Discuss about the Cyber Threat Landscape and Ethics.
Cyber Security is defined as a body of technologies, practice and actions that combine together to form a defence against various type of Authorized, Unauthorized and accidental attacks to Networking and Computing systems ("Cyber-security", 2014). Cyber-attacks are commonly viewed as a coordinated method of criminal actions carried out by the means of Web. These exploits and threats can cause various damages including but not limited to destruction and theft of intellectual property, destruction of brand reputation, revealing of secret and confidential business and government data, destroying the nation’s IT infrastructure, causing severe losses to business and revenue (Choo, 2011). A research by ITU the International Telecommunication Union surveyed and reported that almost 1 Trillion US Dollars’ worth of damage was caused in cyber related frauds in 2012 alone (Martin-Shields, 2017). The initial phase of this paper will be dedicated to an extensive literature review that highlights the increasing sophistication and rapidly evolving maliciousness of the cyber-attacks on government, civilian and organizational elements. At the same time, the review would also discuss the criticality of the current as well as future state of cyber security as well as the existence of threats on the internet in government agencies. It would also lay down some form of recommendation that is particularly important while framing government policies that are intended to deal with cyber threats of the near future.
The data to carry out this paper were derived from secondary sources. These sources includes researches and analysis from previous scholars, journals, books, white papers, conference proceedings as well as government publication on topics related to cyber security and emerging cyber threats as well as ethical issues. Since the study demanded an extensive literature review that critically analysis the current state of cyber security which is the emergency threats landscape. It further lays down the policy essential to enhance cyber-security as well as critical steps needed to acquire the exact know-how in order to deal with any emerging cyber threats. Simultaneously, the content analysis method was also used for the analysis.
In the 21st Century, the cyber threats has emerged as to be one of the most greatest challenges. As a result, the threat actors can be viewed as elements that cause directly or indirectly a security incident (Verizon, 2017). Djambazova et al., further explained the meaning of threats in their own words as follows; A threat is any kind of indication, an event or a circumstance that cause harm to ICT infrastructure as well as the systems and service that depend upon that infrastructure. This definition explains the dynamic approach towards threats landscape that keep on evolving with the advancement of technology.
It is imperative to control the system assets against any threats because the asset is what the essential part is when dealing with the technology. The scenario describes various destructive threats landscape for instance threats against Smartphones, Workstation computers, threat against application stores and other ICT infrastructure component. Building on this particular conception of describing the effect as well as level of threat landscape corresponding to their exploitable priority, ENISA reports identifies how different mixture of threats had been identified based on several precedence in accord to threat agents, vulnerabilities, exploits thereby putting some online clients very close to the actual risk landscape. Threats are quite dangerous because of their open security for the online community and this is because of their unpredictable behaviour globally. Covering several malicious use of IT wasn’t much difficult and this means that the threat actors could operate various significant exemption from anywhere (Verizon, 2017). A summary of threat infection has also been collated by Microsoft in the year 2009 and 2010 that reveals that the threat landscape in countries such as Nigeria is predominantly being occupied Malware and figures reached as much as 75.1% (Choo, 2011).
Every single nation in the world today is affected by cyber related threats and is encountering all sort of threats. Essentially, any kind of task related to securing the web is staying ahead of the emerging threats and this is a difficult task to accomplish. There does not go a week wherein reports of virus infection, phishing scams, hacking attempts are not reported. Alternatively, many PC clients even the ones who have implemented enough security protocols and systems such as Firewalls, Filters, Intrusion Detection System, Anti-virus, regular patching and system hardening are still at risk of software breaks and security threats ("Investigating Internet Crimes", 2014). Ordinarily such threats can be segregated into network attacks, malicious attacks and network abuse. Malicious threats includes computer viruses, Trojan horses, Keyloggers, BOTS and spyware. Network related attacks include denial of service (DOS), spoofing, including session hijacking and defacement of the web. Similarly, the network abuses includes threats and attacks such as SPAM, Pharming, Phishing and basically other threats enumerated below.
This type of attack floods the internet with malwares in hopes to ‘fish’ maximum number of victims. The attackers gather victim’s credentials such as Bank account credentials, financial statements, credit card and wallet details and other sensitive information (Carpenter, 2010).
A botnet is an accumulation of a network of computers that are controlled by cybercriminals for unlawful purposes. (Carpenter, 2010). Botnets are turning out to be a key threat to carry out cybercrime since they are spread through distributed networks and can attack a system in many different ways (ZHUGE, 2008).
Emerging Cyber Security Threats
Malware and Spyware are systems designed to compensate, gather, steal and disrupt target systems by being completely undetected by the host (Creeger, 2010). In 2009, the number of new malware being identified were around 2.9 million which when put in comparison with 2008, shows an increase of 71% (Kharat, 2017).
