What Is a Cyberattack?

Cyber attacks (also known as cyber attacks ) are any type of offensive action against computer information systems, infrastructure, computer networks, or personal computer equipment. For computers and computer networks, destroying, exposing, modifying, disabling software or services, stealing or accessing data from any computer without authorization will be considered as attacks on computers and computer networks .

In recent years, cyber attack incidents have occurred frequently.

It is divided into the following levels from shallow to deep:

(1) Simple denial of service.

(2)

Step 1: Hide your own position

Ordinary attackers will use other people's computers to hide their real IP addresses. Sophisticated attackers will also use the unattended transfer service of 800 phones to connect to the ISP, and then use other people's accounts to access the Internet.

Step 2: Find and analyze

The attacker first needs to find the target host and analyze the target host. Can be really identified on the Internet

Based on the above analysis and identification of network attacks, we should carefully develop targeted strategies. Identify security objects and set up a strong security guarantee system. In some cases, the defense is layered in the network, and each layer of the network is brought into play, so that each layer becomes a checkpoint, so that the attacker has no gaps to drill and can do nothing. It is also necessary to be proactive and preventive, to back up important data and to pay attention to system operating conditions at all times. The following are for many worrying

Classification method based on empirical terms

Attack term-based taxonomy is a method of describing and classifying attacks through social and technical terms. Lcove divides attacks into more than 20 categories such as viruses, worms, DDoS, and network spoofing according to this method. However, this classification method is difficult to meet the completeness and mutual exclusion, and there is a large overlap between terms.

Classification method based on a single attribute

Jayaram et al. Divided the network attacks into five categories: physical attacks, system attacks, malicious program attacks, permission attacks, and communication process attacks. This classification method can only describe the characteristics of attack attributes in a macroscopic way. It cannot reflect the characteristics of other aspects of the attack and is not universal.

Classification method based on multi-dimensional attributes

A classification method based on multi-dimensional attributes, a method of extracting multiple attributes in an attack process to represent an attack process and classifying the process. Wang Zhao et al. Proposed a multi-dimensional attribute-based method for classifying cyber attacks. , Time consuming, degree of automation, degree of destruction, propagation ability and defense ability in 14 aspects. The classification method based on multi-dimensional attributes can better overcome the shortcomings of universality and scalability based on terminology and single attribute-based classification methods.

Application-based classification

An application-based classification method is a method for classifying attacks initiated by a specific type of application. Alvarez and others

Web application attacks are analyzed and described. Welch et al. Studied wireless network attacks and described them in terms of sniffing, man-in-the-middle, and replay attacks. This classification method can describe network attacks for specific types of applications, but it has natural defects in universality and cannot adapt to a variety of application scenarios.

Classification method based on attack process

The classification method based on the attack process is a method for classifying the technical methods applicable in the attack process. Liu Xinran and others proposed a life-cycle-oriented network attack classification system. It carried out different phases of the network attack process from six aspects: platform dependency, vulnerability correlation, attack action point, attack result, damage intensity and spread. Described ^[2]

With the new development trend of network attack technology and attack tools, organizations that run business through the Internet are facing unprecedented risks. This article will analyze the new trends of network attacks to enable readers to recognize, evaluate, and reduce these risks.

An increasingly asymmetric threat

Security on the Internet is interdependent. The probability of each Internet system being attacked depends on the security status of other systems connected to the global Internet. Due to advances in attack technology, an attacker can relatively easily use distributed systems to launch a destructive attack on a victim. As deployment automation and attack tool management skills increase, threats will continue to increase.

Attack tools are getting more sophisticated

Attack tool developers are using more advanced techniques to arm attack tools. Compared to the past, the characteristics of attack tools are harder to find and more difficult to detect with features. Attack tools have three characteristics: anti-detection, and attackers use the technology of covert attack tool characteristics, which makes security experts spend more time analyzing new attack tools and understanding new attack behaviors; dynamic behavior, early attack tools are determined by a single The attack steps are executed sequentially. Automatic attack tools can change their patterns and behaviors based on random selection, pre-defined decision paths, or direct management by intruders. The maturity of attack tools is different from earlier attack tools. By upgrading or replacing a part of the tool rapidly, a rapidly changing attack is launched, and multiple different forms of attack tools will appear in each attack. In addition, attack tools are increasingly being developed to execute on multiple operating system platforms. Many common attack tools use protocols such as IRC or HTTP (Hypertext Transfer Protocol) to send data or commands from an intruder to an attacked computer, making it increasingly difficult for people to distinguish attack characteristics from normal, legitimate network transmission streams. The harder it is.

