1.

4 Cyber Attackers
1.4.1 Types of Attackers
Let’s look at some of the main types of cyber attackers who’ll try anything to get their hands on
our information. They are often categorized as white hat, gray hat or black hat attackers.
Amateurs
The term 'script kiddies' emerged in the 1990s and refers to amateur or inexperienced hackers
who use existing tools or instructions found on the Internet to launch attacks. Some script
kiddies are just curious, others are trying to demonstrate their skills and cause harm. While
script kiddies may use basic tools, their attacks can still have devastating consequences.

Hackers
This group of attackers break into computer systems or networks to gain access. They
can be classified as white, gray or black hat hackers.

 White hat attackers break into networks or computer systems to identify any
weaknesses so that the security of a system or network can be improved. These
break-ins are done with prior permission and any results are reported back to the
owner.
 Gray hat attackers may set out to find vulnerabilities in a system but they will
only report their findings to the owners of a system if doing so coincides with their
agenda. Or they might even publish details about the vulnerability on the internet
so that other attackers can exploit it.
 Black hat attackers take advantage of any vulnerability for illegal personal,
financial or political gain.

Organized hackers
These attackers include organizations of cyber criminals, hacktivists, terrorists and
state-sponsored hackers. They are usually highly sophisticated and organized, and may
even provide cybercrime as a service to other criminals.

 Hacktivists make political statements to create awareness about issues that are
important to them.
 State-sponsored attackers gather intelligence or commit sabotage on behalf of
their government. They are usually highly trained and well-funded and their
attacks are focused on specific goals that are beneficial to their government.

1.4.3 Internal and External Threats

Cyber-attacks can originate from within an organization as well as from outside of it.
Internal
Employees, contract staff or trusted partners can accidentally or intentionally:

 mishandle confidential data

  facilitate outside attacks by connecting infected USB media into the
organization’s computer system
 invite malware onto the organization’s network by clicking on malicious emails or
websites
 Threaten the operations of internal servers or network infrastructure devices.

External
Amateurs or skilled attackers outside of the organization can:

 exploit vulnerabilities in the network

 gain unauthorized access to computing devices
 use social engineering to gain unauthorized access to organizational data.

1.5 Cyberwarfare
Cyberwarfare is the use of technology to penetrate and attack another nation’s computer
systems and networks in an effort to cause damage or disrupt services, such as shutting down a
power grid.

1.5.1 Sign of the Times (Stuxnet)

One example of a state-sponsored attack involved the Stuxnet malware that was
designed not just to hijack targeted computers but to actually cause physical damage to
equipment controlled by computers!

1.5.2 The Purpose of Cyberwarfare

The main reason for resorting to cyberwarfare is to gain advantage over adversaries, whether
they are nations or competitors.

To gather compromised information and/or defense secrets

A nation or international organization can engage in cyberwarfare in order to steal
defense secrets and gather information about technology that will help narrow the gaps
in its industries and military capabilities.

To impact another nation’s infrastructure

Besides industrial and military espionage, a nation can continuously invade another
nation’s infrastructure in order to cause disruption and chaos.

For example, a cyber attack could shut down the power grid of a major city. Consider
the consequences if this were to happen; roads would be congested, the exchange of
goods and services would be halted, patients would not be able to get the care they
would need if an emergency occurred, access to the internet would be interrupted.

Cyberwarfare can destabilize a nation, disrupt its commerce, and cause its citizens to
lose faith and confidence in their government without the attacker ever physically setting
foot in the targeted country.
Questions
1. Which of the following methods is used to check the integrity of data?
 Backup
 Hashes or checksums
 Encryption
 Authentication
2. Which of the following statements describes cyberwarfare?
 Cyberwarfare is an attack carried out by a group of script kiddies
 Cyberwarfare is simulation software for Air Force pilots that allows them to practice
under a simulated war scenario
 Cyberwarfare is a series of personal protective equipment developed for soldiers
involved in nuclear war
 Cyberwarfare is an Internet-based conflict that involves the penetration of
information systems of other nations
3. Which of the following methods can be used to ensure confidentiality of information?
(Choose three correct answers)
 Backup
 Version control
 Data encryption
 File permission settings
 Two-factor authentication
 Username ID and password
4. Which of the following pieces of information would be classified as personal data? (Select
three correct answers)
 Social security number
 Driver license number
 Date and place of birth
 Job title
 IP address
5. Why might internal security threats cause greater damage to an organization than
external security threats?
 Internal users have better hacking skills
 Internal users have direct access to the infrastructure devices
 Internal users can access the organizational data without authentication
 Internal users can access the infrastructure devices through the Internet
6. Which of the following is a key motivation of a white hat attacker?
 Taking advantage of any vulnerability for illegal personal gain
 Fine tuning network devices to improve their performance and efficiency
 Studying operating systems of various platforms to develop a new system
 Discovering weaknesses of networks and systems to improve the security level of
these systems
7. An individual user profile on a social network site is an example of an ______ identity.
 Online
 Offline
8. Cybersecurity is the ongoing effort to protect individuals, organizations and
governments from digital attacks by protecting networked systems and data from
unauthorized use or harm. Classify each of the following factors as either Personal,
Organizational or Government level of cyber protection

 Your online identity

 A customer database
 Economic stabilty

9. Your neighbor tells you that they don’t have an online identity. They have no social
media accounts and only use the Internet to browse. Is your neighbor right?
 Yes
 No
10. What are the foundational principles for protecting information systems as outlined in
the McCumber Cube? (Choose three correct answers)
 Access
 Integrity
 Scalability
 Availability
 Confidentiality
 Intervention
11. Match the following organizations to the reason why they might be interested in your
online identity?
Internet service providers, Advertisers:, Social media platforms:, Websites:
– They may be legally required to share your online information with government
surveillance agencies or authorities
– To monitor your online activities and send targeted ads your way
– To gather information based on your online activity, which is then shared with or sold
to advertisers for a profit
– To track your activities using cookies in order to provide a more personalized
experience

12. Classify the cyber attacker type from the following descriptions as either Hacktivists,
State-sponsored attackers, Script kiddies?
 Make political statements in order to raise awareness about issues that are
important to them –
 Gather intelligence or commit sabotage on specific goals on behalf of their
government –
 Use existing tools on the Internet to launch a cyber attack –

13. Stuxnet malware was designed for which primary purpose?

 To hijack and take control of targeted computers
 To cause physical damage to equipment controlled by computers
 To cause serious harm to workers in a nuclear enrichment plant