Key loggers are programs that are designed to capture and record client’s keyboard and mouse activities. Additionally, these systems transmit the data secretly to a designated email or a server as chosen by the attacker (Zaitsev, 2010).
Social Engineering is a science that plays on the trust factor of a human . Social Engineering is a type of technique wherein tricks and traps are used to convince a human to perform an activity that would ultimately benefit the attacker. This could be something as simple as revealing their credit card details or submitting sensitive details over a fake website (Wright, 2014).
A virus and a worm is a type of program that spreads itself from one to another computer without user’s authorization thereafter distributing further and attacking and compromising all systems in their path. Different types of virus have different purposes and method of action once they are active on the host system (Kumar, 2014)
The cyber landscape in 2010 is quite severe and things are getting more alarming as with the continued rise of mobile devices. Malicious attacks are continuously rising in developing countries where the primary targets are industries and companies. The threat and ethics landscape in 2010 has created a roadmap for for cyber criminals allowing them to infiltrate social networking sites, health and medical sites, banks as well as industrial infrastructure (Fafinski, 2011). It is in this year that the malware and spam have pick up a huge moment thereby successfully penetrating social networks such as Twitter and Facebook. For attacks on industrial and corporate infrastructure, the Stuxnet worm had turned out to be one of the most devastating and the most popular malware threat of 2010. It spreads itself through USB devices and then replicates itself across different computers which are connected through a network. Stuxnet worm was dangerous because it can cause system configuration changes as well as controlling other systems in the network such as shutting down a particular server service or perhaps shutting down components in a factory. 2010 was also nicknamed as the year of ‘Spam distribution’ particular because of a threat called as ‘ZEUS’. It was signed to steal banking details and stood among other malwares as the most widely recognized. Among others, ZBOT, IE zero day attacks, FAKEAV and Mariposa Bitnet were among some of the prominent threats (Fafinski, 2011).
Phishing and email Spamming
2011 saw some quick and unprecedented growth in threat comprised a whole new level of data breaches, Android malware, Social Networking breaches, Malware threats on Android platform and the Phishing attacks. Despite the media’s focus being the Mobile devices the biggest victim was till the Desktop computing environment. Furthermore, Facebook saw among the most common platform through which attackers used phishing based attacks and social engineering tactics to carry out their unlawful activity ("Cyber-security", 2014).
The year of 2012 was dominated by thefts that targeted intellectual property of corporations as well as government based data. This also included a significant increase in cases of Hacktivism then Malware that targeted mobile devices and finally financial institutions were also targeted recurrently (Nunez, 2012). Additionally, the volume at which these devices are growing, the number of attacks for them would also grow. So every new smartphone, tablet or an internet enabled smart device will be a new window for an attack ("IoT multiplies risk of attack", 2015). Also, attackers are getting smart and now are repackaging their applications with malicious code and distributing to unsuspecting clients. Also a trend has been noticed that cybercriminals are now focusing more on mobile devices away from PC environment (Techtarget, 2013)
The year 2013 has brought upon some big news and important changes to the cyber threat landscape. ENISA 2013, analysed over 250 different cases of cybercrimes and their analysis for the same is divided in two parts : a) Good Developments and b) Bad Developments ("ENISA surveys evolving threat landscape", 2013).
Bad developments (Negative)
- Cybercrime has grown by leaps and bounds to become quite mature in their operation and are now focusing entirely on Private, Government and Commercial institutions.
- Cybercrime has gone mobile now as cybercriminals are bringing social engineering tactics with multiple types of attack patterns and tools that target various type of mobile devices and mobile computing platforms.
- Two emerging trends in IT which are Internet of Things and Big Data are a concern to Cloud Storage Security ("ENISA surveys evolving threat landscape", 2013)
Good developments (Positive)
- Law enforcement agencies have been successful in coming with an international cyber policy.
- Cybercrime threat analysis has been promoted and man cyber threat experts have been engaged.
- Co-operation among various type of cyber-crime fighting organizations have been made ("ENISA surveys evolving threat landscape", 2013)
Many cybercrime related developments has happened in the year of 2014. Some of them includes complexity in attack vectors, successful coordination of security law enforcement as well as security vendors and simultaneously attacks has been made on the vital functions of the Internet. 2014, can be called as the year of data breach. A vulnerability has been discovered in BASH shell and many systems making use of them are found to be vulnerable. Enhanced coverage by media of multiple privacy invasions that happened in the year of 2014 has reduced the trust of users on Internet and Internet enabled services ("ENISA: Top Cyber-Bedrohungen im Threat-Landscape-Report 2014", 2014).
