The role of computers and the internet in modern society is well recognized. Recent developments in the fields of networking and cyberspace have greatly benefited mankind, but the rapid growth of cyberspace has also contributed to unethical practices by individuals who are bent on using the technology to exploit others. Such exploitation of cyberspace for the purpose of accessing unauthorized or secure information, spying, disabling of networks and stealing both data and money is termed as cyber attack. Such attacks have been increasing in number and complexity over the past few years. There has been a dearth of knowledge about these attacks which has rendered many individuals/agencies/organizations vulnerable to these attacks. Hence there is a need to have comprehensive understanding of cyber attacks and its classification. The purpose of this survey is to do a comprehensive study of these attacks in order to create awareness about the various types of attacks and their mode of action so that appropriate defense measures can be initiated against such attacks.
The world today dominated by technology. Ever since the industrial revolution various new technologies have been develop which have contributed to the improvement of lifestyle. The most recent development in the field of technology since the 1980's is the use of computers. Computers have refined from bulky, complex machines to user friendly and interactive machines which could be used by any person. Coupled with the internet the computers have made communication easier. The role of computers and internet in modern society is well recognized. The use of internet has created a virtual area of communication called cyber space where fiber optic cables or wires transmit information to and from the internet. This space has be increasing steadily in size as more information is fed into it. Cyber space has gradually permeated all aspects of human life such as Banking, Hospitals, Education, Emergency services and Military. The complexity has also been increasing. As cyber space permeates all aspects of human life vulnerability to exploitation of Individuals/agencies/Organizations/ countries by persons or groups through cyberspace have been growing. Such threats are called cyber attacks. These attacks are used to spread misinformation, cripple tactical services, access sensitive information, espionage, data theft and financial losses.
The nature, complexity and severity of these attacks are increasing over a period of time. At present there is a relative lack of understanding about the various types of attacks, their mod of spread and their relative severity which has rendered many organization/ countries vulnerable to such attacks. Developing proper security measures requires a thorough understanding of such attacks and its classification. Therefore a comprehensive listing of cyber attacks and classifications of this attack form an important component of cyber security initiatives. The study attempts to classify the attacks based of various characteristics such as severity, purpose, legality etc in order to provide an understanding of the motivation behind such attacks which may allow programmers to develop security devices based on the mode of attack.
Characteristics of a cyber attacks
Disruption of integrity or authenticity of data or information is termed as computer network attack or cyber attack. The malicious code which alters the logic of the program and that causes errors in the output. The process of hacking involves the scanning of the internet to get the systems which contains poor security control and looking for systems which are mis-configured. Once a hacker infects the system he can remotely operate the infected system and the commands can be sent to make the system to act as spy for the attackers and it will also be used to disrupt the other systems. The hacker will expect the infected system to have some flaws such as bugs in software, deficient in anti-virus, flawed system configuration so that other systems can be infected through this system. Cyber attack aims to steal or hack the information of any organization or government offices. To steal the data or information the attacker or hacker follows certain characteristics so that they can achieve their aims. The characteristics are as follows:
The attacker will expect the process to be harmonized in order to infect the system. Synchronization of the steps involved to steal the information leads them to achieve what they expect. The hackers will get their result in time, in step and in their line.
An organized form of the methods will be used by the attacker or hacker lead to infect the system very easily. The usage of logically organized methods leads them to get more efficient results.
The attacks when initiated are usually large scale and virtually infect billions of computers worldwide causing large scale data and financial loss.
The attacks are regimented with perfect sequence and in such a way that the resulting damage is severe enough to compromise the working of the organization
The attacks are planned by an individual or a group who have a thorough knowledge about the latest security measures and the means to bypass these features.
Not spontaneous or ad hoc
Attacks that occur deliberate with meticulous with very careful planning in order to cause maximum carnage
Demanding Time and Resource
Attacks have to plan well in advance so it requires lot of time and money to organize an attack.
Purpose and Motivations of cyber attacks
The Main Targets of cyber attacks are the data or information of Governmental websites, financial institutions' websites, online discussion forums and News and media websites. The purpose and motivations of cyber attack involves certain processes, they are:
Obstruction of Information
The main aim of the attacker is to block the access of the important information of any organization or government offices when there is a need for particular data or information. The attacker will block the access of the information by the authorized user which compromises the ability of the organization or government to plan and execute future events.
Counter International cyber security measures
The main purpose of any major Cyber attack is to challenge and defeat the measures initiated by the international cyber security community to reduce or prevent cyber attack. Attacker tries to achieve this by increasing the complexity and sophistication of their attack or by hiding their program within some normal process which then bypasses the security.
Retardation of decision making process
Cyber attacks play a major role in crippling of critical areas such as, emergency services and military which causes delay in decision making process such as tactical deployment, activation of life support which in turn may cause death or military defeats.
Denial in providing public services
By blocking the authorized users from accessing the information of any organization or from government relating to public services the attackers can cause disruption in domains such as banking, railway and airline services, stock markets.
Abatement of public confidence
Due to hacking or stealing of the information there is a substantial loss of confidence among the public about the trustworthiness or security of an organization.
Reputation of the country will be Denigrated
Denigrating the reputation of a country is a primary motive of cyber attack. Due to technological developments every country has competencies which enhances its prestige among various developing countries and this could be seriously undermined if a large scale cyber attack is able to penetrate the countries networks.
Smashing up legal Interest
Smashing up the officially authorized work is one of the motives of cyber attack
There are five major security goals for network security. They are confidentiality, Availability, Authentication, Integrity and Non-repudiation.
The information or data of any organization should be maintained in a safe manner and it should not be easily accessed by unauthorized users. Secret storage of the content of communication plays a vital role in security.
