Cyber Threat Attack [Video]

threatCyber Threat

Source Descriptions

Cyber threats to a control system refer to persons who attempt unauthorized access to a control system device and/or network using a data communications pathway. This access can be directed from within an organization by trusted users or from remote locations by unknown persons using the Internet. Threats to control systems can come from numerous sources, including hostile governments, terrorist groups, disgruntled employees, and malicious intruders. To protect against these threats, it is necessary to create a secure cyber-barrier around the Industrial Control System (ICS). Though other threats exist, including natural disasters, environmental, mechanical failure, and inadvertent actions of an authorized user, this discussion will focus on the deliberate threats mentioned above.

For the purpose of this discussion, deliberate threats will be categorized consistent with the remarks in the Statement for the Record to the Joint Economic Committee by Lawrence K. Gershwin, the Central Intelligence Agency’s National Intelligence Officer for Science and Technology, 21 June 2001. These include: national governments, terrorists, industrial spies, organized crime groups, hacktivists, and hackers. Activities could include espionage, hacking, identity theft, crime, and terrorism.

National Governments

National cyber warfare programs are unique in posing a threat along the entire spectrum of objectives that might harm US interests. These threats range from propaganda and low-level nuisance web page defacements to espionage and serious disruption with loss of life and extensive infrastructure disruption. Among the array of cyber threats, as seen today, only government-sponsored programs are developing capabilities with the future prospect of causing widespread, long-duration damage to U.S. critical infrastructures.

The tradecraft needed to effectively employ technology and tools remains an important limiting factor, particularly against more difficult targets such as classified networks or critical infrastructures. For the next 5 to 10 years, only nation states appear to have the discipline, commitment, and resources to fully develop capabilities to attack critical infrastructures.

Their goal is to weaken, disrupt or destroy the U.S. Their sub-goals include espionage for attack purposes, espionage for technology advancement, disruption of infrastructure to attack the US economy, full scale attack of the infrastructure when attacked by the U.S. to damage the ability of the US to continue its attacks.


Traditional terrorist adversaries of the U.S., despite their intentions to damage U.S. interests, are less developed in their computer network capabilities and propensity to pursue cyber means than are other types of adversaries. They are likely, therefore, to pose only a limited cyber threat. Since bombs still work better than bytes, terrorists are likely to stay focused on traditional attack methods in the near term. We anticipate more substantial cyber threats are possible in the future as a more technically competent generation enters the ranks.

Their goal is to spread terror throughout the U.S. civilian population. Their sub-goals include: attacks to cause 50,000 or more casualties within the U.S. and attacks to weaken the U.S. economy to detract from the Global War on Terror.

Industrial Spies

Organized Crime Groups

International corporate spies and organized crime organizations pose a medium-level threat to the US through their ability to conduct industrial espionage and large-scale monetary theft as well as their ability to hire or develop hacker talent.

Their goals are profit based. Their sub-goals include attacks on infrastructure for profit to competitors or other groups listed above, theft of trade secrets, and gain access and blackmail affected industry using potential public exposure as a threat.


Hacktivists form a small, foreign population of politically active hackers that includes individuals and groups with anti-U.S. motives. They pose a medium-level threat of carrying out an isolated but damaging attack. Most international hacktivist groups appear bent on propaganda rather than damage to critical infrastructures. Their goal is to support their political agenda. Their sub-goals are propaganda and causing damage to achieve notoriety for their cause.


Although the most numerous and publicized cyber intrusions and other incidents are ascribed to lone computer-hacking hobbyists, such hackers pose a negligible threat of widespread, long-duration damage to national-level infrastructures. The large majority of hackers do not have the requisite tradecraft to threaten difficult targets such as critical U.S. networks and even fewer would have a motive to do so. Nevertheless, the large worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage, including extensive property damage or loss of life. As the hacker population grows, so does the likelihood of an exceptionally skilled and malicious hacker attempting and succeeding in such an attack.

In addition, the huge worldwide volume of relatively less skilled hacking activity raises the possibility of inadvertent disruption of a critical infrastructure.

For the purposes of this discussion, hackers are subdivided as follows:

  • Sub-communities of hackers
  • Script kiddies are unskilled attackers who do NOT have the ability to discover new vulnerabilities or write exploit code, and are dependent on the research and tools from others. Their goal is achievement. Their sub-goals are to gain access and deface web pages.
  • Worm and virus writers are attackers who write the propagation code used in the worms and viruses but not typically the exploit code used to penetrate the systems infected. Their goal is notoriety. Their sub-goals are to cause disruption of networks and attached computer systems.
  • Security researcher and white hat have two sub-categories; bug hunters and exploit coders. Their goal is profit. Their sub-goals are to improve security, earn money, and achieve recognition with an exploit.
  • Professional hacker-black hat who gets paid to write exploits or actually penetrate networks; also falls into the two sub-categories-bug hunters and exploit coders. Their goal is profit.

Computer Security Community

Hackers and researchers interact with each other to discuss common interests, regardless of color of hat. Hackers and researchers specialize in one or two areas of expertise and depend on the exchange of ideas and tools to boost their capabilities in other areas. Information regarding computer security research flows slowly from the inner circle of the best researchers and hackers to the general IT security world, in a ripple-like pattern.

