The World Wide Web has become a catalyst for hackers, organize criminals, insider threats, political, social action groups, and anonymous groups to excite fear on individuals, private and the public sector. These threat actors can launch malware, rootkits, spam, botnets and a host of other threat vectors at any occasion.
IT Specialist and system administrator’s job duties are to test, patch and install the latest security updates and software fixes on an organization existing system. However, this task can become a race against time in trying to mitigate a security breach. Many times the system admin has to wait for the software vendor to produce a patch to fix the problem. This is most apparent when a company is infected with a Zero-Day Exploit.
Zero-Day Exploit is an vulnerability cause by the software makers haste in bringing software to market without fully testing for defects; as a result leaving the software expose to liability without a fix. According to Rouse (2010) zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known (Rouse, 2010, para. 1).
Zero-day exploits have grown into a new technology market where security specialists are paid for discovering vulnerabilities in software and methods to halt the potential vulnerability in its software According to Simonite (2013) Zero-day exploit is a customizable software program used to infiltrate onto a computer system without detection by conventional computer security measures, such as antivirus packages or firewalls (Simonlite, 2013, para. 4). Zero-day exploits are used by hackers, cyber terrorist and social activist to steal credit card.sensitive information or to incite fear. Military...
... middle of paper ...
...sdirected to a site used to spread malware or spam on to a computer system. Even though policies have been administered to cover these problems users are can still make a mistake that can lead to possible harm on a network.
Works Cited
Chen, T.M. (2010, December) "Stuxnet, the real start of cyber warfare? [Editor's Note],"
Network, IEEE , 24(6), 2-3. doi: 10.1109/MNET.2010.5634434
Gjelten, T. (2013). First strike: US cyber warriors seize the offensive. Current, (552), 3-6.
Goral, K. (2013, June). Capture error | response crafting. Retrieved from http://responsecrafting.wordpress.com/tag/capture-error/ Rouse, M. (2010, July). What is zero-day exploit? - Definition from WhatIs.com. Retrieved from http://searchsecurity.techtarget.com/definition/zero-day-exploit Simonite, T. (2013). Welcome to the Malware-Industrial Complex. Technology Review, 116(3),
16-18.
Governments, security companies, and criminals are all potential buyers of zero day vulnerabilities. Security companies buy zero day vulnerabilities in order to gain a competitive edge. They use the zero days to provide their clients with protection from security risks that their competitors are unaware of. Governments often buy zero days to aid in their cyber warfare campaigns, or to protect their own systems from outside attack. Criminals buy zero days in order to exploit computer systems to accomplish malicious tasks such as stealing information, or initiating denial of service attacks. However there is no guarantee that anyone will buy the zero day from Beresford, or that he would be able to sell it before someone else discovered the vulnerability or a patch was
Zetter, K. (2010, January 13). Google Hackers Targeted Source Code of More Than 30 Companies | Threat Level | WIRED. Retrieved April 8, 2014, from http://www.wired.com/2010/01/google-hack-attack/
Multi-platform computer worms are a tool that computer hackers use to infect computers to gain control access. Computer worms are a dangerous virus because they are self-replicating, meaning that they multiply themselves and spread onto other computer networks seeking a lapse in internet security. Computer worms do not need to attach themselves onto an existing computer program to gain access to the victim computer files. The computer worm was created on accident by a Cornell student named Robert Morris; he was seeking a way of managing the internet in 1988. “Morris had no malicious intent, but a bug in his program caused many of the computers the worm landed on to crash. … but worms had come of age and have since evolved into an effective way of attacking systems connected to the internet” (Barwise). Today, hackers use the Morris worm to infect computers. “Five men believed to be responsible for spreading a notorious computer worm on Facebook and other social networks — and pocketing several million dollars from online schemes — are hiding in plain sight in St. Petersburg, Russia …” (Richmond). Since the good intended creation of the worm it has only been used maliciously as a computer virus by money seeking computer hackers such as the Koobface gang in Russia.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
A public utility company employed SecureState to repair their internal and external network security. Consequently, SecureState was able to access the network due to a variety of exploits. Many threats would not be present if systems were updated with the latest operating software and patches and were properly configured. This engagement revealed several critical problems within the client’s system, allowing SecureState to gain access to more resources than intended. The improperly segmented networks combined with easily exploitable vulnerabilities can allow attackers to gain access to entire networks potentially causing untold levels of damage.
