Cybersecurity Pillars, Threats, and Attacks

5 Pillars of Cybersecurity

Protection of information from disclosure to unauthorized individuals, systems, or entities.

Confidentiality

Protection of information, systems, and services from unauthorized modification.
```
Integrity
```
Guarantee of timely, reliable access to data and services by authorized users.

Availability

The ability to correlate a recorded action with its originating individual or entity.

Non-repudiation

The ability to verify the identity of an individual or entity.

Authentication

What pillar is violated?

Eve listens in on Alice and Bob's phone conversation without their permission.
```
Confidentiality
```
Eve pretends to be Alice, and convinces a bank teller to withdraw money from Alice's account.
```
Authentication
```
Eve steals Bob's Facebook password.
```
Confidentiality
```
Eve deletes her own web browser's history, which her employer disallowed by the policy.
```
Non-repudition
```
Eve cuts the power to Bob's data center, shutting down all of his systems.
```
Availability
```
Eve logs into Bob’s Facebook account without his permission.
```
Authentication
```
Eve sends a threatening letter to Alice, but later denies having sent it.
```
Non-repudiation
```
Eve defaces a website of a company she does not like.
```
Integrity
```
Eve sends an e-mail to Bob pretending to be Alice.
```
Authentication
```
Alice attempts to speak with Bob, but Eve yells over the top preventing both from hearing each other.
```
Availability
```
Eve later denies the fact that she contractually promised to replay Bob $500 before the first of the year.
```
Non-repudiation
```
Eve duplicates the entire content of Alice's Hard Disk Drive (HDD) while staying aboard in a hotel room.
```
Confidentiality
```
Bitcoin's Blockchain (a public ledger of transactions) records financial transfers. Alice has 1 BTC, but her private key was stolen by Eve.
```
Confidentiality
```
Alice and Bob write software for a satellite system. However, neither implemented proper algorithms to convert from English to metric measurements, and the $125M satellite was lost entering Mars orbit. (See a wiki page on this indicent).
```
Integrity
```

A Model for Computer Security

We overview some terms used in computer security.

Asset : system resource that users and owners wish to protect. The assets of a computer system include hardware, software, data, communication facilities and networks.
Vulnerability : a weakness of a computer system that can be exploited. In particular, the system can be corrupted, leaky or unavailable.
Threat : a potential security harm to an asset.
Adversary (attacker, threat agent) : An entity that attacks, or is a threat to, a system.
Attack : a threat that is carried out.
Risk : an expectation of loss associated with an event of security breach.
For event e, the risk can be expressed as:
```
Risk(e) = Likelihood(e) x Impact(e).
```
Countermeasure : An action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it.

Security concepts and relations can be described as follows:

Types of Threats/Attacks

The following is based on https://www.csirt.gob.cl/eng/incident-classification-taxonomy/.

Information Gathering
- Attacks that send requests to a system to discover weak points. This includes also some kind of testing processes to gather information about hosts, services and accounts. Examples: fingerd, DNS querying, ICMP, SMTP, port scanning.
```
Scanning
```
- Observing and recording of network traffic (wiretapping or eavesdropping).
```
Sniffing 
```
- Gathering information from a human being in a non‐technical way (e.g. lies, tricks, bribes, or threats).
```
Social Engineering
```
Intrusions: A successful compromise of a system or application (service). This can have been caused remotely by a known or new vulnerability, but also by an unauthorized local access. Also includes being part of a botnet.
Intrusion Attemps
- Login attempts: Multiple login attempts (Guessing / cracking of passwords, brute force).
- Exploiting known vulnerabilities: An attempt to compromise a system or to disrupt any service by exploiting vulnerabilities with a standardised identifier such as CVE name (e.g. buffer overflow, backdoor, cross site scripting, etc.).
- New attack signature:An attempt using an unknown exploit.
Fraud
- An attack that uses a fake identity, such as a network identity, to gain unauthorized access to personal computer information through legitimate access identification.
```
Masquerading
```
- Masquerading as another entity in order to persuade the user to reveal a private credential.
```
 Phishing
```
- Unauthorized use of resources: Using resources for unauthorized purposes including profit-making ventures (E.g. the use of e-mail to participate in illegal profit chain letters or pyramid schemes).
Abusive content
- Incendiary Speech: Discreditation or discrimination of somebody.
- Spam: The recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having a functionally comparable content.
Malware
- Malware designed to restrict availability of computer systems until a sum of money (ransom) is paid.
```
Ransomware
```
- Standalone malware that replicates itself in order to spread to other computer systems.
```
Worm 
```
- Malware that injects unsolicited advertising material (e.g., pop ups, banners, videos) into a user interface, often when a user is browsing the web.
```
Adware 
```
- Malware that misleads users of its true intent by disguising itself as a legitimate program.
```
Trojan
```
- Malware installed on a computer system without permission and/or knowledge by the operator, for the purposes of watching and tracking of user actions and collecting personal data. Keyloggers fall into this category.
```
Spyware
```
- A collection of (often) low-level software that enables attackers to gain remote access to and infiltrate data from machines, without being detected.
```
Rootkit
```
- Highly targeted networks or host attack in which a stealthy intruder remains intentionally undetected for long periods of time in order to steal and exfiltrate data.
```
Advanced persistent threats (APTs)
```
Availability Attacks:
- An attack meant to shut down a machine or network, making it inaccessible to its intended users. For example, flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop.
```
Denial-of-service
```