Cyber Attack

From Open Risk Manual
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Definition

A Cyber Attack is a specific form of Cyber Risk/IT Security Risk that involves an attack to an organizations digital asses by an external agent

Cyber Attack Purpose

Attacks performed from the internet or outside networks for different purposes

  • fraud
  • espionage
  • activism / sabotage
  • cyber terrorism

Cyber Attack Techniques

  • social engineering
  • intrusion attempts through the exploitation of vulnerabilities
  • deployment of malicious software resulting in taking control of internal IT systems

Other Types of Cyber Attack

  • Execution of fraudulent payment transactions by hackers through the breaking or circumvention of the security of e-banking and payment services and/or by attacking and exploiting security vulnerabilities in the internal payment systems of the institution.
  • Execution of fraudulent securities transactions by hackers through the breaking or circumvention of the security of the e-banking services that also provide access to the customer’s securities accounts.
  • Attacks on communication connections and conversations of all kinds or IT systems with the objective of collecting information and/or committing frauds.

Examples

NB: The detailed examples are drawn from financial industry specifics

  • APT (Advanced Persistent Threat) for taking control of internal systems or stealing information (e.g. identity theft related information, credit card information).
  • Malicious software (e.g. ransomware) that encrypts data with the aim of blackmail.
  • Infection of internal IT systems with Trojan horses for committing malicious system actions in a hidden manner.
  • Exploitation of IT system and/or (web) application vulnerabilities (e.g. SQL injection ...) to gain access to the internal IT system.
  • Attacks against e-banking or payment services, with objective to commit unauthorised transactions.
  • The creation and sending out of fraudulent payment transactions from within the internal payment systems of the institution (e.g. fraudulent SWIFT messages).
  • Pump and dump attacks where the attackers gain access to e-banking securities accounts of customers and place fraudulent buying or selling orders to influence the market price and /or make gains based on previously established securities positions.
  • Eavesdropping/intercepting unprotected transmission of authentication data in plain-text.
Retrieved from "https://www.openriskmanual.org/wiki/index.php?title=Cyber_Attack&oldid=25480"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki