Cyber Exploits and Vulnerabilities For Ethical Hackers

Download as pdf or txt
Download as pdf or txt
You are on page 1of 10
At a glance
Powered by AI
The key takeaways are that society has become dependent on technology and computer networks, and cyber attacks exploit vulnerabilities to compromise systems. Ethical hacking techniques like penetration testing can help identify vulnerabilities to strengthen security.

Vulnerabilities are security flaws that can be exploited by cyber attacks. Common vulnerabilities include issues in communication frameworks and improper access controls. Attackers probe for vulnerabilities to gain unauthorized access or deny service.

Ethical hacking, also known as penetration testing, involves using the same techniques as hackers but to identify vulnerabilities and help organizations strengthen their defenses against cyber threats like data theft or service disruption.

Cyber exploits and vulnerabilities for

ethical hackers
Abstract
Over the last decade, our society has become technology dependent. People rely on
computer networks to receive news, stock prices, email and online shopping. The
integrity and availability of all these systems need to be defended against a number of
threats (Simmons &others 2006). Amateur hackers, rival corporations, terrorists and
even foreign governments have the motive and capability to carry out sophisticated
attacks against computer systems. Therefore, the field of information security has
become vitally important to the safety and economic wellbeing of society as a whole.
Information can be considered as an invaluable commodity for all business entities,
and has brought about the development of various security architectures devoted to its
protection. Corporations have tended to react to the exploitation of information
security (InfoSec) vulnerabilities through the implementation of technological
measures. Vulnerabilities are the security flaws in your systems that cyber-attacks
exploit. The top vulnerabilities are readily available online for the benefit of security
professionals and hackers alike. Control systems are vulnerable to cyber-attack from
inside and outside the control system network. To understand the vulnerabilities
associated with control systems we must know the types of communications and
operations associated with the control system as well as have an understanding of the
how attackers are using the system vulnerabilities to their advantage. Its specific
application to cyber and InfoSec in a corporate setting is advantageous in developing
competent proactive strategies to reduce the presence and attractiveness of criminal
possibilities for would-be offenders. For most critical synchrophasor applications,
cyber-attacks could potentially cause severe damage to the physical equipment.
Therefore, it is vital to effectively analyze and mitigate cyber vulnerabilities (Ramesh
2004) in the synchrophasor system. Most often, attackers try to exploit communication
framework to launch attacks. Intrusion detection and prevention system (IDPS) is a
combination of detection and prevention system and used to describe current anti
intrusion technologies (Patel 2013).
Introduction
most synchrophasor applications involve transmission of data across large geographic
areas using non-reliable and insecure IP network, analysis of potential cyber
vulnerabilities and threats drawn more and more research attention. A rise in multiple
cyber-attacks and the lack of knowledge and defenses to tackle them has made it
extremely important for companies to use ethical hacking to combat hackers. While
Black Hat hackers use their skills for malicious purposes to defraud high-profile
companies or personalities, Ethical Hackers or White Hat hackers use the same
techniques (penetration testing, different password cracking methods or social
engineering) to break into a company’s cyber defense but to help companies fix these
vulnerabilities (Ramesh 2004), or loose ends to strengthen their systems. This
discussion also mentions the cyber threats comprising actors, motivation, and
capability fueled by the unique characteristics of cyberspace. It was demonstrated that
threats from intelligence agencies and criminal groups are likely to be more difficult to
defeat than those from individual hackers. The reason is that their targets may be much
less predictable while the impact of an individual attack (Kim 2012) is expected to be
less severe. Intrusion detection and prevention are two broad terms describing
application security practices used to mitigate attacks and block new threats.The first is
a reactive measure that identifies and mitigates ongoing attacks using an intrusion
detection system. The second is a proactive security measure that uses an intrusion
prevention system to preemptively block application attacks. IDPS performance is
hindered by the high false alarm rate it produces .This is a serious concern in
information security because any false alarms will onset a severe impact to the system
such as the disruption of information availability because of IDPS blockage in
suspecting the information to be an attack attempt (Sakri 2004).
The study content
 Cyber Security Vulnerabilities Vs. Threats

One point that’s worth clarifying up front in any discussion of cybersecurity for SAP
concerns the difference between a threat and vulnerability (Abomhara 2015). A threat
is something that can cause harm to your IT assets. Malware attacks and Distributed
Denial of Service (DDoS) attacks are threats. Cyber security vulnerabilities are the
inverse they’re weaknesses in your cyber defenses that leave you vulnerable to the
impact of a threat (Simmons &others 2006).

