Cyber Security Attack on an Organization or Company

Cyber Security Attack on an Organization or Company

Name:

Number:

Course:

Lecturer:

Table of Contents

TOC o “1-3” h z u Introduction PAGEREF _Toc418184942 h 2Identification of threats and attacks PAGEREF _Toc418184943 h 3Communication of identified threats and attacks PAGEREF _Toc418184944 h 6Solution and recovery to the threat problem(s) PAGEREF _Toc418184945 h 6Protection against malware PAGEREF _Toc418184946 h 6Malicious Insider attack and susceptibility of joint technology PAGEREF _Toc418184947 h 7Equipment/ device compromise PAGEREF _Toc418184948 h 7Spoofing attack for metadata PAGEREF _Toc418184949 h 7Modbus security challenge PAGEREF _Toc418184950 h 8Profiles for unfamiliar risks PAGEREF _Toc418184951 h 8Hijack of services and accounts PAGEREF _Toc418184952 h 9Abuse and evil use of cloud computing PAGEREF _Toc418184953 h 9Conclusion PAGEREF _Toc418184954 h 9References PAGEREF _Toc418184955 h 10

IntroductionSeveral security threats exist which the adversaries use to get the right of entry into the company computer systems through planned attack. The attackers can use one type of threat or even a combination of potential threats to attack the system resources such as data, software or hardware. The companies can outsource the security services from the cloud service providers. However, they need to choose the providers which meets the larger part of security requirements before migrating to the cloud environment platform.

Identification of threats and attacksThe attack on cyber security by either insiders or outsider criminals can be associated to a number of threats. The threats comprise of malware injection, spoofing attack on metadata, hijack of service and accounts, company malicious insiders, susceptibility of joint technology, profiles for unfamiliar risk, Abuse and evil use of cloud computing as well as unsafe interface for application programming. Others include compromise of communication equipment, analysis of traffic and eavesdropping and Modbus safety challenge. Any of these attacks can expose the company’s system to attack depending on the level of security installed and the experience of the attackers (Younis, & Kifayat, 2013).

The injection of malware is the leading kind of attacks that whose main purpose is to introduce malware services, application in to the system of the loud. The installation of malware can permit the use of Random Access Memory Scripting Attack that allows the attackers to get company or personal data that are not encrypted as the data passes through the affected point of sale memory machine prior to being transferred to the processing payment of the provider. The design of malware can be done purposely to relocate the data stolen from the network system of the company. This installation can be done at one point of the network terminal linked to the company that later makes it possible for theft of sensitive information such as financial data (Younis, & Kifayat, 2013, Committee, 2014).

In the spoofing attack for metadata, the server from the World Wide Web is employed to get documents that stores every piece of information concerned with invocation of web service like the security needs, format of the message, location of the network and many others. The attack in this case in carried out in order to re-engineer the metadata accounts of the web service with an aim of altering the endpoints of the network and other guiding principles to do with information safety. The hijacking of both accounts and service threat can take place at a time when the cyber criminal tries to hack the website which is under the care of cloud service providers. The cyber criminals in this instance can install particular software in secret to allow them gain the control the infrastructure of the cloud. As a result, a client company that uses the cloud services of the target service provider will be prone to attack (Younis, & Kifayat, 2013).

The malicious insider attack can be extra sophisticated and hard to deal with since it is characterized with lack of sufficient visibility on how the responsibilities of various employees are updated or changed as they also change their jobs. For this reason, malicious insider attack can be experienced as a result of inadequate transparency concerning the procedures of service providers and how employees can be authorized to get the right of entry in to virtual asset. The profile of unfamiliar risk is also a threat that can easily take place due to placing much emphasis on the functionalities and features that can be derived from the services of the cloud at the expense of taking in to an account how safety processes as well as technologies can be enhanced and without considering the individuals with privileges of accessing data and the result of disclosing any data (Younis, & Kifayat, 2013).

The threat of joint technology and susceptibility comes as a result of the cloud service providers and their client companies, organizations and/or institutions make use of similar infrastructure that is also used within the internet. This implies that the joint infrastructure will be shared among the existing clients of the cloud. This means that all the problems that exist in the internet infrastructure will also move to the cloud. This creates security gaps for the attackers at various points of the network terminals both at the internet level and at the client consumers which are companies in this case. The Abuse and evil use of cloud computing is also the leading threat in the environment of cloud computing hence poses a threat to consumers of the cloud. In Abuse and evil use of cloud computing, the cyber criminal employs the existing capability of cloud computing to launch an attack through the spread of sperm and malware. Lastly is the use of unsafe interface for application programming. The application interfaces with no secure access control, encryption, authentication, and mechanisms of monitoring activities will pose a threat to the providers of the cloud and hence to the consumers. This is because application program interface are used so much by the cloud providers while offering services to consumers (Younis, & Kifayat, 2013).

Some of the communication equipment which can be compromised includes multiplexers which can bring about straight harm to the system network. The equipment can also be used by the attackers to plan and start on prospect attacks. In traffic analysis and eavesdropping, the adversary can get the right of entry in to sensitive information by means of keenly checking the traffic of network. The prospect information prices, grid control structure among others are some of the examples of information which can be monitored in using this kind of threat. The Modbus safety challenge is another threat where by the protocols used for the Modbus is not designed for enhanced safety serious environment. Therefore the possible attacks with problems of Modbus security include replay of authentically recorded messages, communicating counterfeit relay messages to slave devices, reading messages from the Modbus, computer attack using suitable adapter and many more (Aloula et al., 2012).

