User Tools

Site Tools


riskanalysis

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
riskanalysis [2017/10/24 15:23]
lallodi [Vulnerability remediation]
riskanalysis [2017/10/24 15:24] (current)
lallodi [Attack types]
Line 25: Line 25:
 Cyber-attacks can be roughly classified in two categories: Cyber-attacks can be roughly classified in two categories:
  
-  - **Targeted cyber-attacks**:​ these attacks target specific systems and organizations and are typically carried by sophisticated,​ technically advanced attackers. These may be nation-state agencies as well as resourceful enterprises (e.g. for espionage purposes). These attack may be carried by means of the so-called “0-day” attacks, i.e. exploits that attack a vulnerability that is unknown to the defender (e.g. because the attacker discovered it). These attacks are very rare. A 2012 study revealed that only a small fraction of overall attacks involve 0-days [[https://​users.ece.cmu.edu/​~tdumitra/​public_documents/​bilge12_zero_day.pdf| (Bilge CCS 2012)]].+  - **Targeted cyber-attacks**:​ these attacks target specific systems and organizations and are typically carried by sophisticated,​ technically advanced attackers. These may be nation-state agencies as well as resourceful enterprises (e.g. for espionage purposes). These attack may be carried by means of the so-called “0-day” attacks, i.e. exploits that attack a vulnerability that is unknown to the defender (e.g. because the attacker discovered it). These attacks are very rare. A 2012 study revealed that only a small fraction of overall attacks involve 0-days [[https://​users.ece.cmu.edu/​~tdumitra/​public_documents/​bilge12_zero_day.pdf| (Bilge ​et al. CCS 2012)]].
   - **Untargeted cyber-attacks**:​ these attacks are launched against the population of Internet users at large. Vulnerable targets end up being infected, whereas non-vulnerable targets remain unaffected. The attacker does not target specific systems or users, but rather a class of users with certain characteristics . These attacks are by far the most common and exploit well-known vulnerabilities. For example, the recent WannaCry malware exploited a long-patched vulnerability and affected millions of users worldwide without targeting any specific organization (for example, the UK NHS has been a victim of the malware not because of attacker interest in its systems, but because of its reliance to old software configurations.   - **Untargeted cyber-attacks**:​ these attacks are launched against the population of Internet users at large. Vulnerable targets end up being infected, whereas non-vulnerable targets remain unaffected. The attacker does not target specific systems or users, but rather a class of users with certain characteristics . These attacks are by far the most common and exploit well-known vulnerabilities. For example, the recent WannaCry malware exploited a long-patched vulnerability and affected millions of users worldwide without targeting any specific organization (for example, the UK NHS has been a victim of the malware not because of attacker interest in its systems, but because of its reliance to old software configurations.
  
riskanalysis.txt · Last modified: 2017/10/24 15:24 by lallodi