Although an act of cyberterrorism has yet to occur, officials and scholars continuously study the possibilities of such an attack. As our physical and virtual worlds continue to intertwine the risk of such an event rapidly increases. Everything from our transportation systems to pharmaceutical manufacturing are computer controlled. The closest the world has come to an act of cyberterrorism was in 2000. Known as the Maroochy Shire case in Queensland, Australia was committed by Vitek Boden. Boden was an engineer for Pacific Paradise, a sewage pumping in Australia. He was able to successful hack into a control system modifying the operations and dumping millions of litres of raw sewage into the local waterways. Boden’s motivation was the only reason the act was not classified as cyberterrorism was his motivation. It was personal rather than political or religious in nature (Sharp Parker, 2009). The only reason this wasn’t the first act of cyberterrorism was motivation. As companies invest in upgrading their technological capabilities, they too need to invest in security structure to protect their systems and the public from threats of terrorism. Our government must also decide how to address public safety in regards to cyberterrorism. On September 11th, 2001 America was reminded how vulnerable we are when it comes to acts of terrorism. The sheer complexity and varying design of attacks often makes it very difficult to create a catch-all defense in fighting terrorism. To improve the disruption of terrorist activities by government agencies in the United States many laws needed to be updated to include the latest areas of electronic communications.
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
Hettinger, Mike, and Scott Bousum. "Cybersecurity." TechAmerica Cybersecurity Comments. N.p., n.d. Web. 11 Mar. 2014. .
Society has become ever-increasingly dependent upon technology, more specifically, computers to conduct personal and business transactions and communications. Consequently, criminals have targeted these systems to conduct information and cyber warfare, which can include politically motivated attacks and to profit through ill-gotten means. In an article written by Koblentz and Mazanec (2013), cyber warfare is the act of disabling an enemy’s ability to use or obtain information, degrade its ability to make decisions, and to command its military forces. Additionally, information warfare is composed of cyber warfare and related to the protection, disruption, destruction, denial, or manipulation of information in order to gain a benefit through the technologies (Taddeo, 2012). Accordingly, as technology becomes readily available to various entities, the ability to conduct or perform warfare through technological means is multiplying.
In today’s society technology is used for everything. With the invention of computers and the internet this open doors to the cyber world. Today you can do almost anything without having to leave your home. The internet gives us the opportunity of shopping online, ordering food online, working from home and video chatting with friends and family across the world. Everyone has a computer and internet access in their homes. While the internet is really convenient it also opens doors for cybercrimes, loss of privacy and the need for computer security.
In this globalized arena, with the proliferating computer users as well as computer networks, risks associated like Malware attacks are also multiplying. As the proverb
Erbschloe, Michael “Trojans, Worms, and Spyware. A Computer Security Professional’s Guide to Malicious Code”, Elsevier Inc, 2005
Black hat: Black hat are the "hackers" which means they intentionally sent a malicious code into the computer system or network. black hat hackers are violate the rules of computer security. black hat hackers hack the system without authorization and destroy files or steal data for their purposes. black hat hackers will destroy secure network which is unusable access to user as a result authorize will get a downtime access of network.
In today’s days malware is designated as a software which aims to disturb a computer with the consent or permission of the owner. This term “Malware” is used by computer professionals to describe a varied forms of destructive, annoying and intrusive software code. This word “Malware” is used to indicate all types of malware which include a true set of viruses.
The internet offers high speed connectivity between countries, which allows criminals to commit cybercrimes from anywhere in the world. Due to the demand for the internet to be fast, networks are designed for maximum speed, rather than to be secure or track users (“Interpol” par. 1). This lack of security enables hacker...