A cyberattack is any type of offensive manoeuvre employed by nation-states, individuals, groups, or organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.
These can be labeled as either a cyber campaign, cyberwarfare or cyberterrorism in different context. Cyberattacks can range from installing spyware on a PC to attempts to destroy the infrastructure of entire nations. Cyberattacks have become increasingly sophisticated and dangerous as the Stuxnet worm recently demonstrated.
To prevent these attacks
User behaviour analytics:
User behaviour analytics (“UBA”) as defined by Gartner, is a cybersecurity process about detection of insider threats, targeted attacks, and financial fraud. UBA tools use a specialized type of security analytics that focuses on the behavior of systems and the people using them
Security information and event management:
Security information and event management (SIEM) software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network hardware and applications.Vendors sell SIEM as software, as appliances or as managed services; these products are also used to log security data and generate reports for compliance purposes.The segment of security management that deals with real-time monitoring, correlation of events, notifications and console views is known as security event management (SEM). The second area provides long-term storage as well as analysis, manipulation and reporting of log data and security records of the type collated by SEM software, and is known as security information management (SIM).As with many meanings and definitions of capabilities, evolving requirements continually shape derivatives of SIEM product-categories. Organizations are turning to big data platforms, such as Apache Hadoop, to complement SIEM capabilities by extending data storage capacity and analytic flexibility. The need for voice-centric visibility or vSIEM (voice security information and event management) provides a recent example of this evolution.
Intelligence-driven computer network defense is a risk management strategy that addresses the threat component of risk, incorporating analysis of adversaries, their capabilities, objectives, doctrine and limitations. This is necessarily a continuous process, leveraging indicators to discover new activity with yet more indicators to leverage. It requires a new understanding of the intrusions themselves, not as singular events, but rather as phased progressions. The effect of intelligence-driven CND is a more resilient security posture. APT actors, by their nature, attempt intrusion after intrusion, adjusting their operations based on the success or failure of each attempt. In a kill chain model, just one mitigation breaks the chain and thwarts the adversary, therefore any repetition by the adversary is a liability that defenders must recognize and leverage. If defenders implement countermeasures faster than adversaries evolve, it raises the costs an adversary must expend to achieve their objectives.
The intruder would initially used a backdoor which generated network traffic matching [regular expression] at the rate of [some frequency] to [some IP address], and then replace it with one matching the MD5 hash [value] once access was established
Professional hackers, either working on their own or employed by the government or military service, can find computer systems with vulnerabilities lacking the appropriate security software. Once found, they can infect systems with malicious code and then remotely control the system or computer by sending commands to view content or to disrupt other computers. There needs to be a pre-existing system flaw within the computer such as no antivirus protection or faulty system configuration for the viral code to work. Many professional hackers will promote themselves to cyberterrorists where a new set of rules govern their actions. Cyberterrorists have premeditated plans and their attacks are not born of rage. They need to develop their plans step-by-step and acquire the appropriate software to carry out an attack. They usually have political agendas, targeting political structures. Cyber terrorists are hackers with a political motivation, their attacks can impact political structure through this corruption and destruction.They also target civilians, civilian interests and civilian installations. As previously stated cyberterrorists attack persons or property and cause enough harm to generate fear.