Communication of identified threats and attacksThe users of the company network resources will first report any problem noticed to the network technicians. Upon confirmation of the threat and attack, the network technicians then report the problem to the chief information security officer. As the chief information security officer to the company, I will communicate the identified threats and attacks to the chief executive officer given that the ownership of company risks belongs to the top management (Stamper, 2012). The top management through the chief executive officer then communicates to the cloud service providers who will be responsible for solving the issues of cyber attacks.

Solution and recovery to the threat problem(s)Protection against malwareThe solution to the installation of malware will involve the use of FireEye software for automatic deletion of the installed malware by the attackers. The FireEye intrusion detection system is used first to trigger urgent alerts. The semantic antivirus can also be used to detect the malicious behaviors of the system. A tool known as Kill Chain which relies on the static defense can also be used for cyber security defense. The companies should purchase only those software supplied by the manufacturer where=by the products are embedded with safety storage consisting of keying materials for the validation of software. In this case, the system can easily validate software that is freshly downloaded before running or installing it, failure of which the software should not accept installation progress. Nevertheless, the general purpose systems can be protected using the latest antivirus software together with the intrusion prevention that is host based (Aloula et al., 2012, Committee, 2014).

Malicious Insider attack and susceptibility of joint technologyThe network user identities should also be confirmed by means of robust approaches of authentication. The company should also put into place the policy for implicit denial which will ensure that the right of getting entry into the network system is allowed only via permissions of explicit access. The systems of both prevention and detection of network intrusion technologies should also be considered in order to safeguard the system from both the inside as well as the outside attacks. The susceptibility evaluation should also be carried out at least on annual basis to guarantee enough security for the components that interface with the network system perimeter (Aloula et al., 2012).

Equipment/ device compromiseThe programs of awareness should also be put in place by the company or organization with an aim of educating the users of network concerning the safety best practices for employing the tools and applications for network. This is because the actions performed by users can at times results to considerable susceptibilities of the system. The devices should also be made to recognize the various destinations that they interact or communicate to. This can be done or implemented by means of mutual verification approaches through the security of transport layer. The security of internet protocol can also be used for this implementation (Aloula et al., 2012).

Spoofing attack for metadataThe network devices that support the virtual private network design for safe communication should also be employed. Although the present devices have some limitations concerning management of keys and cryptography, the devices used should also make use of infrastructure for the public keys in order to safeguard communication. The communication through the system of smart grid should also be configured to take place over various channels with various bandwidths, linkage where certificate authorities, every device and servers will have to be linked to the network every time. This kind of configuration is required since the present devices lacks sufficient power of processing and storage to carry out advanced approaches of user and software authentication and encryption (Aloula et al., 2012).

Modbus security challengeEvery technology of IT used by the company should also have the capability of being upgraded or enhanced in terms of security features given that the smart grid lifecycle is normally longer as compared to the existing IT systems used. The security should also be made as part and parcel of the design for the smart grid. The company should also use devices whose securities are not vendor specific as this may result to several susceptibilities due to problems of incompatibilities. The company can also take in to an account the idea of utilizing the third party companies of communication for utilities. In this case, the third party communication companies will be very important in managing the security problems to do with data transmission. Last but not least, a strong verification protocol should be employed to improve safety of communication amid parties of the smart grid. The protocol used will have to function in real time in accordance with some limitations like the minimum cost of computation, low overhead of communication, denial of service attacks and others (Aloula et al., 2012).

Profiles for unfamiliar risksThe company should be concerned with the way security technologies and the products are to be enhanced and the individuals who will be responsible for accessing the data as well as the conditions of data disclosure. This can better help in knowing some of the possible risks in advance for the appropriate action to be taken rather than just being concerned with feature and functionalities to be gotten form the cloud services.

Hijack of services and accountsIn this case, the company should ensure that the chosen cloud service provider meets all the security requirements before signing the service level agreement. Some of the security requirements in this case include data confidentiality, integrity and data availability in addition to access controls for the system network which all form the basis of a computerized system security.

Abuse and evil use of cloud computingThe methods used in the control of malware installation will also apply for this kind of threat as it also involves the spread of malware. However, the company should also consider choosing the cloud providers which meets all the basic security needs.

ConclusionThere are many threats and attacks which the inside or the outside attacker can use to get illegal access to the company or organization’s network system. Either one or a combination of the potential threats can be used to plan an attack to the system. As a result, the companies which chose to use cloud service providers should be careful and keen on which provider to chose which meets the needed security requirements by the company. The threats come as a result of weakness or gap that exist either in the software or hardware component of the system.

ReferencesYounis, M. Y. A., & Kifayat, K. (2013). Secure cloud computing for critical infrastructure: A survey. Liverpool John Moores University, United Kingdom, Tech. Rep.

Committee on commerce, science, and transportation. (2014). A “Kill Chain” Analysis of the 2013 Target Data Breach. United States Senate

Aloula, F., Al-Alia, A. R., Al-Dalkya, R., Al-Mardinia, M., & El-Hajj, W. (2012). Smart grid security: threats, vulnerabilities and solutions. International Journal of Smart Grid and Clean Energy, 1(1), 1-6.

Stamper, L. J. (2012). Higher Education Leaders’ Roles in Access Security Management. Higher Education, 1, 1-2012.