GAO Threat Table

The following table is an excerpt from NIST 800-82, “Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control System Security (SME draft), provides a description of various threats to CS networks:

Bot-network operatorsBot-network operators are hackers; however, instead of breaking into systems for the challenge or bragging rights, they take over multiple systems in order to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services of these networks are sometimes made available in underground markets (e.g., purchasing a denial-of-service attack, servers to relay spam, or phishing attacks, etc.).
Criminal groupsCriminal groups seek to attack systems for monetary gain. Specifically, organized crime groups are using spam, phishing, and spyware/malware to commit identity theft and online fraud. International corporate spies and organized crime organizations also pose a threat to the United States through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent.
Foreign intelligence servicesForeign intelligence services use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power – impacts that could affect the daily lives of U.S. citizens across the country.
HackersHackers break into networks for the thrill of the challenge or for bragging rights in the hacker community. While remote cracking once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency, the large majority of hackers do not have the requisite expertise to threaten difficult targets such as critical U.S. networks. Nevertheless, the worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage.
InsidersThe disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat also includes outsourcing vendors as well as employees who accidentally introduce malware into systems.
PhishersIndividuals, or small groups, who execute phishing schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware/malware to accomplish their objectives.
SpammersIndividuals or organizations who distribute unsolicited e-mail with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware/malware, or attack organizations (i.e., denial of service).
Spyware/malware authorsIndividuals or organizations with malicious intent carry out attacks against users by producing and distributing spyware and malware. Several destructive computer viruses and worms have harmed files and hard drives, including the Melissa Macro Virus, the Explore.Zip worm, the CIH (Chernobyl) Virus, Nimda, Code Red, Slammer, and Blaster.
TerroristsTerrorists seek to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the U.S. economy, and damage public morale and confidence. Terrorists may use phishing schemes or spyware/malware in order to generate funds or gather sensitive information.

Source: Government Accountability Office (GAO), Department of Homeland Security’s (DHS’s) Role in Critical Infrastructure Protection (CIP) Cybersecurity, GAO-05-434 (Washington, D.C.: May, 2005).

…read more

Source:  ICS Cert Us Gov

Cyber Attack

What constitutes a cyber attack?

Cyber attacks are socially or politically motivated attacks carried out primarily through the Internet. Attacks target the general public or national and corporate organizations and are carried out through the spread of malicious programs (viruses), unauthorized web access, fake websites, and other means of stealing personal or institutional information from targets of attacks, causing far-reaching damage.

From: Trend Micro Incorporated

Types of cyber attacks

Targeted attack

Cyber attacks that are geared at particular organizations, services, and individuals to obtain private, technical, and institutional information, and other intellectual assets for the purpose of vandalism or monetary gain.

APT (Advanced Persistent Threat)

A kind of targeted attack geared at a particular entity and carried out continuously and persistently using a variety of means in order to gain access to the target. APTs are mainly divided into (1) attacks through public servers and public websites on the Internet and (2) attacks against users through social engineering of target users into sending malicious programs (typical example is targeted email attack).

DoS (Denial of Service) attack

an attack meant to disrupt services

DDoS (Distributed Denial of Service) attack

a DoS attack carried out from a distributed environment

Trends in cyber attack countermeasures

The borderlessness of the scope of unauthorized access and the sophistication and diversity of threats aimed at illegal information access have escalated.
Although most government agencies and major corporations have fully deployed individual tools as information security measures, targets of attacks have expanded to include, other than government institutions, critical infrastructures and specific industries and corporations, calling for more robust counter measures.

Trends in cyber attack countermeasures

Overview of method used in targeted cyber attacks (typical)

Targeted attacks are becoming increasingly sophisticated as they go through different stages:

  1. Espionage
  2. Intrusion
  3. Internal spread
  4. Attack
  5. Elimination of traces of activity

Solutions to stop targeted attacks

Four countermeasures against targeted attacks

  1. Entry counter-measure
  2. Exit counter-measure
  3. Counter-measure against information leaks
  4. Status visualization

Problems associated with targeted attack countermeasures

Methods for attacks have become more sophisticated (elusive), making it difficult to detect them
From: Trend Micro report on “Trends in Advanced Persistent Threats (APT) in Japan for 1H FY2012”

Delayed detection and initiation of countermeasures aggravate the extent of damage.
Since e-mails, document/image files contain confidential information, outsourcing [of cyber defense operations] is difficult.

Operation of solutions against targeted cyber attacks is complicated.

There is a need for multiple countermeasures, from entry to exit.
Tools differ depending on the type of solution, requiring analysis of a large volume of alarms and logs.

