Cyber Primer

Recommendations

Info

Cyber threats • gain publicity by attacking public and private sector websites and online services; and • exploit social media to further their cause. The attacks against Georgian and Western websites on the outbreak of the Russian military incursion into Georgia is a good example of the damage that can be inflicted against a state by hacktivists. 27 2.13. Insiders. Disgruntled or subverted employees may seek to deliberately exploit cyberspace to cause harm to their employer in a number of ways. Additionally, all personnel, regardless of their role or seniority, are on the front line in cyberspace and can, accidentally, give an adversary the ‘in’ they need to Defence systems by ignoring or circumventing cyber security advice and procedures. The Bradley Manning, Edward Snowden and Jeffrey Paul Delisle cases show the threat posed by insiders. 28 2.14. Non-targeted threats. Although this chapter concentrates on targeted threats, there are numerous threats in cyberspace that are not specifically aimed at any one individual that could cause Defence harm. An example of a non-targeted threat is the Conficker virus, which caused significant disruption to the Ministry of Defence’s (MOD’s) information and communication technology (ICT) system. 29 Characteristics of cyber attacks 2.15. There are a number of cyber exploitation, attack tools and techniques freely available on the Internet. Adversaries traditionally employ four elements in an attack – vector, payload, behaviour and effect, all underpinned by intelligence. a. Vector. This describes the method and route an adversary uses to form initial contact with the target in cyberspace. This could be through an email, a link on a web page, removable media, wireless media or getting local access to the system used by the target. 27 More details on this example can be found at Annex 2A on pages 42-43. 28 More details on these examples can be found at Annex 2A on page 44. 29 More details on this example can be found at Annex 2A on pages 46-47. 26 Cyber Primer (2nd Edition)
Cyber threats b. Payload. Payload is computer code that will impact the target system through exploiting vulnerabilities, enabling the adversary to establish access and/or interact with the target. Often the vector and payload are combined in the form of malware. c. Behaviour. Behaviour describes the actions taken by an adversary to ensure the initial and enduring success of the vector and payload in their attack. Actions may include concealing adversarial activity, for example, being undetected in both system log audits and by anti-virus software. Adversaries will often delete or disguise evidence of their activities once the attack is complete. d. Effect. The outcomes of a cyber attack may be physical, but the majority are created through the virtual and cognitive domains. Effects may vary depending upon the attacker’s intent and nature of the payload. Effects may include the following. i. Direct action on the target system – for example, a denial of service (DoS) where an attacker aims to make a service or network unavailable to its users by overloading it with repeated requests for information or messages. 30 ii. Accessing a system, which not only gives the actor access to the information held by that system, but may also provide the means to investigate and exploit further onward connections. 31 iii. Accessing a system that may enable an adversary to render equipment useless, thus denying the Defence capabilities it relies upon to accomplish its missions. iv. Theft of data and/or altering of data – for example, password theft, data theft for reputational impact or loss of intellectual property and changing the integrity of databases 30 An extension of a denial of service (DoS) is a distributed denial of service (DDoS) which uses multiple computers to attack the system, which can increase the duration and severity of the disruption. 31 Access to a system will depend on the system configuration and privileges acquired by the attacker. Cyber Primer (2nd Edition) 27
Page 1 and 2: Cyber Primer Second Edition Develop
Page 3 and 4: Cyber Primer The Cyber Primer (2nd
Page 5 and 6: Preface ‘The Government will ensu
Page 7 and 8: Contents Preface . . . . . . . . .
Page 9 and 10: “In the information age almost al
Page 11 and 12: Fundamentals of cyber Chapter 1 - F
Page 13 and 14: Fundamentals of cyber • are ready
Page 15 and 16: Fundamentals of cyber cyber and cyb
Page 17 and 18: Fundamentals of cyber • details o
Page 19 and 20: Mainstreaming, competencies, unders
Page 21 and 22: Fundamentals of cyber 1.27. Cyber b
Page 23 and 24: 1A.5. Armed attack. Armed attack is
Page 25 and 26: Fundamentals of cyber Notes Cyber P
Page 27 and 28: “In the “We information reserve
Page 29 and 30: Cyber threats Chapter 2 - Cyber thr
Page 31 and 32: Cyber threats 2.5. Cyber attacks ca
Page 33: Cyber threats 2.9. Terrorists. Terr
Page 37 and 38: Cyber threats The process of attrib
Page 39 and 40: Phishing Spear phishing Whaling Fak
Page 41 and 42: Cyber threats Malware types Viruses
Page 43 and 44: Cyber threats and/or securely. Such
Page 45 and 46: How Against whom Why Theft of perso
Page 47 and 48: Cyber threats Using Twitter to mani
Page 49 and 50: Cyber threats Cyber attacks against
Page 51 and 52: Cyber threats State use of cyber op
Page 53 and 54: Cyber threats Case study 6 - The im
Page 55 and 56: Cyber threats Impact of malware on
Page 57 and 58: Cyber threats Social engineering ag
Page 59 and 60: “In the information age almost al
Page 61 and 62: Chapter 3 - Cyber functions Cyber f
Page 63 and 64: Cyber functions levels, they protec
Page 65 and 66: Cyber functions • command and con
Page 67 and 68: Cyber functions 3.16. Indicators an
Page 69 and 70: Cyber functions Maritime Land Air a
Page 71 and 72: Cyber functions 3.27. Electromagnet
Page 73 and 74: “In the information “It is impo
Page 75 and 76: Integrating cyber operations Chapte
Page 77 and 78: Integrating cyber operations Cyber
Page 79 and 80: Integrating cyber operations archit
Page 81 and 82: Integrating cyber operations physic
Page 83 and 84: Integrating cyber operations NATO a
Page 85 and 86:
Integrating cyber operations Cyber
Page 87 and 88:
Integrating cyber operations Israel
Page 89 and 90:
Integrating cyber operations Cyber
Page 91 and 92:
Lexicon Lexicon Part 1 - Acronyms a
Page 93 and 94:
Part 2 - Additional terms and defin
Page 95 and 96:
Lexicon information operations Info
Page 97 and 98:
Lexicon TEMPEST TEMPEST refers to t
Page 99 and 100:
Lexicon Cyber Security Information
show all

Cyber Primer

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?