Cyber Exploits and Vulnerabilities For Ethical Hackers
Cyber Exploits and Vulnerabilities For Ethical Hackers
Cyber Exploits and Vulnerabilities For Ethical Hackers
ethical hackers
Abstract
Over the last decade, our society has become technology dependent. People rely on
computer networks to receive news, stock prices, email and online shopping. The
integrity and availability of all these systems need to be defended against a number of
threats (Simmons &others 2006). Amateur hackers, rival corporations, terrorists and
even foreign governments have the motive and capability to carry out sophisticated
attacks against computer systems. Therefore, the field of information security has
become vitally important to the safety and economic wellbeing of society as a whole.
Information can be considered as an invaluable commodity for all business entities,
and has brought about the development of various security architectures devoted to its
protection. Corporations have tended to react to the exploitation of information
security (InfoSec) vulnerabilities through the implementation of technological
measures. Vulnerabilities are the security flaws in your systems that cyber-attacks
exploit. The top vulnerabilities are readily available online for the benefit of security
professionals and hackers alike. Control systems are vulnerable to cyber-attack from
inside and outside the control system network. To understand the vulnerabilities
associated with control systems we must know the types of communications and
operations associated with the control system as well as have an understanding of the
how attackers are using the system vulnerabilities to their advantage. Its specific
application to cyber and InfoSec in a corporate setting is advantageous in developing
competent proactive strategies to reduce the presence and attractiveness of criminal
possibilities for would-be offenders. For most critical synchrophasor applications,
cyber-attacks could potentially cause severe damage to the physical equipment.
Therefore, it is vital to effectively analyze and mitigate cyber vulnerabilities (Ramesh
2004) in the synchrophasor system. Most often, attackers try to exploit communication
framework to launch attacks. Intrusion detection and prevention system (IDPS) is a
combination of detection and prevention system and used to describe current anti
intrusion technologies (Patel 2013).
Introduction
most synchrophasor applications involve transmission of data across large geographic
areas using non-reliable and insecure IP network, analysis of potential cyber
vulnerabilities and threats drawn more and more research attention. A rise in multiple
cyber-attacks and the lack of knowledge and defenses to tackle them has made it
extremely important for companies to use ethical hacking to combat hackers. While
Black Hat hackers use their skills for malicious purposes to defraud high-profile
companies or personalities, Ethical Hackers or White Hat hackers use the same
techniques (penetration testing, different password cracking methods or social
engineering) to break into a company’s cyber defense but to help companies fix these
vulnerabilities (Ramesh 2004), or loose ends to strengthen their systems. This
discussion also mentions the cyber threats comprising actors, motivation, and
capability fueled by the unique characteristics of cyberspace. It was demonstrated that
threats from intelligence agencies and criminal groups are likely to be more difficult to
defeat than those from individual hackers. The reason is that their targets may be much
less predictable while the impact of an individual attack (Kim 2012) is expected to be
less severe. Intrusion detection and prevention are two broad terms describing
application security practices used to mitigate attacks and block new threats.The first is
a reactive measure that identifies and mitigates ongoing attacks using an intrusion
detection system. The second is a proactive security measure that uses an intrusion
prevention system to preemptively block application attacks. IDPS performance is
hindered by the high false alarm rate it produces .This is a serious concern in
information security because any false alarms will onset a severe impact to the system
such as the disruption of information availability because of IDPS blockage in
suspecting the information to be an attack attempt (Sakri 2004).
The study content
Cyber Security Vulnerabilities Vs. Threats
One point that’s worth clarifying up front in any discussion of cybersecurity for SAP
concerns the difference between a threat and vulnerability (Abomhara 2015). A threat
is something that can cause harm to your IT assets. Malware attacks and Distributed
Denial of Service (DDoS) attacks are threats. Cyber security vulnerabilities are the
inverse they’re weaknesses in your cyber defenses that leave you vulnerable to the
impact of a threat (Simmons &others 2006).
Ethical Hacking
The practice of breaking into computers without malicious intent, simply to find
security hazards and report them to the people responsible. Ethical hacker refers to
security professional who apply their hacking skills for defensive purpose and
constructive purpose (Rathore 2015).
cyber-attack exploits
Recent studies on sequential attack schemes revealed new smart grid vulnerability
(Abomhara 2015). That can be exploited by attacks on the network topology.
Traditional power systems contingency analysis needs to be expanded to handle the
complex risk of cyber-physical attacks. Cyber criminals deliver malware and other
threats via cyber-attacks (Kim 2012). They might use the following:
1) Exploits and exploit kits: An exploit could be a piece of malicious code which will
compromise security vulnerability. Several are developed by the protection services.
as an example, in 2017 the WannaCry ransomware unfold mistreatment associate
exploit referred to as Eternal Blue. This exploit had been developed by, and taken
from, the North American nation National Security Agency. Exploit kits square
measure collections of multiple exploits. Offered for rent on the dark internet, they
permit unskilled criminals to alter attacks on famed vulnerabilities.
2) MITM attacks: An MITM (man-in-the-middle) attack happens once a hacker inserts
themselves between a tool and a server to intercept communications which will then
be scan and/or altered. MITM attacks (Kim 2012) usually happen once a user logs on
to Associate in nursing insecure public Wi-Fi network. Attackers will insert
themselves between a visitor’s device and also the network. The user can then
unwittingly pass data through the wrongdoer.
3) Social engineering: Social engineering is employed to deceive and manipulate
victims so as to get data or gain access to their laptop. This is achieved by tricking
users into clicking malicious links or by physically gaining access to a laptop through
deception.
One unfortunate outcome of the current cyber security crisis is the revelation of
humanity’s incredible inventiveness when it comes to these sorts of malicious acts.
Attackers arm themselves with pretty much any kind of cyber threat you can imagine
and many that no one would have ever conceived of even a few years ago. The
following are some of the most common types of cyber threats (Simmons &others
2006).
1) Network-borne attacks
2) Application attacks
3) Email-borne attacks
4) Social engineering
5) Malware: As pointed out earlier, new malware is being created all the time.
However, while the statistic of 360,000 new malware files a day sounds daunting, it’s
important to know one thing: Many of these “new” malware files are simply rehashes
of older malware programs that have been altered just enough to make them
unrecognizable to antivirus programs.
IDPS definition
1) Signature-based
2) Statistical anomaly-based