 Ethical Hacking

The practice of breaking into computers without malicious intent, simply to find
security hazards and report them to the people responsible. Ethical hacker refers to
security professional who apply their hacking skills for defensive purpose and
constructive purpose (Rathore 2015).

 Types of cyber security vulnerability


1) Network vulnerabilities result from insecure operating systems and network
architecture. This includes flaws in servers and hosts, misconfigured wireless
network access points and firewalls, and insecure network protocols.
2) Hardware vulnerabilities are exploitable weaknesses in computer hardware.
Examples include the Specter and Meltdown vulnerabilities, which were found
in processors manufactured by Intel, ARM and AMD. They affected almost
every system, including desktops, laptops, servers and smartphones.

3) Software and application vulnerabilities are flaws such as coding errors or


software responding to certain requests in unintended ways. They include CSRF
(cross-site request forgery) and XSS (cross-site scripting) vulnerabilities.

4) Zero-day vulnerabilities are security flaws that have been discovered by


criminals but are unknown to, and therefore unpatched by, the software
vendors. The term refers to the number of days the vendor has to address the
vulnerability. (Zero-day exploits are code that compromise zero-day
vulnerabilities.)

 cyber-attack exploits

Recent studies on sequential attack schemes revealed new smart grid vulnerability
(Abomhara 2015). That can be exploited by attacks on the network topology.
Traditional power systems contingency analysis needs to be expanded to handle the
complex risk of cyber-physical attacks. Cyber criminals deliver malware and other
threats via cyber-attacks (Kim 2012). They might use the following:

1) Exploits and exploit kits: An exploit could be a piece of malicious code which will
compromise security vulnerability. Several are developed by the protection services.
as an example, in 2017 the WannaCry ransomware unfold mistreatment associate
exploit referred to as Eternal Blue. This exploit had been developed by, and taken
from, the North American nation National Security Agency. Exploit kits square
measure collections of multiple exploits. Offered for rent on the dark internet, they
permit unskilled criminals to alter attacks on famed vulnerabilities.
2) MITM attacks: An MITM (man-in-the-middle) attack happens once a hacker inserts
themselves between a tool and a server to intercept communications which will then
be scan and/or altered. MITM attacks (Kim 2012) usually happen once a user logs on
to Associate in nursing insecure public Wi-Fi network. Attackers will insert
themselves between a visitor’s device and also the network. The user can then
unwittingly pass data through the wrongdoer.
3) Social engineering: Social engineering is employed to deceive and manipulate
victims so as to get data or gain access to their laptop. This is achieved by tricking
users into clicking malicious links or by physically gaining access to a laptop through
deception.

 TYPES OF CYBER THREATS

One unfortunate outcome of the current cyber security crisis is the revelation of
humanity’s incredible inventiveness when it comes to these sorts of malicious acts.
Attackers arm themselves with pretty much any kind of cyber threat you can imagine
and many that no one would have ever conceived of even a few years ago. The
following are some of the most common types of cyber threats (Simmons &others
2006).

1) Network-borne attacks

2) Application attacks

3) Email-borne attacks

4) Social engineering

5) Malware: As pointed out earlier, new malware is being created all the time.
However, while the statistic of 360,000 new malware files a day sounds daunting, it’s
important to know one thing: Many of these “new” malware files are simply rehashes
of older malware programs that have been altered just enough to make them
unrecognizable to antivirus programs.

 IDPS definition

Intrusion Detection System (IDS) is a device designed to be active security; it can


detect an attack as it occurs. Intrusion Prevention System (IPS) is an extension of IDS
technology (Patel 2013), which can detect an intrusion and also prevent that intrusion
from successfully attacking the organization by means of an active response. Intrusion
detection and prevention are two broad terms describing application security practices
used to mitigate attacks and block new threats. An IDS is either a hardware device or
software application that uses known intrusion signatures to detect and analyze both
inbound and outbound network traffic for abnormal activities. IDPS used to prevent
problem behaviors by increasing the perceived risk of discovery and punishment. This
is done through (Sakri 2004):

1) System files comparisons against malware signatures.