Calls for an integrated surveillance platform that could be internally operated

Cyber Attack

Source”  NEC 

Thanks ICS Cert Us Gov, NEC and for reading Cyber Threat Attack

IMAGE: Report: China Is America’s #1 Cyber Threat

Help Support Our Work

Like and Share on our Facebook page

Print Friendly, PDF & Email
Dr Don
Founder/Admin The Internet Crime Fighters Org, Admin DrDony's Reviews,, Author The Internet Users Handbook, See more
Dr Don
Dr Don
Dr Don

Latest posts by Dr Don (see all)

Tags: , , ,
Previous Post
cyber crime
Business Child Family Crime Security Home

Internet Crime Security [Video]

Next Post
Business Crime Security Home

Business Threats Online [Video]


  1. Reply


    7 Cyber Threats That Will Keep You Up at Night

    Cyber Threats

    8 Types of Cyber Attacks Your Business Needs to Avoid

    Biggest cyberthreats to watch out for in 2016



    Cyber attack survival guide


    U.S. Cyberattack Response: Sanctions, Expulsions, Promises of Covert Moves

    The worst cyber attacks of 2016

    5 Ways The Cyber-Threat Landscape Shifted In 2016 IoT botnets and turnkey phishing services were just some of the ways the bad guys stayed ahead in 2016

    NETWORK SECURITY Cyber Threats Expected To Worsen in 2017: Trend Micro Report

    Network security threats and solutions

    The 10 most common security threats explained
    Top 7 Network Attack Types in 2015

    Network Security Threat and Solutions

    Computer Security – Threats & Solutions

    Safety 101: Types of known threats

    Computer Threats Learn What’s Out There and How to Protect Yourself
    Common Types of Network Attacks

    The 11 most common computer security threats… And what you can do to protect yourself from them.
    Common threats to be aware of

    Top five threats
    4 of the biggest cyber security threats at Rio Olympics 2016

    Guidelines for a bot free network–bot–free-network-nid-18227-cid-21.html

    Multitude of medical devices pose hacking threats for providers

    Social engineering: Securing people in the digital age

    Third-party vendors — your weakest link?

    Network Intruders Exploit Your Vulnerabilities – Defend Yours. Attack Theirs.

    Computer Immune Systems: How Firewalls And Spam Blockers Protect Your Business Read more:

    Five security threats Windows 10 protects you against

    Why SMEs Are No Longer Safe from Hackers (And What to Do About It)

    10 Warning Signs that Your Computer is Malware-Infected [Updated]

    What is a Botnet & How to Prevent Your PC From Being Enslaved

    3 steps to limit exposure to ransomware attacks

  2. Reply
  3. Reply

    Reference Cloud

    Cloud security: 10 things you need to know Is the cloud truly safe? Here’s what you need to know about cloud security.

    The dirty dozen: 12 cloud security threats

    Guidance Summary of Cloud Security Principles

    9 Worst Cloud Security Threats. Leading cloud security group lists the “Notorious Nine” top threats to cloud computing in 2013; most are already known but defy 100% solution.

    20 of the Greatest Myths of Cloud Security

    Cloud Security University

    Read between the lines of providers’ cloud security assessments

  4. Reply

    Reference Mobile

    Three mobile security threats IT should know



    Mobile Security Landscape

    Mobile threat vectors explained

    Top 7 Mobile Security Threats: Smart Phones, Tablets, & Mobile Internet Devices – What the Future has in Store
    Android Mobile Security Threats

    Cyber Threats to Mobile Phones

    Keep up with mobile threats

    Five new threats to your mobile device security Relentless cyber criminals are always looking for the next big hack, and mobile devices are the new frontier

    What is a mobile threat?

    Mobile Safety

    Mobile Threat Report What’s on the Horizon for 2016

    10 Super Effective Mobile Security Tips for Travelers [Infographic]

  5. Reply

    Reference Insider Threats

    Insider Threats 101: How To Detect and Minimize Risks from Within

    Building an insider threat program that works – Part 1 Lessons learned from the front lines of insider threat risk management

    Building an insider threat program that works — Part 2 There is an emerging consensus that a world-class insider threat program must have three core characteristics

    Insider Threats: What You Need to Know and Do Read more at

    New Analytics Research Could Help Thwart the Insider Threat Blending technology and human skill can create a “watchful eye” within organizations that pinpoints troublemakers faster

    4 Ways Companies Protect Their Data From Their Own Employees

    8 Surprising Statistics About Insider Threats Insider theft and negligence is real–and so are the practices that amplify the risks.—threats/8-surprising-statistics-about-insider-threats/d/d-id/1326653

    Insider threats escalate and thrive in the Dark Web

    Three Things to Improve Security Posture Against Insider Threats

    Insider threats Some attacks, whether from criminals, terrorists or competitors seeking a business advantage, may rely upon the co-operation of an insider

    Insider threats may be the biggest cyberthreats an organization faces

    The Future Of Insider Threats

  6. Reply

    17 Hybrid Cloud Security Threats and How to Fix Them

  7. Reply

    5 Lessons From The FBI Insider Threat Program Finding ways to improve enterprise insider theft detection and deterrence—threats/5-lessons-from-the-fbi-insider-threat-program/d/d-id/1139281?

  8. Reply

    Cyber Risk: A Perfect Storm Approaching Europe?

Leave a Reply

Your email address will not be published. Required fields are marked *