What is Security Threats?
Security threats refer to any potential danger or risk that can compromise the confidentiality, integrity, or availability of computer systems, networks, or data. These threats can come from a variety of sources, including malicious actors, software vulnerabilities, natural disasters, and human errors.
Table of Content
Due to its high usage, the Internet has become a highly vulnerable medium to cyber threats. It is an open and unsecured frontier to a large extent mainly due to the existence of strict rules about what is personal and private. Each time an individual visits a website, the information exchanged is legitimately and automatically captured and recorded as a ‘cookie’ file on the computer’s hard disk.
An organization conducting business through the Internet needs to be concerned about network security. To protect against security threats over the Internet, e-businesses must implement rigorous security measures.
The objectives of these measures should be to:
- Maintain the integrity of exchanged information
- Sustain confidentiality of the exchanged data
- Create the authorization for users accessing the data
Types of Security Threats
Typical threats to online security include theft of services and software and destruction of data and software, primarily through malicious access or hacking, or computer viruses. Let us discuss these threats to online security in detail.
- Viruses and Worms
- Cyber Vandalism
- Denial-of-service (DoS) Attacks
Viruses and Worms
Viruses and worms are major threats to online security. They harm data and software by either corrupting them completely or partially. They attach themselves to host computers and destroy important files and software needed for the proper functioning of the system.
Viruses have been around since the 1980s. They are computer programs that replicate by attaching themselves to executable files. They might infect every application on an individual computer quickly or infect the documents on that computer very slowly. However, viruses cannot spread from an infected computer to other computers without human intervention.
Viruses spread when users send e-mails or copy data from an infected computer to a new system by using external drives, such as pen drives, floppies, or discs, or visit malicious websites or download data from the Internet.
On receiving infected emails or files, the new system gets infected with the virus and this process may continue to affect many systems. Computers connected to the Internet are especially vulnerable as many computers are connected to a single server that can spread the virus rapidly.
Worms are more sinister than viruses, as they do not rely on individuals to spread themselves from one computer to another. A worm is a computer program that is designed to copy itself from one computer to another over a network. It spreads using e-mails, newsletters, or websites. As worms spread over computers and networks, they slow down IT resources by using up bandwidth and decreasing the response time, making it difficult for users to access resources.
There is yet another type of security threat known as spyware. This is a new type of program that works by getting into a computer system and acquiring partial control over the system or collecting personnel information without an individual’s knowledge. Spyware often infects a computer during free software downloads.
Spams are messages containing bogus links to various users, which when clicked may cause harm to computers. These are nearly identical messages sent to numerous recipients by e-mail. Spams can be defined as:
- Anonymous: The identity and e-mail address of the sender are hidden.
- Mass Mailed: The e-mail is mailed to a large group of Internet users.
- Unsolicited: The e-mail is not requested by the users.
Thus, spamming can be defined as an act of sending numerous copies of the same message through the Internet. Generally, this activity is used for marketing and advertising for uncertain products and schemes. To send spam, either Internet mailing lists are stolen or addresses are searched over the Web.
Spam is a threat to online security as it not only acquires the e-mail addresses of users but also wastes their time in sorting relevant mail from unwanted mail and consumes a lot of network bandwidth. Sometimes users may confuse spam for authentic mail and reply with personal information and details that can be misused in the future. Often, spam e-mails can have attachments that may be a virus or worms and might harm system files and functionality if they are downloaded.
The attached file ‘UPSInvoice_019002.zip’ is a Trojan virus that will infect the user’s system once it is downloaded. On December 16, 2003, the US formulated the CAN-SPAM Act of the Chaptered States of America. This Act lays down the standards for sending commercial e-mails.
In India, although the IT Act is considered to be an umbrella law for Internet crimes, such as misuse of personal data, cyber terrorism, cyber security, etc., it lacks concrete provisions against unsolicited e-mails. The IT Act of India should follow the CAN-SPAM Act of the US to cover aspects such as content compliance and penalties for sending unsolicited spam.
