User Tools

Site Tools


riskanalysis

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Last revisionBoth sides next revision
riskanalysis [2017/10/24 15:23] – [Vulnerability remediation] lallodiriskanalysis [2017/10/24 15:24] – [Attack types] lallodi
Line 25: Line 25:
 Cyber-attacks can be roughly classified in two categories: Cyber-attacks can be roughly classified in two categories:
  
-  - **Targeted cyber-attacks**: these attacks target specific systems and organizations and are typically carried by sophisticated, technically advanced attackers. These may be nation-state agencies as well as resourceful enterprises (e.g. for espionage purposes). These attack may be carried by means of the so-called “0-day” attacks, i.e. exploits that attack a vulnerability that is unknown to the defender (e.g. because the attacker discovered it). These attacks are very rare. A 2012 study revealed that only a small fraction of overall attacks involve 0-days [[https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf| (Bilge CCS 2012)]].+  - **Targeted cyber-attacks**: these attacks target specific systems and organizations and are typically carried by sophisticated, technically advanced attackers. These may be nation-state agencies as well as resourceful enterprises (e.g. for espionage purposes). These attack may be carried by means of the so-called “0-day” attacks, i.e. exploits that attack a vulnerability that is unknown to the defender (e.g. because the attacker discovered it). These attacks are very rare. A 2012 study revealed that only a small fraction of overall attacks involve 0-days [[https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf| (Bilge et al. CCS 2012)]].
   - **Untargeted cyber-attacks**: these attacks are launched against the population of Internet users at large. Vulnerable targets end up being infected, whereas non-vulnerable targets remain unaffected. The attacker does not target specific systems or users, but rather a class of users with certain characteristics . These attacks are by far the most common and exploit well-known vulnerabilities. For example, the recent WannaCry malware exploited a long-patched vulnerability and affected millions of users worldwide without targeting any specific organization (for example, the UK NHS has been a victim of the malware not because of attacker interest in its systems, but because of its reliance to old software configurations.   - **Untargeted cyber-attacks**: these attacks are launched against the population of Internet users at large. Vulnerable targets end up being infected, whereas non-vulnerable targets remain unaffected. The attacker does not target specific systems or users, but rather a class of users with certain characteristics . These attacks are by far the most common and exploit well-known vulnerabilities. For example, the recent WannaCry malware exploited a long-patched vulnerability and affected millions of users worldwide without targeting any specific organization (for example, the UK NHS has been a victim of the malware not because of attacker interest in its systems, but because of its reliance to old software configurations.
  
riskanalysis.txt · Last modified: 2021/01/10 21:04 by 127.0.0.1