Sources of Security threats

The Internet

Visiting a website that contains a malicious

code.Drive-by attacks can be taken as an
example.
A drive-byattackis carried outintwo
steps. First, a malefactor makes users visit
a websiteby using spam sentvia e-mail
orpublished on bulletin boards.
The website contains a code that redirects
the request to a third-party serverthat
hostsanexploit
 Email

Email messages received by users and stored in

email databases can contain viruses.
Malware can be found not only in attachments,
but also ina body of a letter. You can infect your
computer by opening such a letter or by saving
the attached file.
Email is a source of two more types of threats:
spam and phishing.
While spamresults only in a waste of your
time, the target of phishing letters is your
private data, such as credit card numbers.
 Software vulnerabilities

Software vulnerabilitiesare most

common targets of hacker attacks.
Vulnerabilities, bugs and glitches of
software grant hackers remote
access to your computer, and,
correspondingly, to your data, local
network resources, and other sources
of information.
 Removable data storage media

Removable drives,flash memory

devices, and network foldersare
commonly used for data transfer.
When you run a file from a
removable media you can infect your
computer and spread the virus to the
drives of your machine.
 Users' actions

Sometimes users infect the computer

by installing applicationsthat are
disguised asharmless.
This method of fraud used by
malefactors isknown associal
engineering. Using various tricks,
malefactors make users install their
malicious software.
 Threat
athreatis a possible danger that might exploit
avulnerabilityto breach security and thus
cause possible losses
A threat can be either "intentional" (i.e.,
intelligent; e.g., an individual cracker or a
criminal organization)
or
"accidental" (e.g., the possibility of a computer
malfunctioning, or the possibility of anatural
disastersuch as anearthquake, afire, or
atornado)
 Threat consequence
Threat consequenceis a security
violation that results from a threat
action.

Includes
Disclosure
Deception
Disruption
Usurpation
 Unauthorized disclosure (a
threat consequence)
A circumstance or event whereby an
entity gains access to data for which
the entity is not authorized.
The following threat actions can cause
unauthorized disclosure:
Exposure
Interception
Inference
Intrusion
 Exposure

A threat action whereby sensitive data is directly released

to an unauthorized entity.
This includes:
"Deliberate Exposure: Intentional release of sensitive
data to an unauthorized entity.
Scavenging : Searching through data residue in a system
to gain unauthorized knowledge of sensitive data.*
"Human error: Human action or inaction that
unintentionally results in an entity gaining unauthorized
knowledge of sensitive data.*
"Hardware/software error: System failure that results in
an entity gaining unauthorized knowledge of sensitive data.
 Interception
A threat action whereby an unauthorized entity
directly accesses sensitive data travelling
between authorized sources and destinations.
This includes:
Theft : Gaining access to sensitive data by
stealing a shipment of a physical medium, such
as a magnetic tape or disk, that holds the data.
"Wiretapping (passive) : Monitoring and
recording data that is flowing between two
points in a communication system.
 Inference
A threat action whereby an unauthorized entity indirectly
accesses sensitive data (but not necessarily the data
contained in the communication) by reasoning from
characteristics or byproducts of communications.
This includes:
"Traffic analysis: Gaining knowledge of data by
observing the characteristics of communications that
carry the data.

"Signals analysis: "Gaining indirect knowledge of

communicated data by monitoring and analyzing a signal
that is emitted by a system and that contains the data
but is not intended to communicate the data.
 Intrusion
A threat action whereby an unauthorized entity gains access to
sensitive data by circumventing a system's security protections.
This includes:
"Trespass : Gaining unauthorized physical access to sensitive
data by circumventing a system's protections.

"Penetration : Gaining unauthorized logical access to

sensitive data by circumventing a system's protections.

"Reverse engineering : Acquiring sensitive data by

disassembling and analyzing the design of a system component.

"Cryptanalysis : Transforming encrypted data into plain text

without having prior knowledge of encryption parameters or
processes.
 Deception (a threat
consequence)
A circumstance or event that may
result in an authorized entity
receiving false data and believing it
to be true.
The following threat actions can
cause deception:
"Masquerade
"Falsification
"Repudiation"
 Masquerade
A threat action whereby an unauthorized entity
gains access to a system or performs a malicious
act by posing as an authorized entity.
"Spoof : Attempt by an unauthorized entity to
gain access to a system by posing as an authorized
user.
"Malicious logic: In context of masquerade, any
hardware, firmware, or software (e.g., Trojan horse)
that appears to perform a useful or desirable
function, but actually gains unauthorized access to
system resources or tricks a user into executing
other malicious logic.
 "Falsification

A threat action whereby false data

deceives an authorized entity.
"Substitution :Altering or
replacing valid data with false data
that serves to deceive an authorized
entity.
"Insertion : Introducing false data
that serves to deceive an authorized
entity.
 "Repudiation"

A threat action whereby an entity

deceives another by falsely denying
responsibility for an act.
"False denial of origin"Action whereby
the originator of data denies
responsibility for its generation..
"False denial of receipt"Action
whereby the recipient of data denies
receiving and possessing the data.
 "Disruption" (a threat
consequence)
A circumstance or event that
interrupts or prevents the correct
operation of system services and
functions.
The following threat actions can
cause disruption:
"Incapacitation
"Corruption
"Obstruction"
 Incapacitation
A threat action that prevents or interrupts system operation by
disabling a system component. This includes:

"Malicious logic : In context of incapacitation, any hardware,

firmware, or software (e.g., logic bomb) intentionally introduced into
a system to destro; y system functions or resources.

