Cyber Primer
AEWhbF
AEWhbF
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Cyber</strong> threats<br />
2.24. Access. Access is crucial to the success of any cyber attack and can be<br />
obtained in three ways: physical, close and remote.<br />
a. Physical access is the ability to gain direct access to a computer or<br />
network, such as by connecting a USB device directly to a computer.<br />
Access can be gained in a number of ways, for example, posing as<br />
public officials or couriers delivering a package, or by tailgating staff.<br />
Once in the premises, intruders can interfere with ICT by installing<br />
software, such as keystroke loggers and remote access hardware to<br />
gain data from, or future access to, systems.<br />
b. Close access is the ability to access to a computer or network from<br />
deployed platforms, people and equipment operating within the area<br />
of that network but do not have physical access. Typically this could<br />
be through use of the electromagnetic spectrum, such as connecting<br />
via Wi-Fi. Alternatively, close access can be achieved by an adversary<br />
through ‘baiting’. 36<br />
c. Remote access is the ability to get access to a computer or a<br />
network from external locations (physical and virtual) that may be<br />
considered outside of that network.<br />
If we can reduce the opportunities of an adversary to access to our<br />
cyberspace, then we can mitigate the success of potential attacks.<br />
2.25. Advanced persistent threat. An advanced persistent threat (APT) is a<br />
network attack in which an unauthorised person gains access to a network<br />
and stays there undetected for a long period of time. The intention of<br />
an advanced persistent threat attack is to steal data rather than to cause<br />
damage to the network or organisation.<br />
2.26. Supply chain corruption. Every effort should be made to verify the<br />
trusted supply of all components, including hardware and software, for<br />
Defence capabilities. However, unscrupulous and/or malicious suppliers<br />
may interfere with the supply chain resulting in untrusted or unaccredited<br />
equipment being delivered, which may not function properly, safely,<br />
36 For more information, see social engineering techniques described on page 31.<br />
34<br />
<strong>Cyber</strong> <strong>Primer</strong> (2nd Edition)