The information or data which plays a major role in an organization or in government offices should be stored secretly whereas it should be transparent to the authorized users and it should not be easily accessed by unauthorized users. It is necessary to fix up some limitations for the legitimate users.
The identity of the authorized users should be verified in order to access the information or data before the data is being accessed. There are three ways available to verify the identity of the legitimate user they are password, tokens and biometrics. By these verification methods it is easy to separate the authorized users from the unauthorized users.
The information or data should not be altered during transmission. The information has to reach the destination precisely as it was sent from the source.
The sending and receiving parties of the information or data should ensure that both know about the delay in sending and receiving of the data or information.
This paper is organized as follows Section II contains the classification of attacks, section III discusses about security measures against cyber attacks.
2. Classification of Attacks
Figure.1 represents some common classification of Cyber Attacks
Based on Purpose
Based on severity of Involvement
Based on Scope
2.1. Based on Purpose
The attacks based on the purpose are
Denial of service Attack
Unauthorized detection, system mapping and services are termed as reconnaissance attacks. It is similar to the theft incident of a neighborhood for vulnerable to break homes which are deserted residence, doors which are not strong and window which are untied. Reconnaissance attacks can consist of the following:
A special device is used to eavesdrop upon traffic between networked computers and it will capture data addressed to other machines saving it for later analysis.
Scanning the Port
A series of messages sent by an attacker attempting to break into a computer to learn which computer services each associated with a well known port number the computer provides.
Sweeping the Ping
As canning method used by the attacker to determine which range of IP addresses map to live hosts.
Queries Regarding Internet information
An attacker can use DNS Queries to learn who owns a domain and what addresses have been assigned to that domain.
The unauthorized intruder creates the ability of gain access to a device where the intruder has no right for account and a password. One who does not have the authority to access will hack the data or they make a tool which exploits a vulnerability of the application which is being hacked or attacked. Authentication services, FTP services, and web services will be exploited by known vulnerabilities to gain the unauthorized entry to web accounts, confidential databases, and other sensitive information. Access attacks can consist of the following:
Attacks on Secret Code
It is also called as Dictionary attack, unauthorized user try to hack into the account by using all possible combinations of passwords in a small domain. There are two types of these attacks-password guessing and password resetting.
Utilization of Trust Port
An attacker compromises a trusted host using it to stage attacks on a trusted host.
An attacker uses a trusted host to access other hosts protected by a network firewall.
It is otherwise called as Janus attack or bucket-brigade attack and it is an active form of eavesdropping in which the attacker makes independent connection with victims are relays messages between them making them believe that they are in contact privately.
Social engineering websites are infected by a malicious code by SQL injection so that any user entering will also be infected or the content of these websites may be altered.
It is the act of sending a false e-mail by posing as a legitimate enterprise in order to fool the user into surrendering private information that will be used for identity theft.
Denial of service Attack
Crashing the system or makes the system unusable by slowing down the system is known as denial of service attacks also involves by deleting or corrupting information. The attacker will disable the network or they may corrupt the network system with the intent to deny services to deliberate users.
2.2. Legal classification
The cyber attacks are classified as legal classification, based on that they are
Working definition has increasingly been accepted by Canadian law enforcement agencies: "a criminal offence involving a computer as the object of the crime, or the tool used to commit a material component of the offence." The target of the cyber crime is to make the system as a tool of a crime and computer as a incidental of a crime. The computer crimes happen because of its anonymity, capacity of the computer storage, weakness in operating system, lacking of the user awareness.
By using the cracking techniques and malicious software including Trojan horses and spy ware it is the act or practice of obtaining secrets information of individuals, groups and governments for gaining benefits of their own using illegal abuse methods so as to obtain information without the permission of the holder. It is otherwise known as cyber spying. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.
The use of internet based attacks for terrorist activity including acts of deliberate large scale disruption of computer networks by use of tools such as computer viruses..
Cyber war is the act of nation state to penetrate another nation's computer or network in order to cause damage or disruption.
2.3. Based on Severity of Involvement
The cyber attack is against classified on the basic of the severity of those attacks and they are
An attack which permits the attacker to transmit data to all the parties, or block the data transmission in uni or multi directionally. The attacker may also be located between the communicating parties allowing the attacker to stop all or parts of the data sent by the communicating parties. This attacker then attempts to take the place of the client when the authentication procedure has been performed because without integrity checks of the received data, the server will not detect that the origin of the data is not the authenticated person. Without much effort, an individual programmer can adapt a system like this on a computer acting as an intermediary between two subnets.
An attack in which an unauthorized attacker eavesdrops on the communication between two parties in order to steal information stored in a system by wiretapping or similar means. Also in distinction from active attack, it does not attempt to meddle with the database but it may still constitute a criminal offense
2.4. Based on Scope
The cyber attack is again classified based on the scope such as
Malicious Large Scale
Non-Malicious Small Scale
Malicious Large Scale
The term malicious means "with deliberate intent to cause harm". A malicious large scale Attack is carried out by an individual or a group for personal gain or to cause disruption and chaos. Such attacks are large scale involving thousands of systems and cause worldwide crash of systems with loss of huge volume of data and credibility of the company.
Non-Malicious Small Scale
These are typically accidental attacks or damage due to mishandling or operational mistakes done by a poorly trained individual which cause minor loss of data or system crashes. In such cases only a few systems in the network are compromised and data is usually recoverable. It is associated with minor cost.
The usage of computers and Internet involves almost all aspects in our day to day life cyber security has implicit vast importance in recent years. Increasing use of cyberspace has also show the way to increase cyber threats to hack or steal the data of a government website and that makes the country lacks behind in their further activities. The US President Barack Obama said that the economy of the country depends on cyber security. By this it is easy to assume the impact over cyber attacks.