Question

cyber lab system’s problem?

Answer 1

Cyber System major Problems

These are the major cyber lab problems which we should have to cater out in this era. some of these are described below...

The main goal behind any cyber attack is to gain unauthorized access to something of value, this could be: data, intellectual property, underlying network, or the users’ computers. All the current cyber security problems are not new, but they have taken more dangerous forms either because of the avaialbility of new technologies, ways to

1- APT: Advanced Persistent Threat, more often than not state-sponsored hackers, who are able to gain access to a network undetected and stay that way for sometime. Usually, the goal of the regular cyber attacks is get to a target and leave, this target could be data, information, intellectual property, etc. The goal of APT, is to get in and stay in, so the attackers must get in undetected and change their techniques constantly to avoid detection by regular Intrusion Detection tools. Stuxnet is a good example of APT.

2- Ransomware: this is an old problem that got a new breath of life. The first ransomeware was identified back in 1989, so it is not a new issue. The recent rise of ransomware is mainly due to digital coins, which can’t be tracked, such as BitCoin becoming more main stream. Ransomeware in a nutshell, is a piece of malware, which the attacker tricks the victim into executing, once it is executed it starts to selectively encrypt important files such as: *.doc, *.xls, *.pdf, etc. Once the victim pays the ransom amount, the attacker sends the victim the key to decrypt the files. Hospitals are a usual target for ransomware due to the time sensitivity where the victims need access to files as soon as possible which makes them more likely to pay the attackers.

3- Application Security: These are the software coding flaws that attackers use to hack applications, and could lead to full system takeover. For example, SQL Injections; which is an attacker where the attacker tricks the application to execute commands they (i.e. the attacker) controls. Most of the all time data breaches could be linked to an SQL Injection; e.g. TJX 94M Credit Cards - 2006 , Heartland Payment Systems - 130M Credit Cards - 2012, etc). There are other flaws such as cross-site scripting, other types of injection flaws, authentication and authorization issues, etc.

The following are new types of attacks that we started to see recenetly and we will have to see how they will shape the cyber security scene:

1- Extortion attacks: this is basically an attacker who stole some confidential documents, while they could sell them for a decent reward, they would use to blackmail or publicly humiliate someone, e.g. Panama Papers hack, where 11.5 million leaked documents that detail financial and attorney–client information for more than 214,488 offshore entities. The documents revealed how wealthy individuals were able to avoid paying taxes by moving their money offshore.

2- Car Hacking: Two security researchers demonstrated how they could take complete takeover of a Jeep car. With self-driving cars on the rise, and the fact that they must be interconnected this could become of the biggest threat ever. Although, there are no record of a hacking attempt using cars, it remains as a real threat.

3- IoT Attacks: with all the IoT devices popping up for a $20 a pop, their security can’t be anything other than disaster. We started to see what’s called as IoT Botnets. A regular botnets is a group of computer that were accessed and controlled by a malicious entity without the knowledge of their owners, they could be collectively controlled through a command and control center that the hacker controls. The IoT botnet is made up of not only dedicated computers but also cardiac implant monitors, mechanical sensors, household and industrial appliances, and other devices equipped with IP Addresses and the ability to transmit data over a network