"Physical destruction : Deliberate destruction of a system

component to interrupt or prevent system operation.

"Human error: Action or inaction that unintentionally disables a

system component.

"Hardware or software error : Error that causes failure of a

system component and leads to disruption of system operation.
"Natural disaster: Any "act of God" (e.g., fire, flood, earthquake,
lightning, or wind) that disables a system component.
 Corruption

A threat action that undesirably alters system operation by

adversely modifying system functions or data.
"Tamper : In context of corruption, deliberate alteration of a
system's logic, data, or control information to interrupt or
prevent correct operation of system functions.
"Malicious logic: In context of corruption, any hardware,
firmware, or software (e.g., a computer virus) intentionally
introduced into a system to modify system functions or data.*
"Human error: Human action or inaction that unintentionally
results in the alteration of system functions or data.*
Hardware or software error : Error that results in the alteration
of system functions or data.*
"Natural disaster : Any "act of God" (e.g., power surge
caused by lightning) that alters system functions or data.
 Obstruction
A threat action that interrupts delivery of
system services by hindering system
operations. This includes:
Interference : Disruption of system
operations by blocking communications or
user data or control information.
Overload : Hindrance of system operation
by placing excess burden on the
performance capabilities of a system
component.
 "Usurpation" (a threat
consequence)
A circumstance or event that results
in control of system services or
functions by an unauthorized entity.
The following threat actions can
cause usurpation:
"Misappropriation
"Misuse"
 "Misappropriation
A threat action whereby an entity
assumes unauthorized logical or physical
control of a system resource. This
includes;
"Theft of service : Unauthorized use of
service by an entity.
"Theft of functionality : Unauthorized
acquisition of actual hardware, software,
or firmware of a system component.
"Theft of data : Unauthorized
acquisition and use of data.
 "Misuse"
A threat action that causes a system component to perform a
function or service that is detrimental to system security.

This includes:

"Tamper: In context of misuse, deliberate alteration of a

system's logic, data, or control information to cause the system to
perform unauthorized functions or services.

"Malicious logic : In context of misuse, any hardware, software,

or firmware intentionally introduced into a system to perform or
control execution of an unauthorized function or service.

"Violationofpermissions : Action by an entity that exceeds

the entity's system privileges by executing an unauthorized
function.
 Email- threats
Spam: Spam is any unsolicited
message or posting that is sent to
multiple recipients, or multiple
postings of the same message sent
to newsgroups or listservers. Spam is
the electronic equivalent of junk
mail.
Spoofing
Phishing
 Spoofing
E-mail spoofing occurs when an
attacker sends you an e-mail
pretending to be someone you know.
Spoofing is analogous to sending a
letter to someone and forging the
return address on the envelope.
 Phishing

Identity thieves often phish for information by

sending e-mail spam or pop-up messages that
appear to be legitimate businesses or
organizations (i.e. bank or online payment
services that you may deal with).
These phishers lure their victims to counterfeit
Web sites that appear to be the legitimate
sites.
However, they are intended to trick you into
divulging information needed to steal your
identity or perform fraudulent acts
 Web Threats
Web threats are malicious software programs
such as spyware, adware, trojan horse
programs, bots, viruses, or worms, etc. that are
installed on your computer without your
knowledge or permission.
These programs utilize the Web to spread, hide,
update themselves and send stolen data back
to criminals.
They can also be combined to do the crime
for example, a trojan can download spyware or
a worm can be used to infect your computer
 Popular web threats
Malware
Virus
Trojan Horse
Spam
Phishing
Spyware
Adware
 Hacking
Hacking refers to activity that aims
to exploitsweaknesses in acomputer
systemorcomputer network.
It is done for multitude of reasons,
such as profit, protest, challenge,
enjoyment or to evaluate those
weaknesses to assist in removing
them.
 Intruders
someone whoentersaplacewhere
they are notallowedto go
especiallytocommitacrime
 insider threat
Aninsider threatis a malicious threat to an
organization that comes from people within the
organization, such as employees, former
employees, contractors or business associates,
who have inside information concerning the
organization's security practices, data and
computer systems.

The threat may involve fraud, the theft of

confidential or commercially valuable
information, the theft of intellectual property,
or the sabotage of computer systems.