2) Scanning processes that detect signs of harmful patterns.
3) Monitoring user behavior to detect malicious intent.
4) Monitoring system settings and configurations.
 TYPES OF IDP SYSTEMS

The two basic types of IDS system are (Patel 2013):

1) Host Intrusion Detection System (HIDS)

2) Network Intrusion Detection System (NIDS)

All IDS system use one of three detection methods:

1) Signature-based

2) Statistical anomaly-based

3) Stateful packet inspection


The conclusion
Some specific types of cyber victimization that business entities have experienced from
sources external to the organization include: harassing personnel via computer
communication capacities; manipulating or compromising data integrity; denying the
provision of services essential for the corporation, installing ‘sniffing’ programs to
capture and analyze potentially sensitive data sent across a network connection;
stealing proprietary data, trade secrets, passwords, or company resources; introducing
viruses; hijacking legitimate user accounts; and perpetually probing or scanning of
computer system IP ports to discover vulnerabilities, which can then be exploited.
Ethical hacking is a proactive form of information security and is also known as
penetration testing, intrusion testing and red teaming. An ethical hacker is sometimes
called a legal or white hat hacker and its counterpart a black hat, a term that comes
from old Western movies, where the "good guy" wore a white hat and the "bad guy"
wore a black hat. Cyber-attacks are frequent and a serious problem for organizations
and individuals. Numerous models, tools and metrics have been proposed for the
purpose of measuring and managing cyber security. There have been instances of
"ethical hackers" reporting vulnerabilities they have found while testing systems
without the owner's express permission. Even the LulzSec black hat hacker group has
claimed its motivations include drawing attention to computer security flaws and holes.
This type of hacking is a criminal offence in most countries, even if the purported
intentions were to improve system security. In this struggle to secure our stored data
and the systems, IDPS can prove to be an invaluable tool, where its goal is to perform
early detection of malicious activity and possibly prevent more serious damage to the
protected systems. By using IDPS, one can potentially identify an attack and notify
appropriate personnel immediately or prevent it from succeeding, so that the threat can
be contained (Sakri 2004). IDPS can also be a very useful tool for recording forensic
evidence that may be used in legal proceedings if the perpetrator of a criminal breach is
prosecuted
References
 Ramesh, B.P., 2004. 'Cyber Coolies' in BPO: Insecurities and Vulnerabilities of
Non-Standard Work. Economic and Political Weekly, pp.492-497.
 Sakri, S., 2004. Intrusion detection and prevention.
 Patel, A., Taghavi, M., Bakhtiyari, K. and JúNior, J.C., 2013. An intrusion
detection and prevention system in cloud computing: A systematic review.
Journal of network and computer applications, 36(1), pp.25-41.
 Kenkre, P.S., Pai, A. and Colaco, L., 2015. Real time intrusion detection and
prevention system. In Proceedings of the 3rd International Conference on
Frontiers of Intelligent Computing: Theory and Applications (FICTA) 2014 (pp.
405-411). Springer, Cham.
 Abomhara, M., 2015. Cyber security and the internet of things: vulnerabilities,
threats, intruders and attacks. Journal of Cyber Security and Mobility, 4(1),
pp.65-88.
 Shin, S.W., Oh, J., Kim, K.Y., Jang, J.S. and Sohn, S.W., Electronics and
Telecommunications Research Institute, 2009. Network intrusion detection and
prevention system and method thereof. U.S. Patent 7,565,693.
 Nadeem, A. and Howarth, M., 2013. Protection of MANETs from a range of
attacks using an intrusion detection and prevention system. Telecommunication
Systems, 52(4), pp.2047-2058.
 Kim, A., Wampler, B., Goppert, J., Hwang, I. and Aldridge, H., 2012. Cyber
attack vulnerabilities analysis for unmanned aerial vehicles. In Infotech@
Aerospace 2012 (p. 2438).
 S. Simmons, D. Edwards, N. Wilde, J. Just and M. Satyanarayana,2006 ,
"Preventing unauthorized islanding: cyber-threat analysis," 2006 IEEE/SMC
International Conference on System of Systems Engineering, Los Angeles, CA,
pp. 5 pp.-.
 Rathore, N., 2015. Ethical hacking and security against cyber crime. i-manager's
Journal on Information Technology, 5(1), p.7.

Best PDF Encryption Reviews

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy