Cyber defense
Download 2.54 Mb. View original pdf
|
- Navigate this page:
- Cyber weapons
| CIBERDEFENSA ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR 28 Human factor 111. In cyberspace, unlike other domains, two types of people coexist the physical human (real identity) and the cyber human (online identity). 112. Cyber human or online identity is the personas shown in cyberspace or the identity that a cyberspace user establishes in online communities or activities. It can be created and managed by a physical person or automatically by tools designed ad hoc. 113. A cyber human can have one or more real or fictitious identities associated with it and, in turn, a person can be associated with, or control, one or more cyber humans. In many cases, it is difficult to identify whether a cyber human corresponds to the person, group or entity that the human claims to be. Cyber weapons 114. A cyber weapon is apiece of software and TTPs specifically designed to cause damage to a cyberspace component and may have physical effects in the traditional domain of operations. 115. Like traditional weapons, a cyber weapon is the means (cyber attack vectors) that allows the transfer of the payload (malware, exploits 7 ) to the targets (adversary networks and systems. By extension, a cyber attack is considered the combination of vector and the payload. 116. Cyber attack vectors or techniques are numerous some of the most common are phishing 8 , spear phishing 9 , spoofing 10 , pharming 11 , sniffing 12 , watering hole 13 , DoS 14 , DDoS 15 , MitM 16 and SQL injection 17 117. Often, notions that do not cause misunderstandings in traditional domains do create confusion in cyberspace. This is the case of cyber attacks and cyber weapons that are usually assimilated. For example, in the physical world no one doubts that a pistol is a weapon and that an attack occurs when a person makes specific use of the pistol against a target. In cyberspace, it is the same a cyber weapon is a means and a cyber attack is the deliberate use of that means by a person or automatically. 118. Cyber weapons are designed to cause different severity of damage (destruction, denial, degradation, disruption, and exfiltration) to targets in cyberspace or other domain of operations. 119. Usual targets of a cyberweapon are information destruction, denial, degradation, interruption and exfiltration), IT systems and network functionality destruction, denial, degradation, interruption, reputation (destruction, degradation, matériel destruction, degradation, facilities (destruction, degradation) and people (destruction, degradation). 120. Information is usually the main target of high-level organized groups (APTs). Even though they have the ability to disable the compromised system, they prefer not to affect its operation in anyway, in order Download 2.54 Mb. Share with your friends:
|