Finding security vulnerabilities is getting faster and faster

Newly discovered security vulnerabilities in cyber attacks are doubling every year. Managers are constantly patching these vulnerabilities with the latest patches, and new types of security vulnerabilities are found every year. Intruders are often able to find targets before vendors patch these vulnerabilities.

Increasing firewall penetration

The firewall is the main protection that people use to prevent intruders. But more and more attack technologies can bypass the firewall. For example, IPP (Internet Printing Protocol) and WebDAV (Web-based Distributed Authoring and Translation) can be used by attackers to bypass the firewall.

Increased automation and attack speed

The level of automation of attack tools continues to increase. Automated attacks generally involve four phases, with new changes in each phase. Scan for possible victims. Since 1997, extensive scanning has become commonplace. Scanning tools take advantage of more advanced scanning modes to improve scanning results and speed. Damage to fragile systems. Previously, security holes were only exploited after extensive scans were completed. Attack tools use these vulnerabilities as part of their scanning activities to speed up the spread of the attack. Spread the attack. Before 2000, attack tools required humans to launch a new round of attacks. The attack tool can launch a new attack on its own. Tools like Red Code and Nimda can spread themselves, reaching global saturation points in less than 18 hours. Coordinated management of attack tools. With the advent of distributed attack tools, attackers can manage and coordinate a large number of deployed attack tools distributed across many Internet systems. Distributed attack tools can more effectively launch denial-of-service attacks, scan for potential victims, and endanger systems with hidden security risks.

Increased threat to infrastructure

Infrastructure attacks are attacks that affect key components of the Internet on a large scale. As users increasingly rely on the Internet to complete daily business, infrastructure attacks have caused growing concern. The infrastructure faces distributed denial-of-service attacks, worms, attacks on the Internet Domain Name System (DNS), and attacks on routers or attacks using routers.

Denial of service attacks use multiple systems to attack one or more victim systems, causing the victim system to refuse to provide services to its legitimate users. The degree of automation of attack tools allows an attacker to install their tools and control tens of thousands of compromised systems to launch attacks. Intruders often search for address blocks known to contain a large number of vulnerable systems with high-speed connections. Cable modems, DSLs, and university address blocks are increasingly the target of intruders planning to install attack tools. Because the Internet is composed of limited and consumable resources, and the security of the Internet is highly interdependent, denial of service attacks are very effective. A worm is a self-propagating malicious code. Unlike viruses that require users to do something to continue breeding, worms can reproduce themselves. Coupled with the fact that they can exploit a large number of security vulnerabilities, a large number of systems can be attacked within hours. Some worms include built-in denial-of-service attack payloads or Web site corruption payloads, while others have dynamic configuration capabilities. However, the biggest influence of these worms is that because they generate a large number of scanning transmission streams when they spread, their propagation actually generates a denial attack on the Internet, causing a lot of indirect damage (such examples include: DSL routers are down; It is not the scan itself that caused the cable modem ISP network to be overloaded due to the surge in basic network management (ARP) traffic caused by the scan).

U.S. military develops cyber attack weapons

According to the Defense News website reported on October 4, 2012, a military official said that the United States needs to develop offensive weapons in cyberspace to protect the country from cyber attacks.

Keith Alexander, commander of the US Cyber Command and director of the US National Security Agency, said, "If the defense is simply trying to stop the attack, then it will never be successful. The government needs to kill the attack before it happens, and what kind of defense measures to take Attributed to the attack. "

Alexander said at the Cybersecurity Summit hosted by the American Chamber of Commerce that any cyber attack requires adherence to similar principles of engagement in other military situations.

The US military has begun researching various cyberspace strategies, including offensive weapons. DARPA began to build a platform for cyberspace attack capabilities, and it invited experts from academia and industry to participate. ^[3]

IN OTHER LANGUAGES

• English
• Čeština
• Dansk
• Deutsch
• Svenska
• Français
• Italiano
• Nederlands
• Norsk
• Polski
• Português
• Español
• 日本語
• 한국어