Introduction to Cybersecurity Part 6

Introduction to Cybersecurity Part 6

This is a 6 part introduction to Cybersecurity. The sixth part of the guide concludes the guide with a glossary of key terms and an overview on statistic information about cybersecurity.

Glossary of Key Terminology:

Botnet: A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie – in effect, a computer “robot” or “bot” that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based. According to a report from Russian-based Kaspersky Labs, botnets — not spam, viruses, or worms — currently pose the biggest threat to the Internet. A report from Symantec came to a similar conclusion.

Command and Control: This term is also in common use within the computer security industry and in the context of cyberwarfare. Here the term refers to the influence an attacker has over a compromised computer system that they control. For example, a valid usage of the term is to say that attackers use “command and control infrastructure” to issue “command and control instructions” to their victims. Advanced analysis of command and control methodologies can be used to identify attackers, associate attacks, and disrupt ongoing malicious activity.In the field of computer security, command and control (C&C) infrastructure consists of servers and other technical infrastructure used to control malware in general, and, in particular, botnets. Command and control servers may be either directly controlled by the malware operators, or themselves run on hardware compromised by malware. Fast-flux DNS can be used as a way to make it difficult to track down the control servers, which may change from day to day. Control servers may also hop from DNS domain to DNS domain, with domain generation algorithms being used to create new DNS names for controller servers.

In some cases, computer security experts have succeeded in destroying or subverting malware command and control networks, by, among other means, seizing servers or getting them cut off from the Internet, denying access to domains that were due to be used by malware to contact its C&C infrastructure, and, in some cases, breaking into the C&C network itself. In response to this, C&C operators have resorted to using techniques such as overlaying their C&C networks on other existing benign infrastructure such as IRC or Tor, using peer-to-peer networking systems that are not dependent on any fixed servers, and using public key encryption to defeat attempts to break into or spoof the network.

Malware: Malware (for “malicious software”) is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission.

Master: A master, in a technological context, is a device that controls one or more other devices. In networking, for example, a master/slave configuration is a communications model in which one device or process (known as the master) controls one or more other devices or processes (known as slaves).

Packet: A packet is the unit of data that is routed between an origin and a destination on the Internet or any other packet-switched network. When any file (e-mail message, HTML file, Graphics Interchange Format file, Uniform Resource Locator request, and so forth) is sent from one place to another on the Internet, the Transmission Control Protocol (TCP) layer of TCP/IP divides the file into “chunks” of an efficient size for routing. Each of these packets is separately numbered and includes the Internet address of the destination. The individual packets for a given file may travel different routes through the Internet. When they have all arrived, they are reassembled into the original file (by the TCP layer at the receiving end).

Statistics (Source: Kaspersky DDoS intelligence report)

In Q2 2015, botnet-assisted DDoS attacks targeted victims in 79 countries across the world.
77% of botnet-assisted attacks targeted resources located in 10 countries.

The largest numbers of DDoS attacks targeted victims in China and the USA. South Korea has risen to the third place.

The longest DDoS attack in Q2 2015 lasted for 205 hours (or 8.5 days). Most attacks in Q2 2015 lasted no longer than 24 hours.

SYN DDoS(50.3%) and TCP DDoS (21.2%) were the most common scenarios of DDoS Attacks. HTTP DDoS(13.8%) was displaced to the third position.

In Q22015, 98.2% of DDoS targets were attacked by bots belonging to one family. In only 1.7% of all cases the cybercriminals launched attacks using bots belonging to two different families. In 0.1% cases, three or more bots were used.

Introduction to Cybersecurity Part 1 
Introduction to Cybersecurity Part 2 
Introduction to Cybersecurity Part 3
Introduction to Cybersecurity Part 4 
Introduction to Cybersecurity Part 5