The cyber threat and ethics landscape in the year 2015 has seen massive developments. A range of attacks on end-users, professional users, enterprises and government organizations was seen in the year of 2015. Some of these can be categorized as Insider threats, data breaches, denial of service attacks as well as identity thefts. This year also saw massive changes to the Malware. In particular, the Equation group used a type of hardware re-programming that allowed for installation of malicious codes into the firmware of hard disk drives (Gunaratna, 2015). Also, the total number of malware grew 17% in Q2 2015. In terms of malware affected mobile platform, Android’s market share has risen to 95% for mobile based malware. Phishing has gone changes as well and primary method of spreading malicious and suspicious links has been through primarily social networks and re-packaged applications. At the same time, Mal-vertising has risen as well which essentially shows adverts to the user making use of plugins that has been bundled with malware. Since many websites are becoming web-applications and even traditional applications are now becoming web-apps, web-based attacks has undergone changes too. Now, attackers are focusing on infecting Transport Layer, XSS Brute Force attacks, Information Leakage, Cross-Site forgery and Sniffing among others. DDoS attacks have risen as well and compared over to the previous year, they have risen by 120% for application level attacks and 130% again in infrastructure level attacks. At the same time, Ransomware has been doubled as well from the previous year and so has state-sponsored cyber-attacks (Gunaratna, 2015).
Malware has yet again topped this year with malware samples having been reached 600 million per quarter . Malware has two major attack methods this year : Ransomware and Information Stealing. Some of the Malware headlines are associated with IoT related devices. Drive-by downloads have been one of the most famous methods of Malware distribution which is right after the traditional E-Mail and Spam related attachments. Web-applications have also been continually under attacks and among a third of them have been made using anonymization and VPN-styled tools showing a clear trend towards Another trend is the rise of Botnets and specifically, the rise of IoT Botnets (Kosenkov, 2016). At the same time the, advancements has been made in Ransomware with significant increase in the total amount of ransom being paid, the kind of infection methods used and the number of victims affects. The ransom payment has been facilitated largely with the means of Cryptocurrencies as they are complete anonymous method of payment that leave no trace. The number of breaches has also increased and they are now being reported as high as 25% compared to the previous year.
2017 has again seen massive amount of cyber-attacks with both unprecedented complexity and scale. There has been attacks to democracies, instances of cyber-war, monetization methods, transformation of malicious infrastructures as well as various threat agent groups. Among the biggest attacks was a ransomware named ‘Wannacry’. It successfully affected over 300,000 systems in over 150 countries ("The WannaCry ransomware attack", 2017). Apart from this, there has been a significant rise in the amounts of reporting as well because Media has started paying a lot of attention to cyber-security related incidents. In summary, 2017’s threat and ethics landscape are as follows:
- Increasing complexity of attacks and the level of sophistication in those attacks.
- Threat agents have used advanced obfuscation strategies in order to hide their online trails.
- Malicious infrastructures have been increasingly transforming themselves in order to achieve higher levels of anonymization, detection evasion and encryption.
- Monetization of Cybercrime is the main motive of threat agents.
- Usage of cryptocurrencies to facilitate transactions.
- State sponsored acts of cyber-threats and incidents.
- Capabilities and Skills remain the main concerns for organizations and the need for educational curricula and training programs remains almost unanswered.
On 12th May, 2017 a massive ransomware attack took place affecting over 300,000 systems in 150 countries. The most affected countries included Russia and China owing to their predominant use of legacy systems. Fortunately, due to the discovery of an ‘kill switch’ in the code, the spread of the attack was contained. Wannacry spreads via WMB i.e., the Server Message Block protocol and once installed it checks to see if additional vulnerabilities such as DoublePulsar (Previously known exploit) already exists in the system in order further it’s attack (Popli & Girdhar, 2017).
The attack process is described as follows:
- Attacker uses an unknown attack vector
- ‘Wannacry’ exploit then encrypts files in the victim’s machine by making use of AES-128 encryption and deletes backup of those files.
- It then displays a ransom note on the screens of the affected systems asking for 300USD or 600USD in bitcoins.
- The messages transmitted to and from the affected systems are done via ‘Tor.exe’.
- Furthermore, IP address of the infected machine is scanned and similar subnets are scanned and if found, the infected machine then successfully infects other machines in the same network after delivering the payload via port 445 TCP5.
The situation of the growing cyber threats and their level of damage that they can cause challenges the foundation at which the national security of a country rests on. Therefore this needs a coordinated efforts by governments of the world in order to create a global level security policy that can help defend and mitigate threats posed by cybercriminals. Author Thio, has argued that the focus should be on the technique instead of the tool. (Adli and Thio, 2012). It is therefore imperative for the governments to have a national level security policy and for organizations to have a properly drafted security policy that should provide them with a tool to mitigate as well as fight these threats. A report drafted by the Australian government that describes four best ways to fight against these emerging threats. These includes understanding of the problem, sharing of responsibility, focusing attention on both prevention as well as balancing of security and finally ensuring freedom and privacy prevails . This effectively summarizes that the governments must together join hands and establish a comprehensive strategic security policy that goes hand in hand with the rising cyber challenges. Apart from these, the following should be done:
- International Co-operation as well as Collaboration with industries in order to address any and all emerging threats that needs collaboration among nations. This policy should entail the deployment of various technical resources and help in implementing of best security practices in critical sectors as well as the government. Thereby a comprehensive security plan as well as IT security risk assessments periodically.
