Essay Sample on Cybersecurity Attacks and Defense Modeling

Introduction

In the contemporary digital era, computer networks play a prominent role in various aspects of life, making them vulnerable to attackers or hackers whose primary goals are to access valuable data and information. Ideally, as a result of the increase of attacks as well as their complexity in recent times, cybersecurity has become inherently challenging. The software is often vulnerable, protocols are always insecure, whereas training and educating the end-users is laborious. Therefore, enhancing cybersecurity is an issue of concern that significantly requires balancing many goals like implementing an ideal defense strategy and the ultimate requirement for network efficacy, to accomplish practical results. Cybersecurity is adequately defined as safeguarding information assets by effectively addressing possible threats to the stored, shared, and processed information within the computer networks that are internetworked (Cybersecurity Student Book, 2014). There is a wide array of threats ranging from basic malware, for example, worms and viruses to targeted advanced persistent threats commonly referred to as state-sponsored attacks. An attack vector, on the other hand, is described as the means used by an attacker in gaining access to a computer system or a network server with the primary intent of delivering malicious results or a payload. Attack vectors, therefore, allow the attackers to exploit the system vulnerabilities, which includes the users successfully (Cybersecurity Student Book, 2014).

Nonetheless, having a profound knowledge concerning the objectives of each attack vector and looking for practical techniques as a defense to the threats enhances the security of computer networks. Comprehending the various characteristics of attacks is paramount to implementing a useful defense model to defeat cyber-attacks (Ayrour, Raji & Nassar, 2018). As such, this report is commissioned at providing a pragmatic cyber-attack model with a particular focus on the attack vectors, goals, as well as steps that the attacker may use in an attempt to compromise a computer network of the University. A defensive model will also be provided significantly addressing how to defeat such threats in the different scenarios. In essence, one prominent step in establishing an efficient cybersecurity program is to create multiple attacks, threat, and defense models, which provides a perspective on how attacks can be mitigated in a coordinated way.

Model 1: Spear Phishing Attack by a Remote User Accessing the University Network: Malicious CV Attachments

Attack modeling has broadly been described as a technique of recognizing and classifying the various distinct activities that an attacker may undertake to harm or damage a specific system. Significant steps involved in such a model include reconnaissance, which consists of gathering critical information regarding the targeted institution or system (Sood & Enbody, 2014). The next step entails attempting to locate the systems that can be accessed by the attacker and identifying the services running on them via a process known as enumeration or scanning. In particular, these are usually public-facing systems like file transfer protocol servers, website servers, and mail servers. Gaining access is the third step where the attacker exploits the susceptibility of attacking a network. However, once the attacker gains access, maintaining access would be the next step that primarily involves installing backdoors, which enables the attacker to access the system repeatedly and easier (Sood & Enbody, 2014). Lastly, the attacker would attempt to cover the tracks by eliminating all the log files that can be used by an individual to retrace the attacker during the investigation. One specific form of attack that plays an instrumental role in targeted attacks is a spear-phishing attack, which is the kind of an attack that is targeted against a certain organization system or individual who believes in the authenticity of both the malicious email sent to them and that of the sender. The model below illustrates a successful spear-phishing attack by a remote user accessing the University through an email containing a malicious CV attachment targeting the students' credentials.

This attack model can, however, be explained as follows:

The attacker or the remote user sends emails containing malicious CV attachments to the targeted users

The users do not know to understand the trick used and considers the email as legitimate and opens the attached CV

The targeted system is exploited

After the exploit code is executed the malware effectively is downloaded and compromise the institution's system

The virus further downloads the Remote Access Trojan that can take control of the entire system within the network to access the students' credentials

Potential data is stolen from the compromised University systems

Upon accessing the data, it is transmitted through distinct channels to the offshore servers managed by the attacker.

Model 2: Social Engineering Attack by a Student Worker as an Internal Threat: Phishing through a Malicious Malware

This Social engineering model illustrates that the attacker attempts to obtain log-on details from the institution staff using the online grading system. However, those using this particular system are not permitted to share their log-on credentials, and therefore, the primary goal of this attack is to gain unauthorized access to the grading system to modify the students'' grades.

Model 3: A defensive Model to address both Threats

Defense modeling also referred to as the defense-in-depth, is adequately described as an approach to cybersecurity comprising of a sequence of layered defensive measures used to safeguard valuable data (Cybersecurity Student Book, 2014). The three main controls of the defense in depth model include physical controls, which consists of countermeasures that protect physical access to computer systems, for example, CCTV systems. Technical controls include both hardware and software that are used to protect data and systems such as Windows Active Directory and encryption. Administrative controls involve procedures policies of handling data.

Assets Cybersecurity Threats Countermeasures

Student Credential/Data Spear Phishing: Malicious software Updated antimalware software

Using Multifactor authentication

Data encryption

Controlled access

Online Grading System Social Engineering: Phishing Lockouts

Secure configuration

Encrypted backups

References

Ayrour, Y., Raji, A., & Nassar, M. (2018). Modeling cyber-attacks: a survey study. Network Security, 2018(3), 13-19. https://doi.org/10.1016/S1353-4858(18)30025-4

Cybersecurity Student Book, (2014). "Threat, Attack and Defense Models" www. Isaca.org/cyber, 6-38

Sood, A., & Enbody, R. (2014). Targeted cyber-attacks: multi-staged attacks driven by exploits and malware. Syngress. Retrieved from https://www.sciencedirect.com/topics/computer-science/spear-phishing-attack