Cyber vandalism involves damaging or destroying data. It can create a situation where network services are disrupted or stopped, leading to the discontinuation of network services, data, or information to the entitled users. Cyber vandals threaten network security in the following ways:
- They access a network without authorization and damage, destroy or delete data or files.
- They intentionally introduce malicious viruses or worms into a computer network to interrupt, terminate or perform any action without the authorization of the network’s owner.
- They attack a network server to prevent it from performing correctly or legitimate website visitors from gaining access to network resources.
Spoofing is the practice of sending e-mail messages with a forged sender address to fraud, trick or deceive recipients. It intends to misguide recipients about the actual sender of the message. For example, an individual posting on a discussion board may claim to be associated with a certain organization, while in reality, he/she may have no such connections with the organization.
Users may fake their age, gender, and location while chatting online. Such an act may lead to fraudulent practices, taking advantage of the anonymity that spoofing offers. The protocol used to mail spoofing e-mails over the Internet is Simple Mail Transfer Protocol (SMTP). This protocol does not require an authentication mechanism for the users. Hence, e-mail spoofing is quite prevalent and easier to practice
Another method of Internet spoofing is through Internet Protocol (IP) spoofing. IP spoofing involves disguising the IP address of a computer, which makes it difficult for other computers to track the source of data transmission.
It is mainly used in the denial-of-service (DoS) attack, which involves creating the unavailability of a machine or network source for its users. In a DoS attack, a range of compromised systems attacks a single target, discontinuing Web services for the legitimate users of the targeted system.
Another threat to online security is cybersquatting, which is also known as domain squatting. It is the practice of registering or using the domain name of a popular brand, trademark, or website belonging to someone else to make a profit from the owner later. A cybersquatter deals with the original owners to sell the domain name at a high price.
However, opportunities for cybersquatting are quickly fading because most businesses now know that registering domain names on the Internet is a necessity. In the past, brick-and-mortar organizations fell prey to cybersquatting as they had not realized the commercial opportunities on the Internet and failed to create their domain names.
In phishing, tricksters acquire the e-mail addresses of bank customers and send them e-mails to get their credit card or account information by representing themselves as mailers from banks or financial institutions. Generally, the subject lines of such e-mails may read as ‘official information’, ‘urgent information for all credit card holders, etc.
The e-mails are linked to a bogus website that resembles the websites of banks or financial institutions. Once a customer is led to the website, he or she is asked to enter personal, credit card, or account information. In the year 2003–2004, there was a major outbreak of such activities when tricksters sent e-mails to customers asking for their credit card details by posing as mailers from ICICI Bank, PayPal, or eBay.
Sniffing is another major threat to online security. A packet sniffer is a program or device that monitors data flowing over network links. Sniffing is a technique used by professionals to help diagnose network issues.
However, its capability to capture data flowing over a network allows it to be used by malicious users to capture sensitive information, such as user names or passwords, being exchanged by users over a network. By gaining access to such information, hackers can gain access to the individual’s system or network. Illegal sniffing can be dangerous to a network’s security as it can be used almost anywhere.
Denial-of-service (DoS) Attacks
Certain threats to online security have a much greater impact in terms of affected individuals and systems. One such threat is the Denial-of-service (DoS) attack. It is an effort to create unavailability of a machine or network to its users. DoS consumes resources rendering legitimate users unable to use them.
In a network ecosystem, the main resources are Central Processing Unit (CPU), memory, and bandwidth. DoS can therefore take place in the following ways:
- Consuming CPU resources that prevent a computer from responding to processing requests effectively
- Consuming memory resources that prevent a computer from processing packets
- Consuming bandwidth resources leads to a decrease in the speed and volume of legitimate network traffic
In a DoS attack, there are compromised machines (master zombies and slave zombies) that are created during the scanning process. They are infected by malicious code and serve as hosts for both viruses and worms. The attacker controls master zombies, which, in turn, regulate slave zombies.
Once the attack command is sent to master zombies, it activates the attack process present in dormant zombies. Master zombies transmit the attack directions to slave zombies, commanding them to carry out a DoS attack against the victim system. A large amount of data packets are then sent to the intended computers; thereby exhausting their resources.