Who is threatening the security of your network?

A quick look at the basics of the threats to every IT system

The myriad threats to public, private and U.S. government networks is getting a ton of attention in Washington, D.C., this week as the House gets ready to debate yet another cybersecurity bill.

At a hearing -- "America is Under Cyber Attack: Why Urgent Action is Needed" -- a number of security experts spoke about the impact of attacks on the critical IT systems that make companies and the country run.

MORE: From Anonymous to Hackerazzi: The year in security mischief-making

"It is difficult to overstate the potential harm these threats pose to our economy, our national security, and the critical infrastructure upon which our country relies. The number and sophistication of cyber-attacks has increased dramatically over the past five years and is expected to continue to grow," said Shawn Henry, former executive assistant director for the FBI's Criminal, Cyber, Response, and Services. Henry is now president of CrowdStrike Services. "The threat has reached the point that, given enough time, motivation, and funding, a determined adversary will likely penetrate any system that is accessible directly from the Internet."

As part of the hearing, the watchdogs at the Government Accountability Office laid out some of the basics of the security problems facing the industry.

"Cyber-based threats are evolving and growing and arise from a wide array of sources. These threats can be unintentional or intentional. Unintentional threats can be caused by software upgrades or defective equipment that inadvertently disrupt systems. Intentional threats include both targeted and untargeted attacks from a variety of sources, including criminal groups, hackers, disgruntled employees, foreign nations engaged in espionage and information warfare, and terrorists. These threat sources vary in terms of the capabilities of the actors, their willingness to act, and their motives, which can include monetary gain or political advantage, among others," said Gregory Wilshusen, director, Information Security Issues, with the GAO.

According to the GAO, the most common sources of cyberthreats include:

Bot-network operators: Bot-net operators use a network, or bot-net, of compromised, remotely controlled systems to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services of these networks are sometimes made available on underground markets (e.g., purchasing a denial-of-service attack or services to relay spam or phishing attacks).

Criminal groups: Criminal groups seek to attack systems for monetary gain. Specifically, organized criminal groups use spam, phishing, and spyware/malware to commit identity theft, online fraud, and computer extortion. International corporate spies and criminal organizations also pose a threat to the United States through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent.

Hackers: Hackers break into networks for the thrill of the challenge, bragging rights in the hacker community, revenge, stalking, monetary gain, and political activism, among other reasons. While gaining unauthorized access once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus, while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency, the large majority of hackers do not have the requisite expertise to threaten difficult targets such as critical U.S. networks. Nevertheless, the worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage.

Insiders: The disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat includes contractors hired by the organization, as well as careless or poorly trained employees who may inadvertently introduce malware into systems.

Nations: Nations use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power -- impacts that could affect the daily lives of citizens across the country. In his January 2012 testimony, the Director of National Intelligence stated that, among state actors, China and Russia are of particular concern.

Phishers: Individuals or small groups execute phishing schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware or malware to accomplish their objectives.

Spammers: Individuals or organizations distribute unsolicited email with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware or malware, or attack organizations (e.g., a denial of service).

Spyware or malware authors: Individuals or organizations with malicious intent carry out attacks against users by producing and distributing spyware and malware. Several destructive computer viruses and worms have harmed files and hard drives, including the Melissa Macro Virus, the Explore.Zip worm, the CIH (Chernobyl) Virus, Nimda, Code Red, Slammer, and Blaster.

Terrorists: Terrorists seek to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the economy, and damage public morale and confidence. Terrorists may use phishing schemes or spyware/malware in order to generate funds or gather sensitive information. These sources of cyber threats make use of various techniques, or exploits, that may adversely affect computers, software, a network, an organization's operation, an industry, or the Internet itself. Table 2 provides descriptions of common types of cyber exploits.

Follow Michael Cooney on Twitter: @nwwlayer8 and on Facebook.

Join the discussion
Be the first to comment on this article. Our Commenting Policies