What constitutes a cyber attack?
Cyber attacks are socially or politically motivated attacks carried out primarily through the Internet. Attacks target the general public or national and corporate organizations and are carried out through the spread of malicious programs (viruses), unauthorized web access, fake websites, and other means of stealing personal or institutional information from targets of attacks, causing far-reaching damage.
Cyber attacks that are geared at particular organizations, services, and individuals to obtain private, technical, and institutional information, and other intellectual assets for the purpose of vandalism or monetary gain.
APT (Advanced Persistent Threat)
A kind of targeted attack geared at a particular entity and carried out continuously and persistently using a variety of means in order to gain access to the target. APTs are mainly divided into (1) attacks through public servers and public websites on the Internet and (2) attacks against users through social engineering of target users into sending malicious programs (typical example is targeted email attack).
DoS (Denial of Service) attack
an attack meant to disrupt services
DDoS (Distributed Denial of Service) attack
a DoS attack carried out from a distributed environment
Trends in cyber attack countermeasures
The borderlessness of the scope of unauthorized access and the sophistication and diversity of threats aimed at illegal information access have escalated.
Although most government agencies and major corporations have fully deployed individual tools as information security measures, targets of attacks have expanded to include, other than government institutions, critical infrastructures and specific industries and corporations, calling for more robust counter measures.
Overview of method used in targeted cyber attacks (typical)
Targeted attacks are becoming increasingly sophisticated as they go through different stages:
- Internal spread
- Elimination of traces of activity
Solutions to stop targeted attacks
Four countermeasures against targeted attacks
- Entry counter-measure
- Exit counter-measure
- Counter-measure against information leaks
- Status visualization
Problems associated with targeted attack countermeasures
Methods for attacks have become more sophisticated (elusive), making it difficult to detect them
Delayed detection and initiation of countermeasures aggravate the extent of damage.
Since e-mails, document/image files contain confidential information, outsourcing [of cyber defense operations] is difficult.
Operation of solutions against targeted cyber attacks is complicated.
There is a need for multiple countermeasures, from entry to exit.
Tools differ depending on the type of solution, requiring analysis of a large volume of alarms and logs.
Calls for an integrated surveillance platform that could be internally operated