Privia Security was chosen as one of Türkiye's fastest growing companies!
Privia Security was chosen as one of Türkiye's fastest growing companies!
Your corporate network is always exposed to security threats. These threats can manifest themselves in a variety of ways. Categorising the threats that reach or may reach the corporate network is an important step towards identifying and implementing the necessary countermeasures. There are different ways to classify threats to your system. Incoming cyber threats can be ranked by the damage they cause, by the level of skill required to carry out the attack, or by the motivation behind it.
We need to classify the attacks we encounter according to the situations that actually cause or motivate them. Based on this philosophy, cyber attacks can be categorised into one of three main classes:
Cyber Intrusions encompass attacks carried out with the intent of unauthorised access, breaching cybersecurity, and gaining unauthorised entry to a system. This attack category includes attempts to gain unauthorised access to your system. Typically, the first step for hackers is to conduct attacks that obtain unauthorised access to systems.
Blocking is the second attack category. It includes cyber attacks designed to prevent legitimate access to a system. Blocking attacks generally take the form of DDoS attacks (or DoS alone). In this type of attack, the aim is not to infiltrate your system, but rather to deny access to authorised users and to halt the organisation’s operations.
Malware is the third threat category — the infection of a system with malicious software. Malware includes cyber attacks that gain access to a system or cause damage via malicious code. Virus attacks, Trojans, and spyware all fall into this category.
Malware is the most common threat to electronic systems, including home users’ computers, small networks, and large enterprise wide-area networks. One reason for this is that malware is designed to spread on its own, without requiring the direct involvement of its creator.
The most recognisable example of malware is the computer virus. To define a virus in general terms: “malicious software that modifies, deletes, damages, or infects other programmes by inserting a modified copy of itself.” A computer virus is designed in a manner similar to a biological virus — its first instinct is always to replicate and spread. The most common method of spreading a virus is to use the victim’s email account to distribute it to everyone in their address book. Some viruses do not directly damage the system they infect, but all can cause network slowdowns or outages due to the heavy network traffic generated by viral replication.
Another type of malware closely associated with viruses is the Trojan. The term is borrowed from an ancient tale — the story of the Trojan Horse, in which soldiers hidden inside a large wooden horse were gifted to the city of Troy. Once inside, they emerged at night to open the city gates to the attacking forces. Trojans work in the same way. They typically disguise themselves as useful software — an antivirus tool that cleans your computer, an application that boosts performance, or a free utility that fixes errors. In reality, they secretly download a virus or another type of malicious software onto your computer. While appearing to help you at the front, they execute malicious code in the background and can open a backdoor for the attacker. Trojans are far more likely to be found in illegitimate software. Many programmes offered as cracked or “full version” downloads contain Trojans. Trojans and viruses are the two most commonly encountered forms of malware.
A third and rapidly growing malware category is spyware. When spyware infects your computer, its sole purpose is espionage — it can send all of your data to cybercriminals. It is particularly capable of stealing sensitive data, capturing video recordings, and recording audio.
Another type of malicious software is the keylogger — a form of spyware. Keyloggers record every keystroke you press on your keyboard and transmit them to cybercriminals. Some can also take periodic screenshots of your computer, particularly during banking transactions.
Cyber attacks differ from blocking attacks (which deny system access to users) or attacks focused on a specific payload such as viruses and worms (malware). Cyber attacks are designed to gain access to a specific target system. The goal is to obtain unauthorised access to the system, which can then be exploited by malicious threat actors. When we examine this type of attack, it is generally characterised as attacks designed to compromise a system through operating system vulnerabilities, application vulnerabilities, or other means.
Exploiting security vulnerabilities is not the only way to gain unauthorised access to a system. In fact, some methods may be far easier from a technical standpoint. For example, human error can be exploited to compromise a system’s security. We refer to this type of attack as social engineering. It is one of the oldest and most effective techniques in the history of the internet, and it was notably the most frequently used attack type by Kevin Mitnick. Social engineering uses techniques designed to obtain the information needed to access a target system.
Social engineering and software vulnerabilities are not the only methods for conducting cyber attacks. The increasing popularity of wireless networks has given rise to new types of cyber attack. Many people do not realise that wireless network signals typically reach up to 100 metres. It is also possible to access an internal network via attacks against Wi-Fi signals from outside a building or beyond the corporate perimeter.
The third attack category is denial-of-service attacks, known as DoS or DDoS. These attacks are built around blocking access. In this type of attack, the attacker does not actually access the system — instead, they prevent legitimate users (those who are authorised to access it) from doing so. It is a commonly used blocking method, flooding the target system with connection requests until it is too overwhelmed to respond to legitimate requests. DoS and DDoS attacks are extremely prevalent attack methods in today’s technological world.
Security professionals have a specific vocabulary. Individuals with experience in network administration or system administrators are likely already familiar with many of these terms. Most hacking terminology either describes an activity or the person carrying it out. The first and most fundamental security device is the firewall.
A firewall is the perimeter security between a network and the outside world. Sometimes a firewall takes the form of a standalone server; in other cases it may also serve as a router. Firewalls can be hardware-based or software-based. Regardless of their physical form, the purpose is the same: to inspect traffic entering and leaving a network, regulate it according to defined rules, and block traffic that falls outside those rules. Firewalls are typically used alongside a proxy server. A proxy server conceals your internal network IP addresses and presents a single IP address to the outside world. Firewalls filter inbound and outbound network traffic without affecting network performance. These devices are sometimes augmented with Intrusion Detection Systems (IDS), which monitor the network and raise alerts upon detecting an attack attempt.
Access control encompasses all measures taken to restrict access to resources. These measures may include login procedures, encryption, and any behaviour designed to prevent unauthorised personnel from accessing a resource. Authentication is a subset of access control and is identified as the most fundamental security activity.
Authentication is the process of determining whether the credentials provided by a user or another system — such as a username and password — are authorised to access the relevant network resource. When a user logs in with a username and password, the system attempts to verify those credentials. If authentication is successful, the user is granted access. In some cases, a second factor — known as 2FA — may also be added to the authentication process.
Non-repudiation is another term frequently encountered in computer security. It encompasses techniques used to ensure that a person who has performed an action cannot later deny having done so. Non-repudiation provides reliable records demonstrating that a specific user performed a specific action at a specific point in time. In short, it refers to the methods used to track which users performed which actions. Various system logs are a common method for achieving non-repudiation. One of the most important security activities is auditing — the process of reviewing logs, records, and procedures to determine whether they meet established standards.
The principle of least privilege is an important concept to bear in mind when assigning privileges to any user or device. Only the minimum privileges necessary for that person to perform their job should be assigned. This simple but effective principle should always be kept in mind.
You should also consider the properties of Confidentiality, Integrity, and Availability. All security measures should address one or more of these areas. For example, hard drive encryption and strong passwords help protect confidentiality. Digital signatures help maintain integrity, and a sound backup system or network server redundancy supports availability.
Bear in mind that hacking terminology is not precise and these definitions may be debated. Terms evolve through their use within the hacker community. The most logical starting point is to define “hacker” — a term used in films and news broadcasts.
Most people use the word “hacker” to describe anyone who breaks into a computer system. However, security professionals and hackers themselves use the term differently. A hacker is defined as an expert in a particular system or systems who seeks to learn more about that system — believing that the best way to understand a system is to examine its flaws. This often implies looking to see whether a flaw in a system can actually be exploited. It is at this “exploitative” stage that hackers divide themselves into three groups.
Author: Hamza Şamlıoğlu
You May Be Interested In These
