email with their system password.
This is known as spear phishing because it is targeted phishing, Because the email looks as if it comes from the company director, employees might be fooled into responding. Whaling involves sending phish emails to senior executives ('whales) specifically.
Dumpster diving: Looking through recycling bins (dumpsters) can provide valuable information. They might, for example, be able to obtain a company employee directory that contains all the emails and phone numbers of everyone in the company. This information could then be used for a phishing or whaling attack.
Software-driven threats (malware)
Social engineering cyberattacks use malicious software known as malware. Malware is one of the best known threats to IT security and, although the first malware was originally created in the 1980s as an experiment or prank, malware is now a serious threat to computer systems.
Malware is very common and large amounts of malware are released every year. The main route for malware to reach computers is via the internet, although infection via removable devices such as USB drives is also common.
Malware usually targets Microsoft Windows computers, and is much less prevalenton other operating systems such as Linux. The increasing use of mobile devices has led to more and more malware being created to attack Android and Apple IOS.
There are a number of different types of malware:
Viruses are programs that are usually concealed within another program or file. They replicate by inserting copies of themselves into other programs or files. They usually (but not always) have a malicious intent.
Worms, like viruses, also replicate themselves, often over a computer network, but, unlike viruses, they do not attach to another file or program Worms often seek out known security flaws and wormi their way into the system through these holes hence the name.
Trojan horse is a term for any type of malcious program that pretends to be something useful or interesting in an attempt to get a user to unwittingly download or install it.
Ransomware is a type of malware that restricts access to a user's computer, often by enceypting files, and demands a ransom be paid before the computer will be unlocked.
Spyware collects information without the user's consent and is most commonly used to collect information about a user's internet browsing habits with the aim of showing targeted pop up adverts to the user. Some types of Spyware include an embedded keylogger. This records any information you type at your keyboard which can be sent on to someone else who may have a malicious intent.
Adware is malware that presents adverts to the user, usually using pop up windows. It may (like spyware) analyse a user's internet habits to provide targeted adverts. Spyware and adware do not normally have a damaging effect on a computer but can be irritating for the user.
Rootkit is a term for a program which can allow an attacker access to areas of a computer that they would not normally have access to. For example, it might provide the attacker with administrator or root access to the operating system.
Backdoor is a method that is used to bypass a computer's normal authentication procedures, thereby providing unauthorised remote access to the computer.
Logic bomb is code included in malware that lurks for a while and then executes when certain conditions are met, such as a specific date being reached. Such malware can spread widely across computer systems before it is noticed.
Published on Tue 27 March 2012 by Gary Hall in Security with tag(s): history