My textbook talks about attacks on computers and computer networks using specific categories. A successful attack goes through many phases. These categories focus on an attack’s lasting impact: how does it affect the target’s assets and resources? Here are the categories I use right now:
Denial of service – Pillage – Subversion
Masquerade – Forgery – Disclosure
Cybersecurity people often talk about the CIA properties – Confidentiality, Integrity, and Availability. We can turn each of these into the name of an attack, but I find the result too general, especially Availability and Integrity.
Denial of Service (DOS)
This is one part of Availability: when an attack prevents us temporarily from using an important resource. Classic Internet DOS attacks temporarily block access to targeted servers by flooding them with traffic, for example, memcache amplification attacks. Ransomware attacks, like WannaCry and NotPetya, are also DOS attacks, though they attack a computer’s data instead of its network connections.
This refers to physical attacks or damage. Some might argue that this isn’t a cybersecurity-related attack. I disagree. Physical security is essential to cybersecurity.
Physical attacks affect all three CIA properties. Equipment theft is probably the most common type of physical attack, and it clearly affects Availability. Natural disasters also destroy computers, as can civil unrest. In the spring of 1970, separate protests in Lawrence, KS, and Milwaukee, WI, damaged or destroyed computer equipment.
Physical attacks can also affect integrity. In 2008 the US military’s classified networks were infested with a network worm; the attack was traced to a USB drive plugged into a military laptop in Iraq. Military officials also worry about “back doors” installed in commercial computer hardware delivered from foreign countries.
These attacks damage the integrity of to computer data and software through non-physical access. Most malware attacks represent subversion.
This type of attack typically enables other types of attacks by allowing the attacker to take on a legitimate or privileged role within the computing system.
This applies a masquerade to individual messages: the attacker creates or modifies a message that the recipient misinterprets as being legitimate. Authentication is a complex process and is often omitted in lower-level network protocols. All network protocols try to make forgery difficult or impossible, but the techniques can fail.
These attacks are failures of confidentiality. The attacks may involve other classes. For example, a malware package represents subversion, but many of them try to collect login credentials found on an infected computer. Access to sensitive data may be the result of a masquerade.
Other Types of Categories
This classification doesn’t reflect how attacks work. An SQL injection, for example, could yield a disclosure, a masquerade, or a subversion.
This is a Security Bloggers Network syndicated blog post authored by cryptosmith. Read the original post at: Cryptosmith