- Government should authorize stricter security laws as well as ensure fighting cybercrime is among the top most priority of the government, law-enforcement as well as the courts 
- Ensure continuous testing as well as evaluation of effectiveness and capability of technical security control measures that could be applied to networks and other IT infrastructures.
- Educating clients and end users over the utilization of IT equipment and services and training them over minimum security best practices
This paper has outlined the various type of threats that has emerged since the year 2010 and that which are emerging at the moment and continue to emerge. The paper listed various kinds of threats and highlighted the entire cyber threat and ethics landscape as well as shown the kind of threats are increasing day by day. The paper also presented a set of recommendation at both national level as well as organizational level. One can conclude that these cyber threats will continue to rise and would get dangerous and more disruptive than ever and one of the best ways to fight them is through coordinated and pooled efforts of both governments as well as organizations from around the world.
Carpenter, S. (2010). Battling Cyber Threats. Science. doi: 10.1126/science.caredit.a1000115
Choo, K. (2011). The Cyber Threat Landscape: Challenges and Future Research Directions. SSRN Electronic Journal. doi: 10.2139/ssrn.2339821
Creeger, M. (2010). CTO Roundtable: Malware Defense. Queue, 8(2), 40. doi: 10.1145/1716383.1731902
Cyber-security. (2014). Network Security, 2014(1), 4. doi: 10.1016/s1353-4858(14)70003-0
Fafinski, S. (2011). Public Policy Responses to Cybercrime. Policy & Internet, 3(2), 1-6. doi: 10.2202/1944-2866.1139
Investigating Internet Crimes. (2014). Network Security, 2014(1), 4. doi: 10.1016/s1353-4858(14)70004-2
Kharat, S. (2017). Cyber Crime A Threat to Persons, Property, Government and Societies. SSRN Electronic Journal. doi: 10.2139/ssrn.2913438
Kumar, A. (2014). Email Borne Virus & Worms. SSRN Electronic Journal. doi: 10.2139/ssrn.2378321
Martin-Shields, C. (2017). Information Communication Technologies in Atrocity Response and Prevention: Deepening Our Understanding of the Legal, Ethical and Practical Challenges. Genocide Studies And Prevention, 11(1), 100-103. doi: 10.5038/1911-99188.8.131.524
Nunez, M. (2012). Cyber-attacks on ERP systems. Datenschutz Und Datensicherheit - Dud, 36(9), 653-656. doi: 10.1007/s11623-012-0220-5
Verizon report shows business is booming for cyber-criminals. (2017). Computer Fraud & Security, 2017(5), 1-3. doi: 10.1016/s1361-3723(17)30036-2
Wright, O. (2014). Social Engineering. Engineering & Technology Reference. doi: 10.1049/etr.2014.0013
Zaitsev, O. (2010). Skeleton keys: the purpose and applications of keyloggers. Network Security, 2010(10), 12-17. doi: 10.1016/s1353-4858(10)70126-4
ZHUGE, J. (2008). Research and Development of Botnets. Journal Of Software, 19(3), 702-715. doi: 10.3724/sp.j.1001.2008.00702
ENISA surveys evolving threat landscape. (2013). Computer Fraud & Security, 2013(1), 1-3. doi: 10.1016/s1361-3723(13)70001-0
ENISA: Top Cyber-Bedrohungen im Threat-Landscape-Report 2014. (2014). Datenschutz Und Datensicherheit - Dud, 38(2), 134-134. doi: 10.1007/s11623-014-0058-0
Gunaratna, R. (2015). Threat landscape in 2015. Revista UNISCI, 0(37). doi: 10.5209/rev_runi.2015.n37.49598
IoT multiplies risk of attack. (2015). Network Security, 2015(5), 20. doi: 10.1016/s1353-4858(15)30041-6
Kosenkov, A. (2016). Cyber Conflicts As a New Global Threat. SSRN Electronic Journal. doi: 10.2139/ssrn.2988455
Popli, N., & Girdhar, A. (2017). WannaCry Malware Analysis. MERI-Journal Of Management & IT, 10(2). doi: 10.25089/meri/2017/v10/i2/151167
The WannaCry ransomware attack. (2017). Strategic Comments, 23(4), vii-ix. doi: 10.1080/13567888.2017.133510